Explorer.exe, adware, and awtsrpp.dll problem!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

IamJack

Thread Starter
Joined
Nov 2, 2007
Messages
7
Recently my computer is bringing me a lot of problems. My EXPLORER.exe seem to always close by itself and thus my task bar and desktop icon disappears. I tried to fix this problem by running EXPLORER.exe through Task Manager, but it crashes again soon after. Also I have been receiving random pop ups which leads me to anti-virus programs. Also there is this "awtsrpp.dll" from WINDOWS\system32 that my Norton AntiVirus keeps detecting and yet it is unable to fix the problem. When I try to go into system32 and delete this .dll it says something like "cannot be deleted because it's being used by user."

Help please?!!! :(

Here is my HJ Log:
Logfile of HijackThis v1.99.1
Scan saved at 6:52:52 PM, on 11/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [00000ee1] rundll32.exe "C:\WINDOWS\system32\jlqmnbsg.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1192952756015
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1192962793484
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
 
Joined
Sep 8, 2005
Messages
9,113
Welcome to TSG :)


Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
 

IamJack

Thread Starter
Joined
Nov 2, 2007
Messages
7
I did as I was told and here is my ComboFix Log:

ComboFix 07-11-04.1 - JS 2007-11-03 12:37:15.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.245 [GMT -7:00]
Running from: C:\Documents and Settings\JS\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\JS\Application Data\ICROSO~1.NET
C:\Program Files\Common Files\Yazzle1848OinAdmin.exe
C:\Program Files\Common Files\Yazzle1848OinUninstaller.exe
C:\Program Files\Temporary
C:\Program Files\ymbols~1
C:\WINDOWS\cookies.ini
C:\WINDOWS\retadpu1000520.exe
C:\WINDOWS\SYSTEM32\bahyxuyu.ini
C:\WINDOWS\SYSTEM32\cydpifwe.ini
C:\WINDOWS\system32\ewfipdyc.dll
C:\WINDOWS\SYSTEM32\lnnmp.bak1
C:\WINDOWS\SYSTEM32\lnnmp.bak2
C:\WINDOWS\SYSTEM32\lnnmp.ini
C:\WINDOWS\SYSTEM32\lnnmp.ini2
C:\WINDOWS\SYSTEM32\lnnmp.tmp
C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\pstbgypu.dll
C:\WINDOWS\system32\racle~1
C:\WINDOWS\SYSTEM32\tlvpraox.ini
C:\WINDOWS\system32\uplqtbdv.dll
C:\WINDOWS\SYSTEM32\upygbtsp.ini
C:\WINDOWS\system32\uyuxyhab.dll
C:\WINDOWS\SYSTEM32\vdbtqlpu.ini
C:\WINDOWS\system32\xoarpvlt.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-10-04 to 2007-11-04 )))))))))))))))))))))))))))))))
.

2007-11-03 12:34 87,616 --a------ C:\WINDOWS\SYSTEM32\pfjnhubb.dll
2007-11-03 12:34 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-02 17:49 66,048 --a------ C:\WINDOWS\SYSTEM32\dllcache\s3legacy.dll
2007-11-02 17:19 <DIR> d-------- C:\WINDOWS\pss
2007-11-02 17:18 86,080 --a------ C:\WINDOWS\SYSTEM32\jlqmnbsg.dll
2007-10-31 18:13 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-10-31 17:06 31,616 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
2007-10-31 17:06 31,616 --a------ C:\WINDOWS\SYSTEM32\dllcache\usbccgp.sys
2007-10-31 17:06 26,496 --a------ C:\WINDOWS\SYSTEM32\dllcache\usbstor.sys
2007-10-27 21:39 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-10-24 14:54 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-10-23 07:49 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-10-23 07:49 207,736 --a------ C:\WINDOWS\SYSTEM32\muweb.dll
2007-10-23 00:33 32,592 --a------ C:\WINDOWS\SYSTEM32\msonpmon.dll
2007-10-23 00:20 <DIR> d-------- C:\Program Files\MSBuild
2007-10-23 00:20 <DIR> d-------- C:\Program Files\Microsoft Works
2007-10-23 00:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-23 00:05 <DIR> dr-h----- C:\MSOCache
2007-10-23 00:01 <DIR> d-------- C:\Program Files\PowerISO
2007-10-22 21:35 <DIR> d-------- C:\Documents and Settings\JS\Application Data\Viewpoint
2007-10-22 18:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Symantec
2007-10-22 17:42 <DIR> d-------- C:\Program Files\SymNetDrv
2007-10-22 17:23 4,608 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys
2007-10-22 17:22 <DIR> d-------- C:\Documents and Settings\JS\Application Data\Symantec
2007-10-22 17:22 124,016 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2007-10-22 17:22 91,904 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2007-10-22 17:21 <DIR> d-------- C:\Program Files\Symantec
2007-10-22 16:19 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-22 16:07 <DIR> d-------- C:\Documents and Settings\JS\Incomplete
2007-10-22 16:07 <DIR> d-------- C:\Documents and Settings\JS\Application Data\LimeWire
2007-10-21 23:21 221,184 --a------ C:\WINDOWS\SYSTEM32\wmpns.dll
2007-10-21 19:43 <DIR> d-------- C:\WINDOWS\Sun
2007-10-21 19:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-21 19:20 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-21 19:16 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-10-21 19:16 223,128 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dtscsi.sys
2007-10-21 19:13 643,072 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys
2007-10-21 19:13 96,256 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sptd6589.sys
2007-10-21 18:04 <DIR> d-------- C:\Program Files\Java
2007-10-21 18:02 <DIR> d-------- C:\Program Files\LimeWire
2007-10-21 18:02 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-21 18:02 34,304 --------- C:\WINDOWS\SYSTEM32\awtsrpp.dll
2007-10-21 15:14 163,840 --a------ C:\WINDOWS\SYSTEM32\igfxres.dll
2007-10-21 15:01 <DIR> d-------- C:\Intel
2007-10-21 14:46 <DIR> d-------- C:\Documents and Settings\JS\Application Data\acccore
2007-10-21 14:45 <DIR> d-------- C:\Program Files\Viewpoint
2007-10-21 14:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-21 14:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-21 14:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-10-21 14:44 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-10-21 14:44 <DIR> d-------- C:\Program Files\AIM6
2007-10-21 14:43 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-21 14:31 <DIR> d-------- C:\WINDOWS\provisioning
2007-10-21 14:31 <DIR> d-------- C:\WINDOWS\peernet
2007-10-21 14:29 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-10-21 14:24 <DIR> d-------- C:\WINDOWS\EHome
2007-10-21 09:19 11,776 --------- C:\WINDOWS\SYSTEM32\spnpinst.exe
2007-10-21 09:19 11,776 --a------ C:\WINDOWS\SYSTEM32\dllcache\spnpinst.exe
2007-10-21 09:19 4,569 --------- C:\WINDOWS\SYSTEM32\secupd.dat
2007-10-21 09:19 4,569 --a------ C:\WINDOWS\SYSTEM32\dllcache\secupd.dat
2007-10-21 08:36 1,082,368 --a------ C:\WINDOWS\SYSTEM32\esent.dll
2007-10-21 08:36 1,082,368 --a------ C:\WINDOWS\SYSTEM32\dllcache\esent.dll
2007-10-21 08:28 12,160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys
2007-10-21 08:28 12,160 --a------ C:\WINDOWS\SYSTEM32\dllcache\mouhid.sys
2007-10-21 08:28 9,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys
2007-10-21 08:28 9,600 --a------ C:\WINDOWS\SYSTEM32\dllcache\hidusb.sys
2007-10-21 03:39 <DIR> d-------- C:\WINDOWS\SYSTEM32\bits
2007-10-21 03:39 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-10-21 03:39 22,752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-10-21 03:34 549,720 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-10-21 03:34 549,720 --a------ C:\WINDOWS\SYSTEM32\dllcache\wuapi.dll
2007-10-21 03:34 325,976 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-10-21 03:34 325,976 --a------ C:\WINDOWS\SYSTEM32\dllcache\wucltui.dll
2007-10-21 03:34 43,352 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2007-10-21 03:34 33,624 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-10-21 03:34 33,624 --a------ C:\WINDOWS\SYSTEM32\dllcache\wups.dll
2007-10-21 03:33 <DIR> d---s---- C:\Documents and Settings\JS\UserData
2007-10-21 03:32 <DIR> d---s---- C:\WINDOWS\SYSTEM32\Microsoft
2007-10-21 03:31 <DIR> d--hs---- C:\WINDOWS\Installer
2007-10-21 03:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\xircom
2007-10-21 03:24 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-10-21 03:24 14,336 --a------ C:\WINDOWS\SYSTEM32\dllcache\iisreset.exe
2007-10-21 03:24 6,144 --a------ C:\WINDOWS\SYSTEM32\dllcache\ftpsapi2.dll
2007-10-21 03:24 5,632 --a------ C:\WINDOWS\SYSTEM32\dllcache\iisrstap.dll
2007-10-21 03:23 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
2007-10-21 03:15 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2007-10-21 03:15 <DIR> d-------- C:\Documents and Settings
2007-10-21 02:59 <DIR> d-------- C:\WINDOWS\setup
2007-10-21 02:58 <DIR> d--h----- C:\WINDOWS\NetHood
2007-10-21 02:57 <DIR> d-------- C:\WINDOWS\SYSTEM\CatRoot
2007-10-21 02:57 <DIR> d---s---- C:\WINDOWS\Cookies
2007-10-21 02:57 <DIR> d-------- C:\Program Files\DirectX
2007-10-21 02:56 <DIR> d-------- C:\WINDOWS\Start Menu
2007-10-21 02:56 <DIR> d-------- C:\WINDOWS\SendTo
2007-10-21 02:56 <DIR> d--h----- C:\WINDOWS\Recent
2007-10-21 02:56 <DIR> d--h----- C:\WINDOWS\PIF
2007-10-21 02:56 <DIR> d---s---- C:\WINDOWS\Favorites
2007-10-21 02:56 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-10-21 02:55 <DIR> d-------- C:\WINDOWS\Desktop
2007-10-21 02:55 <DIR> d-------- C:\WINDOWS\All Users

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-21 10:58 46,080 --sha-w C:\VIDEOROM.BIN
2007-10-21 10:57 266 --sh--w C:\Program Files\desktop.ini
2007-10-21 10:57 11,025 ---h--w C:\Program Files\folder.htt
2007-10-21 10:50 7,809 --sh--w C:\SUHDLOG.DAT
2007-10-21 10:46 --------- d-----w C:\Program Files\CHAT
2007-10-21 10:46 --------- d-----r C:\Program Files\Accessories
2007-09-10 19:10 1,060,864 ----a-w C:\WINDOWS\SYSTEM32\mfc71.dll
2007-09-10 19:09 348,160 ----a-w C:\WINDOWS\SYSTEM32\msvcr71.dll
2007-09-10 19:08 1,047,552 ----a-w C:\WINDOWS\SYSTEM32\mfc71u.dll
2007-09-10 19:07 499,712 ----a-w C:\WINDOWS\SYSTEM32\msvcp71.dll
2007-09-10 18:42 89,088 ----a-w C:\WINDOWS\SYSTEM32\atl71.dll
2007-08-22 14:12 96,256 ----a-w C:\WINDOWS\SYSTEM32\dllcache\inseng.dll
2007-08-22 14:12 658,944 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wininet.dll
2007-08-22 14:12 615,424 ----a-w C:\WINDOWS\SYSTEM32\dllcache\urlmon.dll
2007-08-22 14:12 55,808 ----a-w C:\WINDOWS\SYSTEM32\dllcache\extmgr.dll
2007-08-22 14:12 532,480 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mstime.dll
2007-08-22 14:12 474,112 ----a-w C:\WINDOWS\SYSTEM32\dllcache\shlwapi.dll
2007-08-22 14:12 449,024 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshtmled.dll
2007-08-22 14:12 39,424 ----a-w C:\WINDOWS\SYSTEM32\dllcache\pngfilt.dll
2007-08-22 14:12 357,888 ----a-w C:\WINDOWS\SYSTEM32\dllcache\dxtmsft.dll
2007-08-22 14:12 3,058,176 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
2007-08-22 14:12 251,392 ----a-w C:\WINDOWS\SYSTEM32\dllcache\iepeers.dll
2007-08-22 14:12 205,312 ----a-w C:\WINDOWS\SYSTEM32\dllcache\dxtrans.dll
2007-08-22 14:12 16,384 ----a-w C:\WINDOWS\SYSTEM32\dllcache\jsproxy.dll
2007-08-22 14:12 151,040 ----a-w C:\WINDOWS\SYSTEM32\dllcache\cdfview.dll
2007-08-22 14:12 146,432 ----a-w C:\WINDOWS\SYSTEM32\dllcache\msrating.dll
2007-08-22 14:12 1,494,528 ----a-w C:\WINDOWS\SYSTEM32\dllcache\shdocvw.dll
2007-08-22 14:12 1,054,208 ----a-w C:\WINDOWS\SYSTEM32\dllcache\danim.dll
2007-08-22 14:12 1,022,976 ----a-w C:\WINDOWS\SYSTEM32\dllcache\browseui.dll
2007-08-21 11:30 18,432 ----a-w C:\WINDOWS\SYSTEM32\dllcache\iedw.exe
2007-08-21 07:15 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll
2007-08-21 07:15 683,520 ----a-w C:\WINDOWS\SYSTEM32\dllcache\inetcomm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{232D2677-68EE-4FA1-B988-279EBC8969ED}]
2007-10-21 18:02 34304 --------- C:\WINDOWS\system32\awtsrpp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A9E3F5C-95F3-9474-BB59-8F8A378229C3}]
C:\WINDOWS\system32\zgh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FCF3A59-C6F6-9625-BB59-8F8A378228C7}]
C:\WINDOWS\system32\hcmc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 12:00]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 12:00]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-10-22 17:42]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 08:59]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"00000ee1"="C:\WINDOWS\system32\pfjnhubb.dll" [2007-11-03 12:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{232D2677-68EE-4FA1-B988-279EBC8969ED}"= C:\WINDOWS\system32\awtsrpp.dll [2007-10-21 18:02 34304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsrpp]
awtsrpp.dll 2007-10-21 18:02 34304 C:\WINDOWS\SYSTEM32\awtsrpp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^JS^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\JS\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-03 04:00:02 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - JS.job"
- D:\PROGRA~1\NORTON~1\Navw32.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-04 12:46:33
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-04 12:51:49 - machine was rebooted
.
--- E O F ---







New HighJack Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:54:21 PM, on 11/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {232D2677-68EE-4FA1-B988-279EBC8969ED} - C:\WINDOWS\system32\awtsrpp.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8A9E3F5C-95F3-9474-BB59-8F8A378229C3} - C:\WINDOWS\system32\zgh.dll (file missing)
O2 - BHO: (no name) - {8FCF3A59-C6F6-9625-BB59-8F8A378228C7} - C:\WINDOWS\system32\hcmc.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [00000ee1] rundll32.exe "C:\WINDOWS\system32\pfjnhubb.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1192952756015
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1192962793484
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: awtsrpp - C:\WINDOWS\SYSTEM32\awtsrpp.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



Thanks.
 
Joined
Sep 8, 2005
Messages
9,113
Sorry for the delay, i had some problems upgrading my OS. I lost some stuff and trying to replace them.


Download the attached file CFScript.txt to your Desktop




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Note:Please do not use this script on another computer, you may damage the system. The script is made especially for this computer only!!!!
 

Attachments

IamJack

Thread Starter
Joined
Nov 2, 2007
Messages
7
Here's the new log

ComboFix 07-11-04.1 - JS 2007-11-05 23:03:55.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.252 [GMT -8:00]
Running from: C:\Documents and Settings\JS\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\JS\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\SYSTEM32\awtsrpp.dll
C:\WINDOWS\SYSTEM32\jlqmnbsg.dll
C:\WINDOWS\SYSTEM32\pfjnhubb.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\awtsrpp.dll
C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\SYSTEM32\jlqmnbsg.dll
C:\WINDOWS\SYSTEM32\pfjnhubb.dll
C:\WINDOWS\SYSTEM32\rtvwa.bak1
C:\WINDOWS\SYSTEM32\rtvwa.ini
C:\WINDOWS\system32\rwanvjhs.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-10-06 to 2007-11-06 )))))))))))))))))))))))))))))))
.

2007-11-05 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-11-05 14:53 86,080 --a------ C:\WINDOWS\SYSTEM32\bfhodwuh.dll
2007-11-05 14:50 78,912 --a------ C:\WINDOWS\SYSTEM32\idcgmfvv.dll
2007-11-04 16:19 <DIR> d-------- C:\Program Files\DivX
2007-11-04 16:18 684 --a------ C:\WINDOWS\mozver.dat
2007-11-03 12:34 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-02 17:49 66,048 --a------ C:\WINDOWS\SYSTEM32\dllcache\s3legacy.dll
2007-11-02 17:19 <DIR> d-------- C:\WINDOWS\pss
2007-10-31 18:13 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-10-31 17:06 31,616 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
2007-10-31 17:06 31,616 --a------ C:\WINDOWS\SYSTEM32\dllcache\usbccgp.sys
2007-10-31 17:06 26,496 --a------ C:\WINDOWS\SYSTEM32\dllcache\usbstor.sys
2007-10-27 21:39 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-10-24 14:54 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-10-23 07:49 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-10-23 07:49 207,736 --a------ C:\WINDOWS\SYSTEM32\muweb.dll
2007-10-23 00:33 32,592 --a------ C:\WINDOWS\SYSTEM32\msonpmon.dll
2007-10-23 00:20 <DIR> d-------- C:\Program Files\MSBuild
2007-10-23 00:20 <DIR> d-------- C:\Program Files\Microsoft Works
2007-10-23 00:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-23 00:05 <DIR> dr-h----- C:\MSOCache
2007-10-23 00:01 <DIR> d-------- C:\Program Files\PowerISO
2007-10-22 21:35 <DIR> d-------- C:\Documents and Settings\JS\Application Data\Viewpoint
2007-10-22 18:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Symantec
2007-10-22 17:42 <DIR> d-------- C:\Program Files\SymNetDrv
2007-10-22 17:23 4,608 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys
2007-10-22 17:22 <DIR> d-------- C:\Documents and Settings\JS\Application Data\Symantec
2007-10-22 17:22 124,016 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2007-10-22 17:22 91,904 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2007-10-22 17:21 <DIR> d-------- C:\Program Files\Symantec
2007-10-22 16:19 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-22 16:07 <DIR> d-------- C:\Documents and Settings\JS\Incomplete
2007-10-22 16:07 <DIR> d-------- C:\Documents and Settings\JS\Application Data\LimeWire
2007-10-21 23:21 221,184 --a------ C:\WINDOWS\SYSTEM32\wmpns.dll
2007-10-21 19:43 <DIR> d-------- C:\WINDOWS\Sun
2007-10-21 19:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-21 19:20 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-21 19:16 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-10-21 19:16 223,128 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dtscsi.sys
2007-10-21 19:13 643,072 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys
2007-10-21 19:13 96,256 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sptd6589.sys
2007-10-21 18:04 <DIR> d-------- C:\Program Files\Java
2007-10-21 18:02 <DIR> d-------- C:\Program Files\LimeWire
2007-10-21 18:02 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-21 15:14 163,840 --a------ C:\WINDOWS\SYSTEM32\igfxres.dll
2007-10-21 15:01 <DIR> d-------- C:\Intel
2007-10-21 14:46 <DIR> d-------- C:\Documents and Settings\JS\Application Data\acccore
2007-10-21 14:45 <DIR> d-------- C:\Program Files\Viewpoint
2007-10-21 14:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-21 14:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-21 14:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-10-21 14:44 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-10-21 14:44 <DIR> d-------- C:\Program Files\AIM6
2007-10-21 14:43 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-21 14:31 <DIR> d-------- C:\WINDOWS\provisioning
2007-10-21 14:31 <DIR> d-------- C:\WINDOWS\peernet
2007-10-21 14:29 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-10-21 14:24 <DIR> d-------- C:\WINDOWS\EHome
2007-10-21 09:19 11,776 --------- C:\WINDOWS\SYSTEM32\spnpinst.exe
2007-10-21 09:19 11,776 --a------ C:\WINDOWS\SYSTEM32\dllcache\spnpinst.exe
2007-10-21 09:19 4,569 --------- C:\WINDOWS\SYSTEM32\secupd.dat
2007-10-21 09:19 4,569 --a------ C:\WINDOWS\SYSTEM32\dllcache\secupd.dat
2007-10-21 08:36 1,082,368 --a------ C:\WINDOWS\SYSTEM32\esent.dll
2007-10-21 08:36 1,082,368 --a------ C:\WINDOWS\SYSTEM32\dllcache\esent.dll
2007-10-21 08:28 12,160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys
2007-10-21 08:28 12,160 --a------ C:\WINDOWS\SYSTEM32\dllcache\mouhid.sys
2007-10-21 08:28 9,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys
2007-10-21 08:28 9,600 --a------ C:\WINDOWS\SYSTEM32\dllcache\hidusb.sys
2007-10-21 03:39 <DIR> d-------- C:\WINDOWS\SYSTEM32\bits
2007-10-21 03:39 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-10-21 03:39 22,752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-10-21 03:34 549,720 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-10-21 03:34 549,720 --a------ C:\WINDOWS\SYSTEM32\dllcache\wuapi.dll
2007-10-21 03:34 325,976 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-10-21 03:34 325,976 --a------ C:\WINDOWS\SYSTEM32\dllcache\wucltui.dll
2007-10-21 03:34 43,352 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2007-10-21 03:34 33,624 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-10-21 03:34 33,624 --a------ C:\WINDOWS\SYSTEM32\dllcache\wups.dll
2007-10-21 03:33 <DIR> d---s---- C:\Documents and Settings\JS\UserData
2007-10-21 03:32 <DIR> d---s---- C:\WINDOWS\SYSTEM32\Microsoft
2007-10-21 03:31 <DIR> d--hs---- C:\WINDOWS\Installer
2007-10-21 03:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\xircom
2007-10-21 03:24 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-10-21 03:24 14,336 --a------ C:\WINDOWS\SYSTEM32\dllcache\iisreset.exe
2007-10-21 03:24 6,144 --a------ C:\WINDOWS\SYSTEM32\dllcache\ftpsapi2.dll
2007-10-21 03:24 5,632 --a------ C:\WINDOWS\SYSTEM32\dllcache\iisrstap.dll
2007-10-21 03:23 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
2007-10-21 03:15 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2007-10-21 03:15 <DIR> d-------- C:\Documents and Settings
2007-10-21 02:59 <DIR> d-------- C:\WINDOWS\setup
2007-10-21 02:58 <DIR> d--h----- C:\WINDOWS\NetHood
2007-10-21 02:57 <DIR> d-------- C:\WINDOWS\SYSTEM\CatRoot
2007-10-21 02:57 <DIR> d---s---- C:\WINDOWS\Cookies
2007-10-21 02:57 <DIR> d-------- C:\Program Files\DirectX
2007-10-21 02:56 <DIR> d-------- C:\WINDOWS\Start Menu
2007-10-21 02:56 <DIR> d-------- C:\WINDOWS\SendTo
2007-10-21 02:56 <DIR> d--h----- C:\WINDOWS\Recent
2007-10-21 02:56 <DIR> d--h----- C:\WINDOWS\PIF
2007-10-21 02:56 <DIR> d---s---- C:\WINDOWS\Favorites
2007-10-21 02:56 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-21 10:58 46,080 --sha-w C:\VIDEOROM.BIN
2007-10-21 10:57 266 --sh--w C:\Program Files\desktop.ini
2007-10-21 10:57 11,025 ---h--w C:\Program Files\folder.htt
2007-10-21 10:50 7,809 --sh--w C:\SUHDLOG.DAT
2007-10-21 10:46 --------- d-----w C:\Program Files\CHAT
2007-10-21 10:46 --------- d-----r C:\Program Files\Accessories
2007-09-10 19:10 1,060,864 ----a-w C:\WINDOWS\SYSTEM32\mfc71.dll
2007-09-10 19:09 348,160 ----a-w C:\WINDOWS\SYSTEM32\msvcr71.dll
2007-09-10 19:08 1,047,552 ----a-w C:\WINDOWS\SYSTEM32\mfc71u.dll
2007-09-10 19:07 499,712 ----a-w C:\WINDOWS\SYSTEM32\msvcp71.dll
2007-09-10 18:42 89,088 ----a-w C:\WINDOWS\SYSTEM32\atl71.dll
2007-08-22 14:12 96,256 ----a-w C:\WINDOWS\SYSTEM32\dllcache\inseng.dll
2007-08-22 14:12 658,944 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wininet.dll
2007-08-22 14:12 615,424 ----a-w C:\WINDOWS\SYSTEM32\dllcache\urlmon.dll
2007-08-22 14:12 55,808 ----a-w C:\WINDOWS\SYSTEM32\dllcache\extmgr.dll
2007-08-22 14:12 532,480 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mstime.dll
2007-08-22 14:12 474,112 ----a-w C:\WINDOWS\SYSTEM32\dllcache\shlwapi.dll
2007-08-22 14:12 449,024 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshtmled.dll
2007-08-22 14:12 39,424 ----a-w C:\WINDOWS\SYSTEM32\dllcache\pngfilt.dll
2007-08-22 14:12 357,888 ----a-w C:\WINDOWS\SYSTEM32\dllcache\dxtmsft.dll
2007-08-22 14:12 3,058,176 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
2007-08-22 14:12 251,392 ----a-w C:\WINDOWS\SYSTEM32\dllcache\iepeers.dll
2007-08-22 14:12 205,312 ----a-w C:\WINDOWS\SYSTEM32\dllcache\dxtrans.dll
2007-08-22 14:12 16,384 ----a-w C:\WINDOWS\SYSTEM32\dllcache\jsproxy.dll
2007-08-22 14:12 151,040 ----a-w C:\WINDOWS\SYSTEM32\dllcache\cdfview.dll
2007-08-22 14:12 146,432 ----a-w C:\WINDOWS\SYSTEM32\dllcache\msrating.dll
2007-08-22 14:12 1,494,528 ----a-w C:\WINDOWS\SYSTEM32\dllcache\shdocvw.dll
2007-08-22 14:12 1,054,208 ----a-w C:\WINDOWS\SYSTEM32\dllcache\danim.dll
2007-08-22 14:12 1,022,976 ----a-w C:\WINDOWS\SYSTEM32\dllcache\browseui.dll
2007-08-21 11:30 18,432 ----a-w C:\WINDOWS\SYSTEM32\dllcache\iedw.exe
2007-08-21 07:15 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll
2007-08-21 07:15 683,520 ----a-w C:\WINDOWS\SYSTEM32\dllcache\inetcomm.dll
.

((((((((((((((((((((((((((((( [email protected]_12.50.16.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-13 17:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-03-13 18:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-11-05 00:50:16 65,536 ----a-r C:\WINDOWS\Installer\{786547F9-59BB-4FA3-B2D8-327FF1F14870}\ARPPRODUCTICON.exe
+ 2007-10-20 00:56:04 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
+ 2007-10-20 00:56:04 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7d036a0d-629c-400a-9597-b9bc8d244d11}]
2007-11-05 14:50 78912 --a------ C:\WINDOWS\system32\idcgmfvv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 12:00]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 12:00]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-10-22 17:42]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 08:59]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^JS^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\JS\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-03 04:00:02 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - JS.job"
- D:\PROGRA~1\NORTON~1\Navw32.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-05 23:08:11
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-05 23:09:43 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-04 12:51
.
--- E O F ---
 
Joined
Sep 8, 2005
Messages
9,113
Download the attached file CFScript.txt to your Desktop




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Note:Please do not use this script on another computer, you may damage the system. The script is made especially for this computer only!!!!


===================================

Please download and install SUPERAntiSpyware
  • Load SUPERAntiSpyware and click the Check for Updates button.
  • Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!

IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
  • Open SUPERAntiSpyware and click the Scan your Computer button.
  • Check Perform Complete Scan and then click Next.
  • SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
  • Make sure that they all have a check next to them, and then click Next.
  • Click Finish and you will be taken back to the main interface.
  • It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
  • I'll need a log afterwards of what has been found.
  • To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
  • Please post the results of the SUPERAntiSpyware log and Hijackthis login your next reply.
 

Attachments

IamJack

Thread Starter
Joined
Nov 2, 2007
Messages
7
Here is the AntiSpyware Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/07/2007 at 03:41 PM

Application Version : 3.9.1008

Core Rules Database Version : 3338
Trace Rules Database Version: 1339

Scan type : Complete Scan
Total Scan Time : 00:35:28

Memory items scanned : 274
Memory threats detected : 0
Registry items scanned : 4932
Registry threats detected : 0
File items scanned : 37674
File threats detected : 82

Adware.Tracking Cookie
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][2].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][2].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][3].txt
C:\Documents and Settings\JS\Cookies\[email protected][2].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected]drevolver[3].txt
C:\Documents and Settings\JS\Cookies\[email protected][2].txt
C:\Documents and Settings\JS\Cookies\[email protected][3].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][2].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][3].txt
C:\Documents and Settings\JS\Cookies\[email protected][2].txt
C:\Documents and Settings\JS\Cookies\[email protected][2].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][2].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][2].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][2].txt
C:\Documents and Settings\JS\Cookies\[email protected][2].txt
C:\Documents and Settings\JS\Cookies\[email protected][2].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][2].txt
C:\Documents and Settings\JS\Cookies\[email protected][2].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][2].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][2].txt
C:\Documents and Settings\JS\Cookies\[email protected][2].txt
C:\Documents and Settings\JS\Cookies\[email protected][3].txt
C:\Documents and Settings\JS\Cookies\[email protected][2].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][2].txt
C:\Documents and Settings\JS\Cookies\[email protected][2].txt
C:\Documents and Settings\JS\Cookies\[email protected][2].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][2].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt
C:\Documents and Settings\JS\Cookies\[email protected][2].txt
C:\Documents and Settings\JS\Cookies\[email protected][2].txt
C:\Documents and Settings\JS\Cookies\[email protected][1].txt

Adware.ClickSpring/Yazzle
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1848OINADMIN.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1848OINUNINSTALLER.EXE.VIR

Adware.eZula
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RWANVJHS.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{68E6D20D-4A38-4176-9850-646A9CD1FC5A}\RP122\A0007414.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{68E6D20D-4A38-4176-9850-646A9CD1FC5A}\RP122\A0007416.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{68E6D20D-4A38-4176-9850-646A9CD1FC5A}\RP126\A0008716.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{68E6D20D-4A38-4176-9850-646A9CD1FC5A}\RP132\A0011815.EXE

Adware.ClickSpring
C:\SYSTEM VOLUME INFORMATION\_RESTORE{68E6D20D-4A38-4176-9850-646A9CD1FC5A}\RP120\A0005110.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{68E6D20D-4A38-4176-9850-646A9CD1FC5A}\RP121\A0005711.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{68E6D20D-4A38-4176-9850-646A9CD1FC5A}\RP121\A0006744.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{68E6D20D-4A38-4176-9850-646A9CD1FC5A}\RP122\A0007183.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{68E6D20D-4A38-4176-9850-646A9CD1FC5A}\RP122\A0007417.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{68E6D20D-4A38-4176-9850-646A9CD1FC5A}\RP125\A0007476.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{68E6D20D-4A38-4176-9850-646A9CD1FC5A}\RP125\A0007480.EXE

Adware.ClickSpring-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{68E6D20D-4A38-4176-9850-646A9CD1FC5A}\RP120\A0005117.EXE

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{68E6D20D-4A38-4176-9850-646A9CD1FC5A}\RP122\A0007184.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{68E6D20D-4A38-4176-9850-646A9CD1FC5A}\RP125\A0007477.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{68E6D20D-4A38-4176-9850-646A9CD1FC5A}\RP126\A0008713.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{68E6D20D-4A38-4176-9850-646A9CD1FC5A}\RP126\A0008714.EXE

Trojan.Downloader-Gen/Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{68E6D20D-4A38-4176-9850-646A9CD1FC5A}\RP126\A0008717.EXE

Trojan.Downloader-Gen/WinAble-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{68E6D20D-4A38-4176-9850-646A9CD1FC5A}\RP126\A0008718.EXE

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{68E6D20D-4A38-4176-9850-646A9CD1FC5A}\RP128\A0010774.DLL



Here is the HighJack Log:


Logfile of HijackThis v1.99.1
Scan saved at 9:50:36 PM, on 11/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1192952756015
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1192962793484
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
 
Joined
Sep 8, 2005
Messages
9,113
Your Welcome!!!! (y)

Lets finish up..

Lets uninstall ComboFix, please go to Start---> Run---> In the space provided, type ComboFix /u---> A DOS window will appear and then disappear after a few seconds.


Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

To SET A NEW RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Graphics for doing this are in the following links if you need them.
How to Create a Restore Point.
How to use Cleanmgr.

======================================

Here is some useful information on keeping your computer clean:
  1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
  2. Here are two great Preventive programs:
    • SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.
    • IESpyads adds a long list of bad sites to your Restricted sites in Internet Explorer and protects against drive by downloads.
  3. Surf Safe with McAfee's SiteAdisor. SiteAdisor will work with Internet Explorer and Mozilla Firefox. SiteAdisor is a browser plugin that assigns a safety rating to domains listed in your search engine. SiteAdvisor uses the following color codes to indicate the safety level of each site.
    • Red for Warning
    • Yellow for Use Caution
    • Green for Safe
    • Grey for Unknown

    Here are the link to install SiteAdisor in Internet Explorer and Firefox
  4. Anti-Spyware Programs I Recommend:
    • Free Anti-Spyware Programs
    • Great Subscription Anti-Spyware Programs
  5. For Even More Information On Securing Your Computer read Tony Klein's So How Did I Get Infected In The First Place
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top