I need some help.. can you?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

confussed

Thread Starter
Joined
Jul 15, 2007
Messages
4
hi so im not very good with computers and i dont understand how to get rid of this virus ok so im going to ramble like most noobs LOL ok so heres my problem i ran my anti spyware and it keeps showing DARKSMA downloader so i googled it and got all the info on it and it says that its a part of the trojan virus family ok so i ran 3 or 4 different anti viruses and they are not finding the virus i have Downloaded superantispyware it found all but didn't remove it i have also downloaded trojan removal and it still is not being removed so my question is HOW DO I GET RID OF THIS COMPUTER KILLING THING?!?!?!?!
your help would be very much app.
Thanks
Confussed
ohhh and PS i dont understand the whole hijackthis thing...sorry im not that smart LOL i hope i did this right... here it is


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:35 PM, on 7/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SBC LightSpeed Self Support Tool\bin\mpbtn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {eab6e143-a433-4c1f-adac-9f51854f2ef8} - C:\WINDOWS\system32\dpwnfg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Common Files\SystemDoctor\DNSE.exe" -c
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe"
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "C:\WINDOWS\yabcdb.dll",realset
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\RunOnce: [Trojan Remover] "C:\Program Files\Trojan Remover\RMVTRJAN.EXE" /restart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC LightSpeed Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://Www.Wintergreensys.com
O15 - Trusted Zone: http://www.mozilla.org
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cherrytap.com/imgs/ImageUploader4.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - AppInit_DLLs: c:\windows\system32\mlljihf.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dpwnfg - C:\WINDOWS\SYSTEM32\dpwnfg.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 8330 bytes
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Hi and welcome

* Click here to download Webroot SpySweeper.

(It's a 2 week trial.)

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.

Also post a new Hijack This log.
 

confussed

Thread Starter
Joined
Jul 15, 2007
Messages
4
sorry it took so long my comp rebooted after ok so here is the spysweeper thing


Keylogger: Off
8:19 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
E-mail Attachment: On
8:19 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
8:19 PM: Shield States
8:19 PM: License Check Status (0): Success
8:18 PM: Spyware Definitions: 948
8:15 PM: Spy Sweeper 5.5.1.3356 started
8:15 PM: Spy Sweeper 5.5.1.3356 started
8:15 PM: | Start of Session, Sunday, July 15, 2007 |
***************
8:12 PM: ApplicationMinimized - EXIT
8:12 PM: ApplicationMinimized - ENTER
8:11 PM: Removal process completed. Elapsed time 00:01:39
8:11 PM: A reboot was suggested but declined.
8:10 PM: Quarantining All Traces: reliablestats cookie
8:10 PM: Quarantining All Traces: mediaplex cookie
8:10 PM: Quarantining All Traces: 3 cookie
8:10 PM: Quarantining All Traces: spyaway
8:10 PM: Quarantining All Traces: system doctor 2006
8:10 PM: Quarantining All Traces: spyaway fakealert
8:10 PM: Quarantining All Traces: drivecleaner
8:10 PM: Quarantining All Traces: altnet
8:10 PM: Quarantining All Traces: fakealert fake infection
8:10 PM: Quarantining All Traces: adwaresheriff fakealert
8:10 PM: Quarantining All Traces: daily toolbar
8:10 PM: Quarantining All Traces: trojan-peacomm
8:10 PM: Quarantining All Traces: purityscan
8:10 PM: Quarantining All Traces: virtumonde
8:09 PM: Quarantining All Traces: spysheriff fakealert
8:09 PM: Removal process initiated
8:09 PM: Traces Found: 76
8:09 PM: Custom Sweep has completed. Elapsed time 00:23:26
8:08 PM: C:\WINDOWS\system32\CWS_iestart.exe (ID = 346965)
8:08 PM: C:\WINDOWS\system32\txfdb32.dll (ID = 343076)
8:08 PM: C:\WINDOWS\system32\dailytoolbar.dll (ID = 343080)
8:08 PM: HKU\S-1-5-21-1155744655-3492757003-3710150097-1010\software\microsoft\windows\currentversion\runonce\srv32 spool service\ (ID = 1705266)
8:08 PM: HKLM\software\microsoft\juan\ (ID = 2156653)
8:08 PM: HKLM\software\microsoft\windows\currentversion\runonce\srv32 spool service\ (ID = 1705159)
8:08 PM: File Sweep Complete, Elapsed Time: 00:15:08
8:06 PM: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned.
8:02 PM: ApplicationMinimized - EXIT
8:02 PM: ApplicationMinimized - ENTER
7:53 PM: C:\Documents and Settings\Lastat\Application Data\SystemDoctor Free (2 subtraces) (ID = 2147550952)
7:53 PM: C:\Program Files\Common Files\SystemDoctor (1 subtraces) (ID = 2147550950)
7:53 PM: C:\Documents and Settings\All Users\Application Data\SystemDoctor Free (5 subtraces) (ID = 2147550949)
7:53 PM: C:\Program Files\SpyAway (3 subtraces) (ID = 2147550941)
7:53 PM: Starting File Sweep
7:53 PM: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
7:53 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
7:53 PM: c:\documents and settings\lastat\cookies\[email protected][1].txt (ID = 3254)
7:53 PM: Found Spy Cookie: reliablestats cookie
7:53 PM: c:\documents and settings\lastat\cookies\[email protected][1].txt (ID = 6442)
7:53 PM: Found Spy Cookie: mediaplex cookie
7:53 PM: c:\documents and settings\lastat\cookies\[email protected][1].txt (ID = 1960)
7:53 PM: Found Spy Cookie: 3 cookie
7:53 PM: Starting Cookie Sweep
7:53 PM: Registry Sweep Complete, Elapsed Time:00:00:34
7:53 PM: HKLM\software\spyaway\ (ID = 2157392)
7:53 PM: HKLM\software\classes\typelib\{f43d93f8-b59e-48f4-83f9-77e4224df6d3}\ (ID = 2157375)
7:53 PM: HKLM\software\classes\sa_ie_monitor.ie_monitor\ (ID = 2157371)
7:53 PM: HKLM\software\classes\clsid\{88de3e1b-3d01-4032-9bae-fd1994a3d7b8}\ (ID = 2157357)
7:53 PM: Found Adware: spyaway
7:53 PM: HKLM\software\microsoft\windows\currentversion\run\ || salestart (ID = 2154945)
7:53 PM: Found Adware: system doctor 2006
7:53 PM: HKLM\software\classes\typelib\{6ab0337f-f523-4073-afbf-0947b331955e}\ (ID = 2153646)
7:53 PM: HKLM\software\classes\cdromdrv32.shell_plugin\ (ID = 2153628)
7:53 PM: Found Adware: spyaway fakealert
7:53 PM: HKLM\software\microsoft\aoprndtws\ (ID = 2128500)
7:53 PM: HKLM\software\microsoft\dnident\ (ID = 2026638)
7:53 PM: HKLM\system\controlset002\enum\root\legacy_wincom32\ (ID = 1939222)
7:53 PM: HKLM\system\controlset001\enum\root\legacy_wincom32\ (ID = 1939198)
7:53 PM: Found Trojan Horse: trojan-peacomm
7:53 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/udc6_0001_d19m1908netinstaller.exe\ (ID = 1910217)
7:53 PM: Found Adware: drivecleaner
7:53 PM: HKCR\typelib\{02ef18ec-ad14-447c-8f84-8c1af4135f13}\ (ID = 1606705)
7:53 PM: HKCR\clsid\{35abafa9-fd02-4ca8-a83e-5f3441d9b27a}\ (ID = 1606704)
7:53 PM: HKCR\appid\dailytoolbar.dll\ (ID = 1606701)
7:53 PM: HKCR\adobepnl.adobe_panel\ (ID = 1507670)
7:53 PM: Found Adware: fakealert fake infection
7:53 PM: HKCR\adobepnl.adobe_panel\ (ID = 1507670)
7:53 PM: HKLM\software\classes\typelib\{02ef18ec-ad14-447c-8f84-8c1af4135f13}\ (ID = 1358770)
7:53 PM: HKLM\software\classes\clsid\{35abafa9-fd02-4ca8-a83e-5f3441d9b27a}\ (ID = 1358749)
7:53 PM: HKLM\software\classes\adobepnl.adobe_panel\clsid\ (ID = 1358744)
7:53 PM: HKLM\software\classes\adobepnl.adobe_panel\ (ID = 1358743)
7:53 PM: HKCR\typelib\{02ef18ec-ad14-447c-8f84-8c1af4135f13}\ (ID = 1358732)
7:53 PM: HKCR\clsid\{35abafa9-fd02-4ca8-a83e-5f3441d9b27a}\ (ID = 1358715)
7:53 PM: HKCR\adobepnl.adobe_panel\ (ID = 1358710)
7:53 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{e52dedbb-d168-4bdb-b229-c48160800e81}\ (ID = 1252134)
7:53 PM: HKLM\software\classes\url_relpacer.urlresolver\ (ID = 1224209)
7:53 PM: HKCR\url_relpacer.urlresolver\ (ID = 1224196)
7:53 PM: Found Adware: adwaresheriff fakealert
7:53 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{cf021f40-3e14-23a5-cba2-717765728274}\ (ID = 137953)
7:53 PM: Found Adware: purityscan
7:53 PM: HKLM\software\nix solutions\dailytoolbar\ (ID = 124641)
7:53 PM: HKLM\software\dailytoolbar\ (ID = 124601)
7:53 PM: HKLM\software\classes\interface\{abafa0b4-f78d-42e5-8c31-1a441d01c1df}\ (ID = 124595)
7:53 PM: HKLM\software\classes\interface\{10195311-e434-47a9-adba-48839e3f7e4e}\ (ID = 124594)
7:53 PM: HKLM\software\classes\ietoolbar.affiliatectl\ (ID = 124593)
7:53 PM: HKLM\software\classes\dailytoolbar.sysmgr\ (ID = 124592)
7:53 PM: HKLM\software\classes\dailytoolbar.ieband\ (ID = 124590)
7:53 PM: HKLM\software\classes\clsid\{8333c319-0669-4893-a418-f56d9249fca6}\ (ID = 124588)
7:53 PM: HKLM\software\classes\clsid\{58f9b276-e1cc-458e-8159-21cbc021874b}\ (ID = 124587)
7:53 PM: HKLM\software\classes\appid\{951b3138-ae8e-4676-a05a-250a5f111631}\ (ID = 124577)
7:53 PM: HKLM\software\classes\appid\dailytoolbar.dll\ (ID = 124576)
7:53 PM: HKCR\interface\{abafa0b4-f78d-42e5-8c31-1a441d01c1df}\ (ID = 124567)
7:53 PM: HKCR\interface\{10195311-e434-47a9-adba-48839e3f7e4e}\ (ID = 124566)
7:53 PM: HKCR\ietoolbar.affiliatectl\ (ID = 124565)
7:53 PM: HKCR\dailytoolbar.sysmgr\ (ID = 124564)
7:53 PM: HKCR\dailytoolbar.ieband\ (ID = 124562)
7:53 PM: HKCR\clsid\{8333c319-0669-4893-a418-f56d9249fca6}\ (ID = 124561)
7:53 PM: HKCR\clsid\{58f9b276-e1cc-458e-8159-21cbc021874b}\ (ID = 124560)
7:53 PM: HKCR\appid\{951b3138-ae8e-4676-a05a-250a5f111631}\ (ID = 124557)
7:53 PM: HKCR\appid\dailytoolbar.dll\ (ID = 124556)
7:53 PM: Found Adware: daily toolbar
7:53 PM: HKLM\software\classes\adm4.adm4.1\ (ID = 103484)
7:53 PM: HKCR\adm4.adm4.1\ (ID = 103443)
7:53 PM: Found Adware: altnet
7:53 PM: Starting Registry Sweep
7:53 PM: Memory Sweep Complete, Elapsed Time: 00:07:19
7:51 PM: Detected running threat: C:\WINDOWS\system32\tmp66.tmp.dll (ID = 676)
7:51 PM: Found Adware: virtumonde
7:45 PM: Starting Memory Sweep
7:45 PM: HKCR\clsid\{35abafa9-fd02-4ca8-a83e-5f3441d9b27a}\inprocserver32\ (ID = 1606698)
7:45 PM: Found Adware: spysheriff fakealert
7:45 PM: Start Custom Sweep
7:45 PM: Sweep initiated using definitions version 948
7:45 PM: ApplicationMinimized - EXIT
7:45 PM: ApplicationMinimized - ENTER
7:43 PM: None
7:43 PM: Traces Found: 0
7:43 PM: Sweep Canceled
7:43 PM: Start Full Sweep
7:43 PM: Sweep initiated using definitions version 948
7:42 PM: ApplicationMinimized - EXIT
7:42 PM: ApplicationMinimized - ENTER
7:39 PM: ApplicationMinimized - EXIT
7:39 PM: ApplicationMinimized - ENTER
7:39 PM: ApplicationMinimized - EXIT
7:39 PM: ApplicationMinimized - ENTER
Keylogger: Off
7:35 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
E-mail Attachment: On
7:35 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
7:35 PM: Shield States
7:35 PM: ApplicationMinimized - EXIT
7:35 PM: ApplicationMinimized - ENTER
7:34 PM: License Check Status (0): Success
7:34 PM: Spyware Definitions: 948
7:33 PM: Spy Sweeper 5.5.1.3356 started
7:33 PM: Spy Sweeper 5.5.1.3356 started
7:33 PM: | Start of Session, Sunday, July 15, 2007 |
***************
and here is the hijack this log....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:55 PM, on 7/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\WINDOWS\system32\qwerty12.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\SBC LightSpeed Self Support Tool\bin\mpbtn.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {eab6e143-a433-4c1f-adac-9f51854f2ef8} - C:\WINDOWS\system32\inpomm.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Common Files\SystemDoctor\DNSE.exe" -c
O4 - HKLM\..\Run: [winehq.org] "rundll32.exe" "C:\WINDOWS\ljijkk.dll",realset
O4 - HKLM\..\Run: [TrojanScanner] "C:\Program Files\Trojan Remover\Trjscan.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC LightSpeed Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\inpomm.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\inpomm.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\inpomm.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://Www.Wintergreensys.com
O15 - Trusted Zone: http://www.mozilla.org
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cherrytap.com/imgs/ImageUploader4.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - AppInit_DLLs: c:\windows\system32\mlljihf.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: inpomm - C:\WINDOWS\SYSTEM32\inpomm.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 8480 bytes
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\ljijkk.dll
c:\windows\system32\mlljihf.dll
C:\WINDOWS\SYSTEM32\inpomm.dll
C:\WINDOWS\system32\qwerty12.exe

Folders to delete:
C:\Program Files\Common Files\SystemDoctor

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

Rescan with Hijack This, close all browser windows except Hijack This, put a checkmark beside these entries and click fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)

O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)

O2 - BHO: (no name) - {eab6e143-a433-4c1f-adac-9f51854f2ef8} - C:\WINDOWS\system32\inpomm.dll

O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)

O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Common Files\SystemDoctor\DNSE.exe" -c

O4 - HKLM\..\Run: [winehq.org] "rundll32.exe" "C:\WINDOWS\ljijkk.dll",realset

O20 - AppInit_DLLs: c:\windows\system32\mlljihf.dll

O20 - Winlogon Notify: inpomm - C:\WINDOWS\SYSTEM32\inpomm.dll

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe


Reboot and post another Hijack This log please.
 

confussed

Thread Starter
Joined
Jul 15, 2007
Messages
4
ok so i dont get lost im gonna do this in sections ok so i ran the advenger but when the c box came up it closed automaticly and opend a notepad heres what it said


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qnwxoswy

*******************

Script file located at: \??\C:\WINDOWS\gqexfive.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\ljijkk.dll not found!
Deletion of file C:\WINDOWS\ljijkk.dll failed!

Could not process line:
C:\WINDOWS\ljijkk.dll
Status: 0xc0000034



File c:\windows\system32\mlljihf.dll not found!
Deletion of file c:\windows\system32\mlljihf.dll failed!

Could not process line:
c:\windows\system32\mlljihf.dll
Status: 0xc0000034



File C:\WINDOWS\SYSTEM32\inpomm.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\inpomm.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\inpomm.dll
Status: 0xc0000034



File C:\WINDOWS\system32\qwerty12.exe not found!
Deletion of file C:\WINDOWS\system32\qwerty12.exe failed!

Could not process line:
C:\WINDOWS\system32\qwerty12.exe
Status: 0xc0000034



Folder C:\Program Files\Common Files\SystemDoctor not found!
Deletion of folder C:\Program Files\Common Files\SystemDoctor failed!

Could not process line:
C:\Program Files\Common Files\SystemDoctor
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.



and here is the hijackthis log....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:19 PM, on 7/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\SBC LightSpeed Self Support Tool\bin\mpbtn.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PCClear_Plus\PCClear_Plus.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Antivirus\autodown.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 1909 bytes
 

confussed

Thread Starter
Joined
Jul 15, 2007
Messages
4
here it is sorry!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:09 PM, on 7/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\SBC LightSpeed Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\PCClear_Plus\PCClear_Plus.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKLM\..\Run: [PCClear_Plus] "C:\Program Files\PCClear_Plus\PCclear_Plus.exe" /shide
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC LightSpeed Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\mmcntr.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\mmcntr.dll (file missing)
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\mmcntr.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://Www.Wintergreensys.com
O15 - Trusted Zone: http://www.mozilla.org
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cherrytap.com/imgs/ImageUploader4.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: mmcntr - mmcntr.dll (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 7709 bytes
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Rescan with Hijack This.
Close all browser windows except Hijack This.
Put a check mark beside these entries and click "Fix Checked".

O20 - Winlogon Notify: mmcntr - mmcntr.dll (file missing)

Reboot. How are things now
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top