1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I need some help.. can you?

Discussion in 'Virus & Other Malware Removal' started by confussed, Jul 15, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. confussed

    confussed Thread Starter

    Joined:
    Jul 15, 2007
    Messages:
    4
    hi so im not very good with computers and i dont understand how to get rid of this virus ok so im going to ramble like most noobs LOL ok so heres my problem i ran my anti spyware and it keeps showing DARKSMA downloader so i googled it and got all the info on it and it says that its a part of the trojan virus family ok so i ran 3 or 4 different anti viruses and they are not finding the virus i have Downloaded superantispyware it found all but didn't remove it i have also downloaded trojan removal and it still is not being removed so my question is HOW DO I GET RID OF THIS COMPUTER KILLING THING?!?!?!?!
    your help would be very much app.
    Thanks
    Confussed
    ohhh and PS i dont understand the whole hijackthis thing...sorry im not that smart LOL i hope i did this right... here it is


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:05:35 PM, on 7/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\SBC LightSpeed Self Support Tool\bin\mpbtn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
    O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
    O2 - BHO: (no name) - {eab6e143-a433-4c1f-adac-9f51854f2ef8} - C:\WINDOWS\system32\dpwnfg.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
    O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Common Files\SystemDoctor\DNSE.exe" -c
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe"
    O4 - HKLM\..\Run: [winehq.org] rundll32.exe "C:\WINDOWS\yabcdb.dll",realset
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\RunOnce: [Trojan Remover] "C:\Program Files\Trojan Remover\RMVTRJAN.EXE" /restart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC LightSpeed Self Support Tool\bin\matcli.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://Www.Wintergreensys.com
    O15 - Trusted Zone: http://www.mozilla.org
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cherrytap.com/imgs/ImageUploader4.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O20 - AppInit_DLLs: c:\windows\system32\mlljihf.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: dpwnfg - C:\WINDOWS\SYSTEM32\dpwnfg.dll
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 8330 bytes
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi and welcome

    * Click here to download Webroot SpySweeper.

    (It's a 2 week trial.)

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.

    Also post a new Hijack This log.
     
  3. confussed

    confussed Thread Starter

    Joined:
    Jul 15, 2007
    Messages:
    4
    sorry it took so long my comp rebooted after ok so here is the spysweeper thing


    Keylogger: Off
    8:19 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
    E-mail Attachment: On
    8:19 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites: Off
    Hosts File Shield: On
    Internet Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    File System Shield: On
    Execution Shield: On
    System Services Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    8:19 PM: Shield States
    8:19 PM: License Check Status (0): Success
    8:18 PM: Spyware Definitions: 948
    8:15 PM: Spy Sweeper 5.5.1.3356 started
    8:15 PM: Spy Sweeper 5.5.1.3356 started
    8:15 PM: | Start of Session, Sunday, July 15, 2007 |
    ***************
    8:12 PM: ApplicationMinimized - EXIT
    8:12 PM: ApplicationMinimized - ENTER
    8:11 PM: Removal process completed. Elapsed time 00:01:39
    8:11 PM: A reboot was suggested but declined.
    8:10 PM: Quarantining All Traces: reliablestats cookie
    8:10 PM: Quarantining All Traces: mediaplex cookie
    8:10 PM: Quarantining All Traces: 3 cookie
    8:10 PM: Quarantining All Traces: spyaway
    8:10 PM: Quarantining All Traces: system doctor 2006
    8:10 PM: Quarantining All Traces: spyaway fakealert
    8:10 PM: Quarantining All Traces: drivecleaner
    8:10 PM: Quarantining All Traces: altnet
    8:10 PM: Quarantining All Traces: fakealert fake infection
    8:10 PM: Quarantining All Traces: adwaresheriff fakealert
    8:10 PM: Quarantining All Traces: daily toolbar
    8:10 PM: Quarantining All Traces: trojan-peacomm
    8:10 PM: Quarantining All Traces: purityscan
    8:10 PM: Quarantining All Traces: virtumonde
    8:09 PM: Quarantining All Traces: spysheriff fakealert
    8:09 PM: Removal process initiated
    8:09 PM: Traces Found: 76
    8:09 PM: Custom Sweep has completed. Elapsed time 00:23:26
    8:08 PM: C:\WINDOWS\system32\CWS_iestart.exe (ID = 346965)
    8:08 PM: C:\WINDOWS\system32\txfdb32.dll (ID = 343076)
    8:08 PM: C:\WINDOWS\system32\dailytoolbar.dll (ID = 343080)
    8:08 PM: HKU\S-1-5-21-1155744655-3492757003-3710150097-1010\software\microsoft\windows\currentversion\runonce\srv32 spool service\ (ID = 1705266)
    8:08 PM: HKLM\software\microsoft\juan\ (ID = 2156653)
    8:08 PM: HKLM\software\microsoft\windows\currentversion\runonce\srv32 spool service\ (ID = 1705159)
    8:08 PM: File Sweep Complete, Elapsed Time: 00:15:08
    8:06 PM: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned.
    8:02 PM: ApplicationMinimized - EXIT
    8:02 PM: ApplicationMinimized - ENTER
    7:53 PM: C:\Documents and Settings\Lastat\Application Data\SystemDoctor Free (2 subtraces) (ID = 2147550952)
    7:53 PM: C:\Program Files\Common Files\SystemDoctor (1 subtraces) (ID = 2147550950)
    7:53 PM: C:\Documents and Settings\All Users\Application Data\SystemDoctor Free (5 subtraces) (ID = 2147550949)
    7:53 PM: C:\Program Files\SpyAway (3 subtraces) (ID = 2147550941)
    7:53 PM: Starting File Sweep
    7:53 PM: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
    7:53 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
    7:53 PM: c:\documents and settings\lastat\cookies\[email protected][1].txt (ID = 3254)
    7:53 PM: Found Spy Cookie: reliablestats cookie
    7:53 PM: c:\documents and settings\lastat\cookies\[email protected][1].txt (ID = 6442)
    7:53 PM: Found Spy Cookie: mediaplex cookie
    7:53 PM: c:\documents and settings\lastat\cookies\[email protected][1].txt (ID = 1960)
    7:53 PM: Found Spy Cookie: 3 cookie
    7:53 PM: Starting Cookie Sweep
    7:53 PM: Registry Sweep Complete, Elapsed Time:00:00:34
    7:53 PM: HKLM\software\spyaway\ (ID = 2157392)
    7:53 PM: HKLM\software\classes\typelib\{f43d93f8-b59e-48f4-83f9-77e4224df6d3}\ (ID = 2157375)
    7:53 PM: HKLM\software\classes\sa_ie_monitor.ie_monitor\ (ID = 2157371)
    7:53 PM: HKLM\software\classes\clsid\{88de3e1b-3d01-4032-9bae-fd1994a3d7b8}\ (ID = 2157357)
    7:53 PM: Found Adware: spyaway
    7:53 PM: HKLM\software\microsoft\windows\currentversion\run\ || salestart (ID = 2154945)
    7:53 PM: Found Adware: system doctor 2006
    7:53 PM: HKLM\software\classes\typelib\{6ab0337f-f523-4073-afbf-0947b331955e}\ (ID = 2153646)
    7:53 PM: HKLM\software\classes\cdromdrv32.shell_plugin\ (ID = 2153628)
    7:53 PM: Found Adware: spyaway fakealert
    7:53 PM: HKLM\software\microsoft\aoprndtws\ (ID = 2128500)
    7:53 PM: HKLM\software\microsoft\dnident\ (ID = 2026638)
    7:53 PM: HKLM\system\controlset002\enum\root\legacy_wincom32\ (ID = 1939222)
    7:53 PM: HKLM\system\controlset001\enum\root\legacy_wincom32\ (ID = 1939198)
    7:53 PM: Found Trojan Horse: trojan-peacomm
    7:53 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/udc6_0001_d19m1908netinstaller.exe\ (ID = 1910217)
    7:53 PM: Found Adware: drivecleaner
    7:53 PM: HKCR\typelib\{02ef18ec-ad14-447c-8f84-8c1af4135f13}\ (ID = 1606705)
    7:53 PM: HKCR\clsid\{35abafa9-fd02-4ca8-a83e-5f3441d9b27a}\ (ID = 1606704)
    7:53 PM: HKCR\appid\dailytoolbar.dll\ (ID = 1606701)
    7:53 PM: HKCR\adobepnl.adobe_panel\ (ID = 1507670)
    7:53 PM: Found Adware: fakealert fake infection
    7:53 PM: HKCR\adobepnl.adobe_panel\ (ID = 1507670)
    7:53 PM: HKLM\software\classes\typelib\{02ef18ec-ad14-447c-8f84-8c1af4135f13}\ (ID = 1358770)
    7:53 PM: HKLM\software\classes\clsid\{35abafa9-fd02-4ca8-a83e-5f3441d9b27a}\ (ID = 1358749)
    7:53 PM: HKLM\software\classes\adobepnl.adobe_panel\clsid\ (ID = 1358744)
    7:53 PM: HKLM\software\classes\adobepnl.adobe_panel\ (ID = 1358743)
    7:53 PM: HKCR\typelib\{02ef18ec-ad14-447c-8f84-8c1af4135f13}\ (ID = 1358732)
    7:53 PM: HKCR\clsid\{35abafa9-fd02-4ca8-a83e-5f3441d9b27a}\ (ID = 1358715)
    7:53 PM: HKCR\adobepnl.adobe_panel\ (ID = 1358710)
    7:53 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{e52dedbb-d168-4bdb-b229-c48160800e81}\ (ID = 1252134)
    7:53 PM: HKLM\software\classes\url_relpacer.urlresolver\ (ID = 1224209)
    7:53 PM: HKCR\url_relpacer.urlresolver\ (ID = 1224196)
    7:53 PM: Found Adware: adwaresheriff fakealert
    7:53 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{cf021f40-3e14-23a5-cba2-717765728274}\ (ID = 137953)
    7:53 PM: Found Adware: purityscan
    7:53 PM: HKLM\software\nix solutions\dailytoolbar\ (ID = 124641)
    7:53 PM: HKLM\software\dailytoolbar\ (ID = 124601)
    7:53 PM: HKLM\software\classes\interface\{abafa0b4-f78d-42e5-8c31-1a441d01c1df}\ (ID = 124595)
    7:53 PM: HKLM\software\classes\interface\{10195311-e434-47a9-adba-48839e3f7e4e}\ (ID = 124594)
    7:53 PM: HKLM\software\classes\ietoolbar.affiliatectl\ (ID = 124593)
    7:53 PM: HKLM\software\classes\dailytoolbar.sysmgr\ (ID = 124592)
    7:53 PM: HKLM\software\classes\dailytoolbar.ieband\ (ID = 124590)
    7:53 PM: HKLM\software\classes\clsid\{8333c319-0669-4893-a418-f56d9249fca6}\ (ID = 124588)
    7:53 PM: HKLM\software\classes\clsid\{58f9b276-e1cc-458e-8159-21cbc021874b}\ (ID = 124587)
    7:53 PM: HKLM\software\classes\appid\{951b3138-ae8e-4676-a05a-250a5f111631}\ (ID = 124577)
    7:53 PM: HKLM\software\classes\appid\dailytoolbar.dll\ (ID = 124576)
    7:53 PM: HKCR\interface\{abafa0b4-f78d-42e5-8c31-1a441d01c1df}\ (ID = 124567)
    7:53 PM: HKCR\interface\{10195311-e434-47a9-adba-48839e3f7e4e}\ (ID = 124566)
    7:53 PM: HKCR\ietoolbar.affiliatectl\ (ID = 124565)
    7:53 PM: HKCR\dailytoolbar.sysmgr\ (ID = 124564)
    7:53 PM: HKCR\dailytoolbar.ieband\ (ID = 124562)
    7:53 PM: HKCR\clsid\{8333c319-0669-4893-a418-f56d9249fca6}\ (ID = 124561)
    7:53 PM: HKCR\clsid\{58f9b276-e1cc-458e-8159-21cbc021874b}\ (ID = 124560)
    7:53 PM: HKCR\appid\{951b3138-ae8e-4676-a05a-250a5f111631}\ (ID = 124557)
    7:53 PM: HKCR\appid\dailytoolbar.dll\ (ID = 124556)
    7:53 PM: Found Adware: daily toolbar
    7:53 PM: HKLM\software\classes\adm4.adm4.1\ (ID = 103484)
    7:53 PM: HKCR\adm4.adm4.1\ (ID = 103443)
    7:53 PM: Found Adware: altnet
    7:53 PM: Starting Registry Sweep
    7:53 PM: Memory Sweep Complete, Elapsed Time: 00:07:19
    7:51 PM: Detected running threat: C:\WINDOWS\system32\tmp66.tmp.dll (ID = 676)
    7:51 PM: Found Adware: virtumonde
    7:45 PM: Starting Memory Sweep
    7:45 PM: HKCR\clsid\{35abafa9-fd02-4ca8-a83e-5f3441d9b27a}\inprocserver32\ (ID = 1606698)
    7:45 PM: Found Adware: spysheriff fakealert
    7:45 PM: Start Custom Sweep
    7:45 PM: Sweep initiated using definitions version 948
    7:45 PM: ApplicationMinimized - EXIT
    7:45 PM: ApplicationMinimized - ENTER
    7:43 PM: None
    7:43 PM: Traces Found: 0
    7:43 PM: Sweep Canceled
    7:43 PM: Start Full Sweep
    7:43 PM: Sweep initiated using definitions version 948
    7:42 PM: ApplicationMinimized - EXIT
    7:42 PM: ApplicationMinimized - ENTER
    7:39 PM: ApplicationMinimized - EXIT
    7:39 PM: ApplicationMinimized - ENTER
    7:39 PM: ApplicationMinimized - EXIT
    7:39 PM: ApplicationMinimized - ENTER
    Keylogger: Off
    7:35 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
    E-mail Attachment: On
    7:35 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites: Off
    Hosts File Shield: On
    Internet Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    File System Shield: On
    Execution Shield: On
    System Services Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    7:35 PM: Shield States
    7:35 PM: ApplicationMinimized - EXIT
    7:35 PM: ApplicationMinimized - ENTER
    7:34 PM: License Check Status (0): Success
    7:34 PM: Spyware Definitions: 948
    7:33 PM: Spy Sweeper 5.5.1.3356 started
    7:33 PM: Spy Sweeper 5.5.1.3356 started
    7:33 PM: | Start of Session, Sunday, July 15, 2007 |
    ***************
    and here is the hijack this log....


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:22:55 PM, on 7/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\WINDOWS\system32\qwerty12.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\SBC LightSpeed Self Support Tool\bin\mpbtn.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
    O2 - BHO: (no name) - {eab6e143-a433-4c1f-adac-9f51854f2ef8} - C:\WINDOWS\system32\inpomm.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
    O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Common Files\SystemDoctor\DNSE.exe" -c
    O4 - HKLM\..\Run: [winehq.org] "rundll32.exe" "C:\WINDOWS\ljijkk.dll",realset
    O4 - HKLM\..\Run: [TrojanScanner] "C:\Program Files\Trojan Remover\Trjscan.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC LightSpeed Self Support Tool\bin\matcli.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\inpomm.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\inpomm.dll
    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\inpomm.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://Www.Wintergreensys.com
    O15 - Trusted Zone: http://www.mozilla.org
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cherrytap.com/imgs/ImageUploader4.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O20 - AppInit_DLLs: c:\windows\system32\mlljihf.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: inpomm - C:\WINDOWS\SYSTEM32\inpomm.dll
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 8480 bytes
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    1. Please download The Avenger by Swandog46 to your Desktop.
    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop

    2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, start The Avenger program by clicking on its icon on your desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger¬ís actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply.

    Rescan with Hijack This, close all browser windows except Hijack This, put a checkmark beside these entries and click fix checked.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

    O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)

    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)

    O2 - BHO: (no name) - {eab6e143-a433-4c1f-adac-9f51854f2ef8} - C:\WINDOWS\system32\inpomm.dll

    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)

    O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Common Files\SystemDoctor\DNSE.exe" -c

    O4 - HKLM\..\Run: [winehq.org] "rundll32.exe" "C:\WINDOWS\ljijkk.dll",realset

    O20 - AppInit_DLLs: c:\windows\system32\mlljihf.dll

    O20 - Winlogon Notify: inpomm - C:\WINDOWS\SYSTEM32\inpomm.dll

    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe


    Reboot and post another Hijack This log please.
     
  5. confussed

    confussed Thread Starter

    Joined:
    Jul 15, 2007
    Messages:
    4
    ok so i dont get lost im gonna do this in sections ok so i ran the advenger but when the c box came up it closed automaticly and opend a notepad heres what it said


    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\qnwxoswy

    *******************

    Script file located at: \??\C:\WINDOWS\gqexfive.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:



    File C:\WINDOWS\ljijkk.dll not found!
    Deletion of file C:\WINDOWS\ljijkk.dll failed!

    Could not process line:
    C:\WINDOWS\ljijkk.dll
    Status: 0xc0000034



    File c:\windows\system32\mlljihf.dll not found!
    Deletion of file c:\windows\system32\mlljihf.dll failed!

    Could not process line:
    c:\windows\system32\mlljihf.dll
    Status: 0xc0000034



    File C:\WINDOWS\SYSTEM32\inpomm.dll not found!
    Deletion of file C:\WINDOWS\SYSTEM32\inpomm.dll failed!

    Could not process line:
    C:\WINDOWS\SYSTEM32\inpomm.dll
    Status: 0xc0000034



    File C:\WINDOWS\system32\qwerty12.exe not found!
    Deletion of file C:\WINDOWS\system32\qwerty12.exe failed!

    Could not process line:
    C:\WINDOWS\system32\qwerty12.exe
    Status: 0xc0000034



    Folder C:\Program Files\Common Files\SystemDoctor not found!
    Deletion of folder C:\Program Files\Common Files\SystemDoctor failed!

    Could not process line:
    C:\Program Files\Common Files\SystemDoctor
    Status: 0xc0000034


    Completed script processing.

    *******************

    Finished! Terminate.



    and here is the hijackthis log....


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:18:19 PM, on 7/19/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\keyhook.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\SBC LightSpeed Self Support Tool\bin\mpbtn.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\PCClear_Plus\PCClear_Plus.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Yahoo!\Antivirus\autodown.exe

    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 1909 bytes
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Parts of the Hijack This log seem missing
     
  7. confussed

    confussed Thread Starter

    Joined:
    Jul 15, 2007
    Messages:
    4
    here it is sorry!


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:03:09 PM, on 7/20/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\keyhook.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\Program Files\SBC LightSpeed Self Support Tool\bin\mpbtn.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\PCClear_Plus\PCClear_Plus.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
    O4 - HKLM\..\Run: [PCClear_Plus] "C:\Program Files\PCClear_Plus\PCclear_Plus.exe" /shide
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC LightSpeed Self Support Tool\bin\matcli.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\mmcntr.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\mmcntr.dll (file missing)
    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\mmcntr.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://Www.Wintergreensys.com
    O15 - Trusted Zone: http://www.mozilla.org
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cherrytap.com/imgs/ImageUploader4.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: mmcntr - mmcntr.dll (file missing)
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 7709 bytes
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Rescan with Hijack This.
    Close all browser windows except Hijack This.
    Put a check mark beside these entries and click "Fix Checked".

    O20 - Winlogon Notify: mmcntr - mmcntr.dll (file missing)

    Reboot. How are things now
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/596191

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice