View Full Version : Help getting rid of Trojan.sbi [Re-Opened]
I have a computer that Spyware has found a trojan.sbi on it and I need help getting rid of it.
At the same time I keep getting "Microsoft Windows Security Center disabled.
I would appreciate any help you can provide because the computer is used by my sister-in law for Cyber Schooling.
Is there any free software to remove trojans?
Hello and welcome to the forums :)
Please post a HijackThis log to here.
Download HJTInstall.exe (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to your Desktop.
Doubleclick HJTInstall.exe to install it.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
Please also post the Spybot's scan log to here (the findings) :bigthumb:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:41 PM, on 9/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec
Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\Symantec
Shared\ccApp.exe
C:\Program Files\Thomson\Lyra
Applications\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://srch-qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = http://localhost;localhost
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat
5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) -
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program
Files\Common Files\Symantec
Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) -
{243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program
Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) -
{65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) -
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Show Norton Toolbar -
{90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program
Files\Common Files\Symantec
Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv]
c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdateManager] "C:\Program
Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program
Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program
Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton
Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program
Files\Thomson\Lyra
Applications\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program
Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe"
/a /m "C:\Program Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpyKiller] C:\Program
Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver
Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE
(User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program
Files\Symantec\LiveUpdate\ALUNotify.exe (User
'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall]
"C:\WINDOWS\System32\msiexec.exe" /L*v
C:\WINDOWS\TEMP\SND532unin.txt /x
{6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn
REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver
Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE
(User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall]
"C:\WINDOWS\System32\msiexec.exe" /L*v
C:\WINDOWS\TEMP\SND532unin.txt /x
{6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn
REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk =
C:\Program Files\Compaq
Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft
Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: MoneySide -
{E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program
Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader -
http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O22 - SharedTaskScheduler: boob -
{01b55afa-f451-474b-9e91-c35b24d02641} - (no file)
O23 - Service: Automatic LiveUpdate Scheduler -
Symantec Corporation - C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service
(CLTNetCnService) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google
- C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation
(ISPwdSvc) - Symantec Corporation - C:\Program
Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark
International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex
(LiveUpdate Notice Ex) - Symantec Corporation -
C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Softex OmniPass Service (omniserv) -
Unknown owner - C:\Program
Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Symantec Core LC - Symantec Corporation
- C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) -
http://www.thisoldtoy.com/fisher-price/dept-2-dolls-stuffed-animals/d-puffalump-purrtender/1-pics/1-ref-pics/puff-mouse.JPG
O24 - Desktop Component 1: (no name) -
http://www.thisoldtoy.com/fisher-price/dept-2-dolls-stuffed-animals/d-puffalump-purrtender/1-pics/1-ref-pics/puff-puppy.JPG
O24 - Desktop Component 2: (no name) -
http://i2.photobucket.com/albums/y10/C_jae_hood/yuyuspettacolosa.jpg
--
End of file - 9739 bytes
Spybot logs
--- Report generated: 2007-08-31 10:15 ---
Microsoft.WindowsSecurityCenter_disabled: Settings
(Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2
--- Spybot - Search & Destroy version: 1.4 (build:
20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-08-28 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-08-22 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-08-22 Includes\DialerC.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-08-22 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-08-22 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-08-01 Includes\Malware.sbi (*)
2007-08-22 Includes\MalwareC.sbi (*)
2007-08-22 Includes\PUPS.sbi (*)
2007-08-22 Includes\PUPSC.sbi (*)
2007-08-22 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-08-22 Includes\SecurityC.sbi (*)
2007-08-01 Includes\Spybots.sbi (*)
2007-08-22 Includes\SpybotsC.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-08-01 Includes\Trojans.sbi (*)
2007-08-22 Includes\TrojansC.sbi (*)
SPYBOT include log
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\toolbar.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\redirector.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\search.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\toolbar.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\redirector.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\search.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\toolbar.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\redirector.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\search.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\toolbar.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\redirector.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\search.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\toolbar.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\redirector.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\search.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\toolbar.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\redirector.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\search.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\toolbar.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\redirector.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\search.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\toolbar.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\redirector.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\search.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\toolbar.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\redirector.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\search.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\toolbar.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\redirector.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\search.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\toolbar.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\redirector.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\search.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\toolbar.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\redirector.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\search.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\toolbar.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\redirector.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\search.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\toolbar.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\redirector.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\search.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\toolbar.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\redirector.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\search.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\toolbar.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\redirector.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\search.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\toolbar.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\redirector.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\search.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\toolbar.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\redirector.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\search.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\toolbar.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\redirector.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\search.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\toolbar.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\redirector.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\search.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\toolbar.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\redirector.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\search.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\toolbar.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\redirector.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\search.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\toolbar.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\redirector.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\search.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\toolbar.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\redirector.dll
C:\Program Files\spybot\Spybot - Search &
Destroy\Includes\Hijackers.sbi | Xupiter.OrbitExplorer
| Common Files\OE\search.dll
C:\Program Files\Spybot - Search &
Destroy\Includes\Trojans.sbi | Zlob.DNSChanger |
(85\.255\.11[0-9]\.[1-2]?[0-9]{1,2}[,]?\s?)(85\.255\.11[0-9]\.[1-2]?[0-9]{1,2}[,]?\s?)+
C:\Program Files\Spybot - Search &
Destroy\Includes\Trojans.sbi | Zlob.DNSChanger |
(85\.255\.11[0-9]\.[1-2]?[0-9]{1,2}[,]?\s?)(85\.255\.11[0-9]\.[1-2]?[0-9]{1,2}[,]?\s?)+
C:\Program Files\Spybot - Search &
Destroy\Includes\Trojans.sbi | Zlob.DNSChanger |
(85\.255\.11[0-9]\.[1-2]?[0-9]{1,2}[,]?\s?)(85\.255\.11[0-9]\.[1-2]?[0-9]{1,2}[,]?\s?)+
C:\Program Files\Spybot - Search &
Destroy\Includes\Trojans.sbi | Zlob.DNSChanger |
(85\.255\.11[0-9]\.[1-2]?[0-9]{1,2}[,]?\s?)(85\.255\.11[0-9]\.[1-2]?[0-9]{1,2}[,]?\s?)+
C:\Program Files\Spybot - Search &
Destroy\Includes\Trojans.sbi | Zlob.DNSChanger |
(85\.255\.11[0-9]\.[1-2]?[0-9]{1,2}[,]?\s?)(85\.255\.11[0-9]\.[1-2]?[0-9]{1,2}[,]?\s?)+
C:\Program Files\Spybot - Search &
Destroy\Includes\Trojans.sbi | Zlob.DNSChanger |
(85\.255\.11[0-9]\.[1-2]?[0-9]{1,2}[,]?\s?)(85\.255\.11[0-9]\.[1-2]?[0-9]{1,2}[,]?\s?)+
C:\Program Files\Spybot - Search &
Destroy\Includes\Trojans.sbi | Zlob.DNSChanger |
(85\.255\.11[0-9]\.[1-2]?[0-9]{1,2}[,]?\s?)(85\.255\.11[0-9]\.[1-2]?[0-9]{1,2}[,]?\s?)+
Hi again :)
You got some infections there...
Please disable the WordWrap in notepad (Click the "Format" menu and untick "Word Wrap".) WordWrap makes the logs very irritating to read.
Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.exe) (by S!Ri)
Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply along with a fresh HijackTHis log.
**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)
NOTE: Do not run any other options from SmitfraudFix until I tell you to do so!
unwrapped original logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:41 PM, on 9/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec
Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\Symantec
Shared\ccApp.exe
C:\Program Files\Thomson\Lyra
Applications\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://srch-qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = http://localhost;localhost
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat
5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) -
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program
Files\Common Files\Symantec
Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) -
{243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program
Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) -
{65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) -
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Show Norton Toolbar -
{90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program
Files\Common Files\Symantec
Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv]
c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdateManager] "C:\Program
Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program
Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program
Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton
Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program
Files\Thomson\Lyra
Applications\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program
Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe"
/a /m "C:\Program Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpyKiller] C:\Program
Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver
Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE
(User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program
Files\Symantec\LiveUpdate\ALUNotify.exe (User
'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall]
"C:\WINDOWS\System32\msiexec.exe" /L*v
C:\WINDOWS\TEMP\SND532unin.txt /x
{6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn
REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver
Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE
(User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall]
"C:\WINDOWS\System32\msiexec.exe" /L*v
C:\WINDOWS\TEMP\SND532unin.txt /x
{6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn
REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk =
C:\Program Files\Compaq
Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft
Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: MoneySide -
{E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program
Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader -
http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O22 - SharedTaskScheduler: boob -
{01b55afa-f451-474b-9e91-c35b24d02641} - (no file)
O23 - Service: Automatic LiveUpdate Scheduler -
Symantec Corporation - C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service
(CLTNetCnService) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google
- C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation
(ISPwdSvc) - Symantec Corporation - C:\Program
Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark
International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex
(LiveUpdate Notice Ex) - Symantec Corporation -
C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Softex OmniPass Service (omniserv) -
Unknown owner - C:\Program
Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Symantec Core LC - Symantec Corporation
- C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) -
http://www.thisoldtoy.com/fisher-price/dept-2-dolls-stuffed-animals/d-puffalump-purrtender/1-pics/1-ref-pics/puff-mouse.JPG
O24 - Desktop Component 1: (no name) -
http://www.thisoldtoy.com/fisher-price/dept-2-dolls-stuffed-animals/d-puffalump-purrtender/1-pics/1-ref-pics/puff-puppy.JPG
O24 - Desktop Component 2: (no name) -
http://i2.photobucket.com/albums/y10/C_jae_hood/yuyuspettacolosa.jpg
--
End of file - 9739 bytes
Smitfraudfix report:
SmitFraudFix v2.221
Scan done at 13:17:45.75, Sun 09/09/2007
Run from C:\Documents and
Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] -
Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec
Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\Symantec
Shared\ccApp.exe
C:\Program Files\Thomson\Lyra
Applications\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»
C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and
Settings\Owner
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and
Settings\Owner\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»»
C:\DOCUME~1\Owner\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\SpyKiller\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Desktop\Components\0]
"Source"="http://www.thisoldtoy.com/fisher-price/dept-2-dolls-stuffed-animals/d-puffalump-purrtender/1-pics/1-ref-pics/puff-mouse.JPG"
"SubscribedURL"="http://www.thisoldtoy.com/fisher-price/dept-2-dolls-stuffed-animals/d-puffalump-purrtender/1-pics/1-ref-pics/puff-mouse.JPG"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Desktop\Components\1]
"Source"="http://www.thisoldtoy.com/fisher-price/dept-2-dolls-stuffed-animals/d-puffalump-purrtender/1-pics/1-ref-pics/puff-puppy.JPG"
"SubscribedURL"="http://www.thisoldtoy.com/fisher-price/dept-2-dolls-stuffed-animals/d-puffalump-purrtender/1-pics/1-ref-pics/puff-puppy.JPG"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Desktop\Components\2]
"Source"="http://i2.photobucket.com/albums/y10/C_jae_hood/yuyuspettacolosa.jpg"
"SubscribedURL"="http://i2.photobucket.com/albums/y10/C_jae_hood/yuyuspettacolosa.jpg"
"FriendlyName"=""
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably
infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{01b55afa-f451-474b-9e91-c35b24d02641}"="boob"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably
infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably
infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139 Family PCI Fast Ethernet
NIC - Packet Scheduler Miniport
DNS Server Search Order: 24.154.1.8
DNS Server Search Order: 24.154.1.9
HKLM\SYSTEM\CCS\Services\Tcpip\..\{ACDFA454-4D40-4263-9C38-2E512ECDE09D}:
DhcpNameServer=24.154.1.8 24.154.1.9
HKLM\SYSTEM\CS1\Services\Tcpip\..\{ACDFA454-4D40-4263-9C38-2E512ECDE09D}:
DhcpNameServer=63.67.120.14 63.67.120.13
HKLM\SYSTEM\CS3\Services\Tcpip\..\{ACDFA454-4D40-4263-9C38-2E512ECDE09D}:
DhcpNameServer=24.154.1.8 24.154.1.9
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters:
DhcpNameServer=24.154.1.8 24.154.1.9
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters:
DhcpNameServer=63.67.120.14 63.67.120.13
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters:
DhcpNameServer=24.154.1.8 24.154.1.9
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for
wininet.dll
infection
»»»»»»»»»»»»»»»»»»»»»»»» End
New Hijack this report from today 9-9-07
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:21 PM, on 9/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec
Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\Symantec
Shared\ccApp.exe
C:\Program Files\Thomson\Lyra
Applications\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://srch-qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = http://localhost;localhost
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat
5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) -
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program
Files\Common Files\Symantec
Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) -
{243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program
Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) -
{65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) -
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Show Norton Toolbar -
{90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program
Files\Common Files\Symantec
Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv]
c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdateManager] "C:\Program
Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program
Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program
Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton
Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program
Files\Thomson\Lyra
Applications\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program
Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe"
/a /m "C:\Program Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpyKiller] C:\Program
Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver
Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE
(User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program
Files\Symantec\LiveUpdate\ALUNotify.exe (User
'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall]
"C:\WINDOWS\System32\msiexec.exe" /L*v
C:\WINDOWS\TEMP\SND532unin.txt /x
{6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn
REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver
Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE
(User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall]
"C:\WINDOWS\System32\msiexec.exe" /L*v
C:\WINDOWS\TEMP\SND532unin.txt /x
{6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn
REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk =
C:\Program Files\Compaq
Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft
Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: MoneySide -
{E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program
Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader -
http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O22 - SharedTaskScheduler: boob -
{01b55afa-f451-474b-9e91-c35b24d02641} - (no file)
O23 - Service: Automatic LiveUpdate Scheduler -
Symantec Corporation - C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service
(CLTNetCnService) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google
- C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation
(ISPwdSvc) - Symantec Corporation - C:\Program
Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark
International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex
(LiveUpdate Notice Ex) - Symantec Corporation -
C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Softex OmniPass Service (omniserv) -
Unknown owner - C:\Program
Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Symantec Core LC - Symantec Corporation
- C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) -
http://www.thisoldtoy.com/fisher-price/dept-2-dolls-stuffed-animals/d-puffalump-purrtender/1-pics/1-ref-pics/puff-mouse.JPG
O24 - Desktop Component 1: (no name) -
http://www.thisoldtoy.com/fisher-price/dept-2-dolls-stuffed-animals/d-puffalump-purrtender/1-pics/1-ref-pics/puff-puppy.JPG
O24 - Desktop Component 2: (no name) -
http://i2.photobucket.com/albums/y10/C_jae_hood/yuyuspettacolosa.jpg
--
End of file - 9739 bytes
Hi :)
You still have WordWrap enabled and it makes the log very annoing to read. :sick:
Please disable WordWrap (Click the "Format" menu and untick "Word Wrap".), Run hijackThis again and post a fresh log to here. :bigthumb:
i did disable the word wrap on each log. could it be when I copy the file and paste it into my yahoo mail message?
the problem is, the virus is on my other-in law's computer not mine. I will try it again but word wrap is disabled.
ok it is most likely Yahoo that keeps interfering. Could you just attatch the log as a text file attachment to your email message?
You should print these instructions or save these to a text file. Follow these instructions carefully.
Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Run a scan with Dr.Web CureIt Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, you should now mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable
After the scan, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot the computer in Normal Mode,
Post the Cure-it report and a fresh HijackThis log
I know it is wrapped but I am not sure hoq else to attach and excel document.
Setup.exe;C:\Documents and Settings\All Users\Application Data\Tarma Installer\{19406E15-8908-46A5-9372-B4B9B74691B8};Trojan.IconDrop;Deleted.;
Process.exe;C:\Documents and Settings\Owner\Desktop\Elaine Stuff\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
restart.exe;C:\Documents and Settings\Owner\Desktop\Elaine Stuff\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
KillWind.exe;C:\hp\bin;Tool.ProcessKill;Incurable.Moved.;
Terminator.exe;C:\hp\bin;Trojan.KillApp.30208;Deleted.;
EN_CA-ie.reg;C:\hp\region;Trojan.StartPage.1505;Deleted.;
A0012516.exe;C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP128;Trojan.IconDrop;Deleted.;
A0012517.exe;C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP128;Trojan.KillApp.30208;Deleted.;
A0012518.reg;C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP128;Trojan.StartPage.1505;Deleted.;
invupdate.exe;C:\WINDOWS;Trojan.MulDrop.4313;Deleted.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;Incurable.Moved.;
Now this looks wrapped and i saved it as a text file in yahoo.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:27 PM, on 9/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Thomson\Lyra
Applications\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Owner\Desktop\Elaine Stuff\HiJackThis.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://srch-qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = http://localhost;localhost
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} -
C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no
file)
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no
file)
O3 - Toolbar: Show Norton Toolbar -
{90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec
Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark
X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet
Security\osCheck.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra
Applications\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common
Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe
/startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning]
C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program
Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall]
"C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x
{6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning]
C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall]
"C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x
{6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq
Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -
C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader -
http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O22 - SharedTaskScheduler: boob -
{01b55afa-f451-474b-9e91-c35b24d02641} - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) -
Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec
Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) -
Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation -
C:\Program Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner -
C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) -
http://www.thisoldtoy.com/fisher-price/dept-2-dolls-stuffed-animals/d-puffalump-purrtender/1-pics/1-ref-pics/puff-mouse.JPG
O24 - Desktop Component 1: (no name) -
http://www.thisoldtoy.com/fisher-price/dept-2-dolls-stuffed-animals/d-puffalump-purrtender/1-pics/1-ref-pics/puff-puppy.JPG
O24 - Desktop Component 2: (no name) -
http://i2.photobucket.com/albums/y10/C_jae_hood/yuyuspettacolosa.jpg
--
End of file - 10115 bytes
I sure hope this will allow you to tell me how to fix this mess because I need to complete this prior to Wednesday 9/19 because I am leaving town for a small vacation.
Thanks for all your help so far.:red:
Hi again :)
Looks pretty good.
You seem to have this SpyKiller software installed. It has a suspicious reputation and I recommend that you remove it via Control Panel, Add/Remove programs.
More info here (http://www.spywarewarrior.com/rogue_anti-spyware.htm)
This is the line to fix with HijackThis, O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
This is the folder to delete, C:\Program Files\SpyKiller
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x
{6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x
{6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O22 - SharedTaskScheduler: boob - {01b55afa-f451-474b-9e91-c35b24d02641} - (no file)
Restart the computer.
Post a fresh HijackThis log and let me know how things are running :bigthumb:
I looked for Spykiller in the add/remove component in control panel but could not find it.
I then did exactly what you said so here is the new hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:17 PM, on 9/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec
Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Common Files\Symantec
Shared\ccApp.exe
C:\Program Files\Thomson\Lyra
Applications\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Documents and Settings\Owner\Desktop\Elaine
Stuff\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://srch-qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = http://localhost;localhost
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat
5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) -
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program
Files\Common Files\Symantec
Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) -
{243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program
Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Show Norton Toolbar -
{90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program
Files\Common Files\Symantec
Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv]
c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdateManager] "C:\Program
Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program
Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program
Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton
Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program
Files\Thomson\Lyra
Applications\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program
Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe"
/a /m "C:\Program Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver
Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE
(User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program
Files\Symantec\LiveUpdate\ALUNotify.exe (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver
Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE
(User 'Default user')
O4 - Global Startup: Compaq Connections.lnk =
C:\Program Files\Compaq
Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft
Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: MoneySide -
{E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program
Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader -
http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O23 - Service: Automatic LiveUpdate Scheduler -
Symantec Corporation - C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service
(CLTNetCnService) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google
- C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation
(ISPwdSvc) - Symantec Corporation - C:\Program
Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark
International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex
(LiveUpdate Notice Ex) - Symantec Corporation -
C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Softex OmniPass Service (omniserv) -
Unknown owner - C:\Program
Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Symantec Core LC - Unknown owner -
C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) -
http://www.thisoldtoy.com/fisher-price/dept-2-dolls-stuffed-animals/d-puffalump-purrtender/1-pics/1-ref-pics/puff-mouse.JPG
O24 - Desktop Component 1: (no name) -
http://www.thisoldtoy.com/fisher-price/dept-2-dolls-stuffed-animals/d-puffalump-purrtender/1-pics/1-ref-pics/puff-puppy.JPG
O24 - Desktop Component 2: (no name) -
http://i2.photobucket.com/albums/y10/C_jae_hood/yuyuspettacolosa.jpg
--
End of file - 8792 bytes
I ran another Spybot and it still came up with microsoft.windows security center disabled (1 entry) Hkey_local_machine\system\current control set...
not sure what that means.
Hello :)
Ok good, nothing bad in the log.
"microsoft.windows security center disabled" means that some parts of Security Center have been disabled. You have Norton installed and running so this ain't a problem. More info here -> link (http://www.microsoft.com/windowsxp/using/security/internet/sp2_wscintro.mspx)
Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)
This will clear the system restore folders from possible malware that was left behind during the cleaning process.
Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.
Use AVG Anti-Spyware (http://www.ewido.net/en/)
Download and install AVG Anti-Spyware. Update it and scan your computer regularly with it.
Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.
Install SpywareBlaster (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
SpywareBlaster will prevent spyware from being installed.
Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.
Use Firefox browser (http://www.mozilla.org)
Firefox is faster and more secure browser than Internet Explorer.
Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly. How to enable Automatic Updates? (http://www.bleepingcomputer.com/tutorials/tutorial35.html)
Keep your antivirus (http://forum.malwareremoval.com/viewtopic.php?p=53#53) and firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) up-to-date
Scan your computer regularly with you antivirus software.
Read this article by TonyKlein (http://forums.spybot.info/showthread.php?t=279)
So how did I get infected in the first place?
Stand Up and Be Counted ! (http://www.malwarecomplaints.info/index.php)
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Stay clean and be safe ;)