need help with cmdservice adware problem

Great , that went off without a hitch. :bigthumb:


Download: DelDomains and save it to the desktop.
  • Close all open windows and your browser
  • Right Click DelDomains.inf and select > Install
  • Reboot your computer


Internet Explorer is needed to run this properly.

What I would like you to do is to run Combofix again and post the New Combofix log and a New HJT log please
 
thanks a lot for ur helps. I reinstall the combofix n here's the log :
ComboFix 07-12-07.3 - Owner 2007-12-07 14:53:19.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.260 [GMT -8:00]
Running from: C:\DOCUME~1\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\svchost.com

.
((((((((((((((((((((((((( Files Created from 2007-11-07 to 2007-12-07 )))))))))))))))))))))))))))))))
.

2007-12-06 11:47 . 2007-12-07 13:09 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-06 11:47 . 2007-12-06 11:47 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-12-06 11:47 . 2007-12-06 11:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-06 11:45 . 2007-12-06 11:45 <DIR> d-------- C:\Program Files\CCleaner
2007-12-05 17:39 . 2007-12-06 10:53 807,528 ---hs---- C:\WINDOWS\system32\xdcmtxhf.ini
2007-12-05 03:45 . 2004-01-26 05:10 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-12-05 03:45 . 2005-08-01 15:59 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2007-12-05 03:45 . 2005-08-01 15:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo! Messenger
2007-12-05 03:45 . 2005-09-12 22:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2007-12-05 03:45 . 2005-12-04 02:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ventrilo
2007-12-05 03:45 . 2004-01-27 02:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-05 03:45 . 2004-01-26 04:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-12-05 03:45 . 2006-01-30 16:11 <DIR> dr-h----- C:\Documents and Settings\Administrator\Application Data\SecuROM
2007-12-05 03:45 . 2004-01-26 05:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-12-05 03:45 . 2005-12-05 15:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Motive
2007-12-05 03:45 . 2005-08-16 23:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Kazaa Lite
2007-12-05 03:45 . 2004-01-27 02:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2007-12-05 03:45 . 2005-08-20 20:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\FotoWire
2007-12-05 03:45 . 2005-10-22 11:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Aim
2007-12-05 03:45 . 2005-09-15 09:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-12-05 03:45 . 2005-10-31 18:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\.bt2
2007-12-05 03:45 . 2005-10-09 02:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\.BitTornado
2007-12-04 23:46 . 2007-12-05 12:43 2,076,049 ---hs---- C:\WINDOWS\system32\lrfojqbb.ini
2007-12-04 23:21 . 2007-12-04 23:21 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-04 23:21 . 2007-12-04 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-04 23:02 . 2007-12-04 23:02 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-04 22:46 . 2007-12-04 23:44 1,471,158 ---hs---- C:\WINDOWS\system32\cjynxpts.ini
2007-12-04 22:42 . 2004-05-27 18:53 237,568 -ra------ C:\WINDOWS\system32\SiSWPars.dll
2007-12-04 22:42 . 2004-05-27 18:53 155,648 -ra------ C:\WINDOWS\system32\SiSWInst.dll
2007-12-04 22:42 . 2004-05-27 19:49 154,112 -ra------ C:\WINDOWS\system32\drivers\sis162u.sys
2007-12-04 22:42 . 2004-05-27 18:53 49,152 -ra------ C:\WINDOWS\system32\SiSWBase.dll
2007-12-04 15:10 . 2007-12-04 22:38 848,777 ---hs---- C:\WINDOWS\system32\mkwhomsv.ini
2007-12-03 15:32 . 2007-12-04 15:05 794,770 ---hs---- C:\WINDOWS\system32\ulbmfrpa.ini
2007-12-02 21:35 . 2007-12-03 15:30 794,325 ---hs---- C:\WINDOWS\system32\exmkqfsi.ini
2007-12-01 23:58 . 2007-12-01 23:59 <DIR> d-------- C:\Program Files\7-Zip
2007-12-01 23:08 . 2007-12-01 23:08 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-01 23:08 . 2007-12-01 23:08 268 --ah----- C:\sqmdata03.sqm
2007-12-01 23:08 . 2007-12-01 23:08 244 --ah----- C:\sqmnoopt03.sqm
2007-12-01 21:27 . 2007-12-02 21:30 794,205 ---hs---- C:\WINDOWS\system32\eqvioqie.ini
2007-11-30 14:16 . 2007-11-30 14:16 2,238 --a------ C:\WINDOWS\system32\GClogo_32x32.ico
2007-11-30 11:10 . 2007-12-01 21:22 794,085 ---hs---- C:\WINDOWS\system32\vpgxequf.ini
2007-11-29 21:42 . 2007-11-30 11:02 789,960 ---hs---- C:\WINDOWS\system32\yidiauvd.ini
2007-11-26 16:05 . 2007-11-30 13:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Avant Profiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-07 22:14 --------- d-----w C:\Program Files\Winamp
2007-12-07 22:14 --------- d-----w C:\Program Files\Common Files\rqzi
2007-12-07 22:14 --------- d-----w C:\Program Files\AIM
2007-12-06 22:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-06 19:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-02 07:07 --------- d-----w C:\Program Files\MSN Messenger
2007-11-30 23:12 --------- d-----w C:\Program Files\Starcraft
2007-10-19 08:46 --------- d-----w C:\Program Files\Avant Browser
2007-10-19 03:43 --------- d-----w C:\Program Files\Norton AntiVirus
2007-10-19 01:51 --------- d-----w C:\Documents and Settings\Owner\Application Data\Avant Browser
2007-10-13 23:09 75,840 ----a-w C:\WINDOWS\system32\awooswon.dll
2007-10-13 10:57 75,840 ----a-w C:\WINDOWS\system32\lsbajwxf.dll
2007-10-08 06:05 --------- d-----w C:\Program Files\LD-Anime
2007-09-23 07:25 7,806 ----a-w C:\syssylo.exe
2007-09-19 06:14 4,096 ----a-w C:\WINDOWS\system32\tcpsvcs.dll
2007-09-18 06:14 133,632 --s-a-r C:\WINDOWS\system32\sys32time.dll
2007-09-02 10:50 304,453 ----a-w C:\Documents and Settings\Owner\mcc.exe
2007-09-02 06:01 160,768 ----a-w C:\Documents and Settings\Owner\gotgo.exe
2006-01-02 08:03 300,760 --sh--w C:\WINDOWS\mshostsr.exe
1989-12-12 16:10 404,208 --sh--r C:\WINDOWS\orqeenq.exe
2006-02-23 07:31 19,456 --sh--r C:\WINDOWS\system\svchost.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95CB3857-A0E7-F21B-EE5B-FD8A45862C97}]
C:\WINDOWS\System32\cnsi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-28 14:10]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" []
"Notn"="C:\WINDOWS\System32\SCURIT~1\wuaclt.exe" []
"Omht"="C:\WINDOWS\??stem32\?poolsv.exe" [2003-08-15 18:40]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-26 02:24]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-11-18 07:11]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 03:23]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 03:15]
"KBD"="C:\HP\KBD\KBD.EXE" [2007-12-07 14:46]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 08:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-01-26 04:29]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 16:50]
"VTTimer"=" " []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-15 00:59]
"LTMSG"="LTMSG.exe" [2003-07-14 17:52 C:\WINDOWS\ltmsg.exe]
"PS2"=" " []
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 20:35 C:\WINDOWS\ALCXMNTR.EXE]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-12 04:23]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-28 14:10]
"QuickTime Task"="C:\PROGRA~1\QUICKT~1\qttask.exe" [2007-09-24 23:37]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2004-01-27 02:26:18]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2004-01-27 02:26:18]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2004-01-26 05:20:47]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 12:19:24]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-01-19 00:44:15]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 04:49:48]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2006-07-11 13:16:00]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


.
Contents of the 'Scheduled Tasks' folder
"2007-10-19 00:33:48 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 14:58:20
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-07 14:59:36
C:\ComboFix2.txt ... 2007-12-06 12:50
.
--- E O F ---
 
and here is the hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:04:48 PM, on 12/7/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Java\J2RE14~1.2_0\bin\jusched.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\PROGRA~1\Yahoo!\SEARCH~1\SEARCH~1.EXE
C:\PROGRA~1\SUPERA~1\SUPERA~1.EXE
C:\PROGRA~1\COMPAQ~1\1940576\Program\BACKWE~1.EXE
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
C:\PROGRA~1\INTERM~1\SPAMSU~1\SpamSub.exe
C:\PROGRA~1\SBCSEL~1\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {95CB3857-A0E7-F21B-EE5B-FD8A45862C97} - C:\WINDOWS\System32\cnsi.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn7\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer]
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2]
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRA~1\QUICKT~1\qttask.exe" -atboottime
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\System32\SCURIT~1\wuaclt.exe" -vt yazb
O4 - HKCU\..\Run: [Omht] C:\WINDOWS\??stem32\?poolsv.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - .DEFAULT User Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe

--
End of file - 8120 bytes
 
im just wondering why everytimes i ran the combofix, there's a window called service/cmd.exe pop up all the times n just being there, so i had to close it myself. just wondering if that's ok to do so
 
Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

File::
C:\syssylo.exe
C:\WINDOWS\mshostsr.exe
C:\WINDOWS\orqeenq.exe
C:\WINDOWS\system\svchost.dll
C:\WINDOWS\system32\xdcmtxhf.ini
C:\WINDOWS\system32\lrfojqbb.ini
C:\WINDOWS\system32\cjynxpts.ini
C:\WINDOWS\system32\mkwhomsv.ini
C:\WINDOWS\system32\ulbmfrpa.ini
C:\WINDOWS\system32\exmkqfsi.ini
C:\WINDOWS\system32\eqvioqie.ini
C:\WINDOWS\system32\vpgxequf.ini
C:\WINDOWS\system32\yidiauvd.ini
C:\WINDOWS\system32\awooswon.dll
C:\WINDOWS\system32\lsbajwxf.dll
C:\WINDOWS\system32\tcpsvcs.dll
C:\WINDOWS\system32\sys32time.dll
C:\WINDOWS\System32\cnsi.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95CB3857-A0E7-F21B-EE5B-FD8A45862C97}]
Click to expand...

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
 
thanks for ur fast respond. Here is the combofix log:
ComboFix 07-12-07.3 - Owner 2007-12-07 22:27:53.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.240 [GMT -8:00]
Running from: C:\DOCUME~1\Owner\LOCALS~1\Temp\3582-490\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\svchost.com

.
((((((((((((((((((((((((( Files Created from 2007-11-08 to 2007-12-08 )))))))))))))))))))))))))))))))
.

2007-12-06 11:47 . 2007-12-07 13:09 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-06 11:47 . 2007-12-06 11:47 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-12-06 11:47 . 2007-12-06 11:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-06 11:45 . 2007-12-06 11:45 <DIR> d-------- C:\Program Files\CCleaner
2007-12-05 17:39 . 2007-12-06 10:53 807,528 ---hs---- C:\WINDOWS\system32\xdcmtxhf.ini
2007-12-05 03:45 . 2004-01-26 05:10 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-12-05 03:45 . 2005-08-01 15:59 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2007-12-05 03:45 . 2005-08-01 15:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo! Messenger
2007-12-05 03:45 . 2005-09-12 22:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2007-12-05 03:45 . 2005-12-04 02:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ventrilo
2007-12-05 03:45 . 2004-01-27 02:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-05 03:45 . 2004-01-26 04:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-12-05 03:45 . 2006-01-30 16:11 <DIR> dr-h----- C:\Documents and Settings\Administrator\Application Data\SecuROM
2007-12-05 03:45 . 2004-01-26 05:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-12-05 03:45 . 2005-12-05 15:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Motive
2007-12-05 03:45 . 2005-08-16 23:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Kazaa Lite
2007-12-05 03:45 . 2004-01-27 02:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2007-12-05 03:45 . 2005-08-20 20:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\FotoWire
2007-12-05 03:45 . 2005-10-22 11:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Aim
2007-12-05 03:45 . 2005-09-15 09:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-12-05 03:45 . 2005-10-31 18:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\.bt2
2007-12-05 03:45 . 2005-10-09 02:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\.BitTornado
2007-12-04 23:46 . 2007-12-05 12:43 2,076,049 ---hs---- C:\WINDOWS\system32\lrfojqbb.ini
2007-12-04 23:21 . 2007-12-04 23:21 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-04 23:21 . 2007-12-04 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-04 23:02 . 2007-12-04 23:02 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-04 22:46 . 2007-12-04 23:44 1,471,158 ---hs---- C:\WINDOWS\system32\cjynxpts.ini
2007-12-04 22:42 . 2004-05-27 18:53 237,568 -ra------ C:\WINDOWS\system32\SiSWPars.dll
2007-12-04 22:42 . 2004-05-27 18:53 155,648 -ra------ C:\WINDOWS\system32\SiSWInst.dll
2007-12-04 22:42 . 2004-05-27 19:49 154,112 -ra------ C:\WINDOWS\system32\drivers\sis162u.sys
2007-12-04 22:42 . 2004-05-27 18:53 49,152 -ra------ C:\WINDOWS\system32\SiSWBase.dll
2007-12-04 15:10 . 2007-12-04 22:38 848,777 ---hs---- C:\WINDOWS\system32\mkwhomsv.ini
2007-12-03 15:32 . 2007-12-04 15:05 794,770 ---hs---- C:\WINDOWS\system32\ulbmfrpa.ini
2007-12-02 21:35 . 2007-12-03 15:30 794,325 ---hs---- C:\WINDOWS\system32\exmkqfsi.ini
2007-12-01 23:58 . 2007-12-01 23:59 <DIR> d-------- C:\Program Files\7-Zip
2007-12-01 23:08 . 2007-12-01 23:08 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-01 23:08 . 2007-12-01 23:08 268 --ah----- C:\sqmdata03.sqm
2007-12-01 23:08 . 2007-12-01 23:08 244 --ah----- C:\sqmnoopt03.sqm
2007-12-01 21:27 . 2007-12-02 21:30 794,205 ---hs---- C:\WINDOWS\system32\eqvioqie.ini
2007-11-30 14:16 . 2007-11-30 14:16 2,238 --a------ C:\WINDOWS\system32\GClogo_32x32.ico
2007-11-30 11:10 . 2007-12-01 21:22 794,085 ---hs---- C:\WINDOWS\system32\vpgxequf.ini
2007-11-29 21:42 . 2007-11-30 11:02 789,960 ---hs---- C:\WINDOWS\system32\yidiauvd.ini
2007-11-26 16:05 . 2007-11-30 13:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Avant Profiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-07 22:14 --------- d-----w C:\Program Files\Winamp
2007-12-07 22:14 --------- d-----w C:\Program Files\Common Files\rqzi
2007-12-07 22:14 --------- d-----w C:\Program Files\AIM
2007-12-06 22:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-06 19:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-02 07:07 --------- d-----w C:\Program Files\MSN Messenger
2007-11-30 23:12 --------- d-----w C:\Program Files\Starcraft
2007-10-19 08:46 --------- d-----w C:\Program Files\Avant Browser
2007-10-19 03:43 --------- d-----w C:\Program Files\Norton AntiVirus
2007-10-19 01:51 --------- d-----w C:\Documents and Settings\Owner\Application Data\Avant Browser
2007-10-13 23:09 75,840 ----a-w C:\WINDOWS\system32\awooswon.dll
2007-10-13 10:57 75,840 ----a-w C:\WINDOWS\system32\lsbajwxf.dll
2007-10-08 06:05 --------- d-----w C:\Program Files\LD-Anime
2007-09-23 07:25 7,806 ----a-w C:\syssylo.exe
2007-09-19 06:14 4,096 ----a-w C:\WINDOWS\system32\tcpsvcs.dll
2007-09-18 06:14 133,632 --s-a-r C:\WINDOWS\system32\sys32time.dll
2007-09-02 10:50 304,453 ----a-w C:\Documents and Settings\Owner\mcc.exe
2007-09-02 06:01 160,768 ----a-w C:\Documents and Settings\Owner\gotgo.exe
2006-01-02 08:03 300,760 --sh--w C:\WINDOWS\mshostsr.exe
1989-12-12 16:10 404,208 --sh--r C:\WINDOWS\orqeenq.exe
2006-02-23 07:31 19,456 --sh--r C:\WINDOWS\system\svchost.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-07_14.58.32.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-07 22:53:12 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2007-12-08 06:27:46 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95CB3857-A0E7-F21B-EE5B-FD8A45862C97}]
C:\WINDOWS\System32\cnsi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-28 14:10]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" []
"Notn"="C:\WINDOWS\System32\SCURIT~1\wuaclt.exe" []
"Omht"="C:\WINDOWS\??stem32\?poolsv.exe" [2003-08-15 18:40]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-26 02:24]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-11-18 07:11]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 03:23]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 03:15]
"KBD"="C:\HP\KBD\KBD.EXE" [2007-12-07 14:46]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 08:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-01-26 04:29]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 16:50]
"VTTimer"=" " []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-15 00:59]
"LTMSG"="LTMSG.exe" [2003-07-14 17:52 C:\WINDOWS\ltmsg.exe]
"PS2"=" " []
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 20:35 C:\WINDOWS\ALCXMNTR.EXE]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-12 04:23]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-28 14:10]
"QuickTime Task"="C:\PROGRA~1\QUICKT~1\qttask.exe" [2007-09-24 23:37]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2004-01-27 02:26:18]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2004-01-27 02:26:18]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2004-01-26 05:20:47]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 12:19:24]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-01-19 00:44:15]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 04:49:48]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2006-07-11 13:16:00]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


.
Contents of the 'Scheduled Tasks' folder
"2007-10-19 00:33:48 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 22:30:26
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-07 22:31:40
C:\ComboFix2.txt ... 2007-12-07 14:59
C:\ComboFix3.txt ... 2007-12-06 12:50
.
--- E O F ---
 
Here's the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:02 PM, on 12/7/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\PROGRA~1\Java\J2RE14~1.2_0\bin\jusched.exe
C:\PROGRA~1\COMMON~1\Sonic\UPDATE~1\sgtray.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\PROGRA~1\Yahoo!\SEARCH~1\SEARCH~1.EXE
C:\PROGRA~1\SUPERA~1\SUPERA~1.EXE
C:\PROGRA~1\COMPAQ~1\1940576\Program\BACKWE~1.EXE
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
C:\PROGRA~1\INTERM~1\SPAMSU~1\SpamSub.exe
C:\PROGRA~1\SBCSEL~1\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {95CB3857-A0E7-F21B-EE5B-FD8A45862C97} - C:\WINDOWS\System32\cnsi.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn7\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer]
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2]
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRA~1\QUICKT~1\qttask.exe" -atboottime
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\System32\SCURIT~1\wuaclt.exe" -vt yazb
O4 - HKCU\..\Run: [Omht] C:\WINDOWS\??stem32\?poolsv.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - .DEFAULT User Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe

--
End of file - 8055 bytes
 
Your running Combofix from a temp directory , it needs to run from your desktop, those files where not removed.

Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

File::
C:\syssylo.exe
C:\WINDOWS\mshostsr.exe
C:\WINDOWS\orqeenq.exe
C:\WINDOWS\system\svchost.dll
C:\WINDOWS\system32\xdcmtxhf.ini
C:\WINDOWS\system32\lrfojqbb.ini
C:\WINDOWS\system32\cjynxpts.ini
C:\WINDOWS\system32\mkwhomsv.ini
C:\WINDOWS\system32\ulbmfrpa.ini
C:\WINDOWS\system32\exmkqfsi.ini
C:\WINDOWS\system32\eqvioqie.ini
C:\WINDOWS\system32\vpgxequf.ini
C:\WINDOWS\system32\yidiauvd.ini
C:\WINDOWS\system32\awooswon.dll
C:\WINDOWS\system32\lsbajwxf.dll
C:\WINDOWS\system32\tcpsvcs.dll
C:\WINDOWS\system32\sys32time.dll
C:\WINDOWS\System32\cnsi.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95CB3857-A0E7-F21B-EE5B-FD8A45862C97}]
Click to expand...

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
 
I did follow ur instruction n this is wat i got from combofix log:
ComboFix 07-12-09.1 - Owner 2007-12-08 22:30:09.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.242 [GMT -8:00]
Running from: C:\DOCUME~1\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\svchost.com

.
((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))
.

2007-12-06 11:47 . 2007-12-07 13:09 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-06 11:47 . 2007-12-06 11:47 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-12-06 11:47 . 2007-12-06 11:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-06 11:45 . 2007-12-06 11:45 <DIR> d-------- C:\Program Files\CCleaner
2007-12-05 17:39 . 2007-12-06 10:53 807,528 ---hs---- C:\WINDOWS\system32\xdcmtxhf.ini
2007-12-05 03:45 . 2004-01-26 05:10 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-12-05 03:45 . 2005-08-01 15:59 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2007-12-05 03:45 . 2005-08-01 15:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo! Messenger
2007-12-05 03:45 . 2005-09-12 22:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2007-12-05 03:45 . 2005-12-04 02:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ventrilo
2007-12-05 03:45 . 2004-01-27 02:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-05 03:45 . 2004-01-26 04:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-12-05 03:45 . 2006-01-30 16:11 <DIR> dr-h----- C:\Documents and Settings\Administrator\Application Data\SecuROM
2007-12-05 03:45 . 2004-01-26 05:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-12-05 03:45 . 2005-12-05 15:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Motive
2007-12-05 03:45 . 2005-08-16 23:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Kazaa Lite
2007-12-05 03:45 . 2004-01-27 02:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2007-12-05 03:45 . 2005-08-20 20:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\FotoWire
2007-12-05 03:45 . 2005-10-22 11:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Aim
2007-12-05 03:45 . 2005-09-15 09:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-12-05 03:45 . 2005-10-31 18:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\.bt2
2007-12-05 03:45 . 2005-10-09 02:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\.BitTornado
2007-12-04 23:46 . 2007-12-05 12:43 2,076,049 ---hs---- C:\WINDOWS\system32\lrfojqbb.ini
2007-12-04 23:21 . 2007-12-04 23:21 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-04 23:21 . 2007-12-04 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-04 23:02 . 2007-12-04 23:02 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-04 22:46 . 2007-12-04 23:44 1,471,158 ---hs---- C:\WINDOWS\system32\cjynxpts.ini
2007-12-04 22:42 . 2004-05-27 18:53 237,568 -ra------ C:\WINDOWS\system32\SiSWPars.dll
2007-12-04 22:42 . 2004-05-27 18:53 155,648 -ra------ C:\WINDOWS\system32\SiSWInst.dll
2007-12-04 22:42 . 2004-05-27 19:49 154,112 -ra------ C:\WINDOWS\system32\drivers\sis162u.sys
2007-12-04 22:42 . 2004-05-27 18:53 49,152 -ra------ C:\WINDOWS\system32\SiSWBase.dll
2007-12-04 15:10 . 2007-12-04 22:38 848,777 ---hs---- C:\WINDOWS\system32\mkwhomsv.ini
2007-12-03 15:32 . 2007-12-04 15:05 794,770 ---hs---- C:\WINDOWS\system32\ulbmfrpa.ini
2007-12-02 21:35 . 2007-12-03 15:30 794,325 ---hs---- C:\WINDOWS\system32\exmkqfsi.ini
2007-12-01 23:58 . 2007-12-01 23:59 <DIR> d-------- C:\Program Files\7-Zip
2007-12-01 23:08 . 2007-12-01 23:08 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-01 23:08 . 2007-12-01 23:08 268 --ah----- C:\sqmdata03.sqm
2007-12-01 23:08 . 2007-12-01 23:08 244 --ah----- C:\sqmnoopt03.sqm
2007-12-01 21:27 . 2007-12-02 21:30 794,205 ---hs---- C:\WINDOWS\system32\eqvioqie.ini
2007-11-30 14:16 . 2007-11-30 14:16 2,238 --a------ C:\WINDOWS\system32\GClogo_32x32.ico
2007-11-30 11:10 . 2007-12-01 21:22 794,085 ---hs---- C:\WINDOWS\system32\vpgxequf.ini
2007-11-29 21:42 . 2007-11-30 11:02 789,960 ---hs---- C:\WINDOWS\system32\yidiauvd.ini
2007-11-26 16:05 . 2007-11-30 13:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Avant Profiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-07 22:14 --------- d-----w C:\Program Files\Winamp
2007-12-07 22:14 --------- d-----w C:\Program Files\Common Files\rqzi
2007-12-07 22:14 --------- d-----w C:\Program Files\AIM
2007-12-06 22:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-06 19:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-02 07:07 --------- d-----w C:\Program Files\MSN Messenger
2007-11-30 23:12 --------- d-----w C:\Program Files\Starcraft
2007-10-19 08:46 --------- d-----w C:\Program Files\Avant Browser
2007-10-19 03:43 --------- d-----w C:\Program Files\Norton AntiVirus
2007-10-19 01:51 --------- d-----w C:\Documents and Settings\Owner\Application Data\Avant Browser
2007-10-13 23:09 75,840 ----a-w C:\WINDOWS\system32\awooswon.dll
2007-10-13 10:57 75,840 ----a-w C:\WINDOWS\system32\lsbajwxf.dll
2007-09-23 07:25 7,806 ----a-w C:\syssylo.exe
2007-09-19 06:14 4,096 ----a-w C:\WINDOWS\system32\tcpsvcs.dll
2007-09-18 06:14 133,632 --s-a-r C:\WINDOWS\system32\sys32time.dll
2007-09-02 10:50 304,453 ----a-w C:\Documents and Settings\Owner\mcc.exe
2007-09-02 06:01 160,768 ----a-w C:\Documents and Settings\Owner\gotgo.exe
2006-01-02 08:03 300,760 --sh--w C:\WINDOWS\mshostsr.exe
1989-12-12 16:10 404,208 --sh--r C:\WINDOWS\orqeenq.exe
2006-02-23 07:31 19,456 --sh--r C:\WINDOWS\system\svchost.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-07_14.58.32.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-27 11:58:11 140,288 ----a-w C:\WINDOWS\catchme.exe
+ 2007-12-08 11:32:45 141,824 ----a-w C:\WINDOWS\catchme.exe
- 2007-12-07 22:45:48 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-09 06:25:57 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-07 22:45:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-09 06:25:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-12-07 22:45:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-09 06:25:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-07 22:53:12 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2007-12-09 06:11:53 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95CB3857-A0E7-F21B-EE5B-FD8A45862C97}]
C:\WINDOWS\System32\cnsi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-28 14:10]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" []
"Notn"="C:\WINDOWS\System32\SCURIT~1\wuaclt.exe" []
"Omht"="C:\WINDOWS\??stem32\?poolsv.exe" [2003-08-15 18:40]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-26 02:24]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-11-18 07:11]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 03:23]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 03:15]
"KBD"="C:\HP\KBD\KBD.EXE" [2007-12-08 22:01]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 08:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-01-26 04:29]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 16:50]
"VTTimer"=" " []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-15 00:59]
"LTMSG"="LTMSG.exe" [2003-07-14 17:52 C:\WINDOWS\ltmsg.exe]
"PS2"=" " []
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 20:35 C:\WINDOWS\ALCXMNTR.EXE]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-12 04:23]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-28 14:10]
"QuickTime Task"="C:\PROGRA~1\QUICKT~1\qttask.exe" [2007-09-24 23:37]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2004-01-27 02:26:18]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2004-01-27 02:26:18]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2004-01-26 05:20:47]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 12:19:24]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-01-19 00:44:15]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 04:49:48]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2006-07-11 13:16:00]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


.
Contents of the 'Scheduled Tasks' folder
"2007-10-19 00:33:48 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-08 22:33:14
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-08 22:34:05
C:\ComboFix2.txt ... 2007-12-08 22:18
C:\ComboFix3.txt ... 2007-12-07 22:31
.
--- E O F ---
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:26 PM, on 12/8/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\PROGRA~1\Yahoo!\SEARCH~1\SEARCH~1.EXE
C:\PROGRA~1\SUPERA~1\SUPERA~1.EXE
C:\PROGRA~1\COMPAQ~1\1940576\Program\BACKWE~1.EXE
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
C:\PROGRA~1\INTERM~1\SPAMSU~1\SpamSub.exe
C:\PROGRA~1\SBCSEL~1\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {95CB3857-A0E7-F21B-EE5B-FD8A45862C97} - C:\WINDOWS\System32\cnsi.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn7\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer]
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2]
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRA~1\QUICKT~1\qttask.exe" -atboottime
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\System32\SCURIT~1\wuaclt.exe" -vt yazb
O4 - HKCU\..\Run: [Omht] C:\WINDOWS\??stem32\?poolsv.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - .DEFAULT User Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe

--
End of file - 8055 bytes
 
OK, lets do it this way.


Remove this entry with HJT.
O2 - BHO: (no name) - {95CB3857-A0E7-F21B-EE5B-FD8A45862C97} - C:\WINDOWS\System32\cnsi.dll (file missing)



Please download OTMoveIt by OldTimer.

  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\syssylo.exe
    C:\WINDOWS\mshostsr.exe
    C:\WINDOWS\orqeenq.exe
    C:\WINDOWS\system\svchost.dll
    C:\WINDOWS\system32\xdcmtxhf.ini
    C:\WINDOWS\system32\lrfojqbb.ini
    C:\WINDOWS\system32\cjynxpts.ini
    C:\WINDOWS\system32\mkwhomsv.ini
    C:\WINDOWS\system32\ulbmfrpa.ini
    C:\WINDOWS\system32\exmkqfsi.ini
    C:\WINDOWS\system32\eqvioqie.ini
    C:\WINDOWS\system32\vpgxequf.ini
    C:\WINDOWS\system32\yidiauvd.ini
    C:\WINDOWS\system32\awooswon.dll
    C:\WINDOWS\system32\lsbajwxf.dll
    C:\WINDOWS\system32\tcpsvcs.dll
    C:\WINDOWS\system32\sys32time.dll
    C:\WINDOWS\System32\cnsi.dll
    Click to expand...
  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Post the OtMoveIt log and a new HJT log please
 
thanks for ur respond. I did follow ur instruction but all i got from Otmoveit is :
File/Folder C:\syssylo.exe not found.
File/Folder C:\WINDOWS\mshostsr.exe not found.
File/Folder C:\WINDOWS\orqeenq.exe not found.
File/Folder C:\WINDOWS\system\svchost.dll not found.
File/Folder C:\WINDOWS\system32\xdcmtxhf.ini not found.
File/Folder C:\WINDOWS\system32\lrfojqbb.ini not found.
File/Folder C:\WINDOWS\system32\cjynxpts.ini not found.
File/Folder C:\WINDOWS\system32\mkwhomsv.ini not found.
File/Folder C:\WINDOWS\system32\ulbmfrpa.ini not found.
File/Folder C:\WINDOWS\system32\exmkqfsi.ini not found.
File/Folder C:\WINDOWS\system32\eqvioqie.ini not found.
File/Folder C:\WINDOWS\system32\vpgxequf.ini not found.
File/Folder C:\WINDOWS\system32\yidiauvd.ini not found.
File/Folder C:\WINDOWS\system32\awooswon.dll not found.
File/Folder C:\WINDOWS\system32\lsbajwxf.dll not found.
File/Folder C:\WINDOWS\system32\tcpsvcs.dll not found.
File/Folder C:\WINDOWS\system32\sys32time.dll not found.
File/Folder C:\WINDOWS\System32\cnsi.dll not found.

Created on 12/09/2007 22:30:56
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:10 PM, on 12/9/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Java\J2RE14~1.2_0\bin\jusched.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\PROGRA~1\Yahoo!\SEARCH~1\SEARCH~1.EXE
C:\PROGRA~1\SUPERA~1\SUPERA~1.EXE
C:\PROGRA~1\COMPAQ~1\1940576\Program\BACKWE~1.EXE
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
C:\PROGRA~1\INTERM~1\SPAMSU~1\SpamSub.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {95CB3857-A0E7-F21B-EE5B-FD8A45862C97} - C:\WINDOWS\System32\cnsi.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn7\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer]
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2]
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRA~1\QUICKT~1\qttask.exe" -atboottime
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\System32\SCURIT~1\wuaclt.exe" -vt yazb
O4 - HKCU\..\Run: [Omht] C:\WINDOWS\??stem32\?poolsv.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - .DEFAULT User Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe

--
End of file - 7976 bytes
 
im sorry, after checking in Motmoveit folder i found there's another logs n here it is :
File/Folder C:\syssylo.exe not found.
File/Folder C:\WINDOWS\mshostsr.exe not found.
File/Folder C:\WINDOWS\orqeenq.exe not found.
File/Folder C:\WINDOWS\system\svchost.dll not found.
File/Folder C:\WINDOWS\system32\xdcmtxhf.ini not found.
File/Folder C:\WINDOWS\system32\lrfojqbb.ini not found.
File/Folder C:\WINDOWS\system32\cjynxpts.ini not found.
File/Folder C:\WINDOWS\system32\mkwhomsv.ini not found.
File/Folder C:\WINDOWS\system32\ulbmfrpa.ini not found.
File/Folder C:\WINDOWS\system32\exmkqfsi.ini not found.
File/Folder C:\WINDOWS\system32\eqvioqie.ini not found.
File/Folder C:\WINDOWS\system32\vpgxequf.ini not found.
File/Folder C:\WINDOWS\system32\yidiauvd.ini not found.
LoadLibrary failed for C:\WINDOWS\system32\awooswon.dll
C:\WINDOWS\system32\awooswon.dll NOT unregistered.
C:\WINDOWS\system32\awooswon.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\lsbajwxf.dll
C:\WINDOWS\system32\lsbajwxf.dll NOT unregistered.
C:\WINDOWS\system32\lsbajwxf.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\tcpsvcs.dll
C:\WINDOWS\system32\tcpsvcs.dll NOT unregistered.
C:\WINDOWS\system32\tcpsvcs.dll moved successfully.
C:\WINDOWS\system32\sys32time.dll unregistered successfully.
C:\WINDOWS\system32\sys32time.dll moved successfully.
File/Folder C:\WINDOWS\System32\cnsi.dll not found.

Created on 12/09/2007 22:25:07
 
Remove these with HJT and post a new HJT log please

O2 - BHO: (no name) - {95CB3857-A0E7-F21B-EE5B-FD8A45862C97} - C:\WINDOWS\System32\cnsi.dll (file missing)
O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\System32\SCURIT~1\wuaclt.exe" -vt yazb
O4 - HKCU\..\Run: [Omht] C:\WINDOWS\??stem32\?poolsv.exe
O4 - .DEFAULT User Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (User 'Default user')

C:\Program Files\MyWebSearch <--Delete this folder



Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Need to see the SDfix log and a new HJT log
 
Last edited:
Thanks for ur respond. Here is the SDfix log:

SDFix: Version 1.117

Run by Owner on Mon 12/10/2007 at 10:14 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\BF.TMP - Deleted
C:\C1.TMP - Deleted
C:\PROGRA~1\WINDOW~2\PROJYD~1.HTM - Deleted
C:\PROGRA~1\WINDOW~2\LAZUP - Deleted
C:\WINDOWS\directx.sys - Deleted
C:\WINDOWS\svchost.com - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 10:26:08
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\Explorer.EXE:*:Enabled:@xpsp2res.dll,-22008"
"C:\\WINDOWS\\System32\\svchost.exe"="C:\\WINDOWS\\System32\\svchost.exe:*:Enabled:@xpsp2res.dll,-22008"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 2 Sep 2007 196 A.SHR --- "C:\BOOT.BAK"
Tue 3 Jan 2006 14 A..H. --- "C:\klttd323.dll"
Mon 14 May 2007 175,694 A..H. --- "C:\WINDOWS\system\dnscom.dll"
Fri 17 Nov 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 2 Jan 2006 300,760 A.SH. --- "C:\_OTMoveIt\MovedFiles\WINDOWS\mshostsr.exe"
Tue 12 Dec 1989 404,208 A.SHR --- "C:\_OTMoveIt\MovedFiles\WINDOWS\orqeenq.exe"
Sat 1 Sep 2007 5,377,024 A..H. --- "C:\hp\patches\42WW1REC\src\App00153.exe"
Sat 1 Sep 2007 535,040 A..H. --- "C:\hp\patches\42WW1REC\src\App00292.exe"
Sun 2 Sep 2007 610,304 A..H. --- "C:\hp\patches\42WW1REC\src\App00491.exe"
Sat 1 Sep 2007 1,921,536 A..H. --- "C:\hp\patches\42WW1REC\src\App02995.exe"
Sun 2 Sep 2007 658,432 A..H. --- "C:\hp\patches\42WW1REC\src\App04827.exe"
Sat 1 Sep 2007 1,484,800 A..H. --- "C:\hp\patches\42WW1REC\src\App05447.exe"
Sun 2 Sep 2007 606,208 A..H. --- "C:\hp\patches\42WW1REC\src\App05705.exe"
Sat 1 Sep 2007 545,792 A..H. --- "C:\hp\patches\42WW1REC\src\App09961.exe"
Sat 7 Feb 2004 15,596,032 A..H. --- "C:\hp\patches\42WW1REC\src\App14604.exe"
Sun 2 Sep 2007 5,422,592 A..H. --- "C:\hp\patches\42WW1REC\src\App16827.exe"
Sat 1 Sep 2007 3,751,936 A..H. --- "C:\hp\patches\42WW1REC\src\App17421.exe"
Sat 1 Sep 2007 779,776 A..H. --- "C:\hp\patches\42WW1REC\src\App18716.exe"
Sat 1 Sep 2007 506,880 A..H. --- "C:\hp\patches\42WW1REC\src\App19169.exe"
Sat 1 Sep 2007 1,240,576 A..H. --- "C:\hp\patches\42WW1REC\src\App19718.exe"
Sun 2 Sep 2007 1,119,744 A..H. --- "C:\hp\patches\42WW1REC\src\App19895.exe"
Sat 1 Sep 2007 536,576 A..H. --- "C:\hp\patches\42WW1REC\src\App23281.exe"
Sun 2 Sep 2007 619,520 A..H. --- "C:\hp\patches\42WW1REC\src\App24464.exe"
Sun 2 Sep 2007 2,417,664 A..H. --- "C:\hp\patches\42WW1REC\src\App26962.exe"
Sat 1 Sep 2007 564,736 A..H. --- "C:\hp\patches\42WW1REC\src\App29358.exe"
Sat 7 Feb 2004 12,426,752 A..H. --- "C:\hp\patches\42WW1REC\src\App32391.exe"
Sat 7 Feb 2004 12,426,752 A..H. --- "C:\hp\patches\42WW1REC\src\App99990.exe"
Sat 7 Feb 2004 15,596,032 A..H. --- "C:\hp\patches\42WW1REC\src\App99992.exe"
Sun 2 Sep 2007 5,422,592 A..H. --- "C:\hp\patches\42WW1REC\src\App99993.exe"
Sat 1 Sep 2007 5,339,648 A..H. --- "C:\hp\patches\42WW1REC\src\xApp14604.exe"
Wed 22 Feb 2006 19,456 A.SHR --- "C:\_OTMoveIt\MovedFiles\WINDOWS\system\svchost.dll"
Mon 30 Jan 2006 444 A..HR --- "C:\Documents and Settings\Administrator\Application Data\SecuROM\UserData\securom_v7_01.bak"
Mon 30 Jan 2006 444 A..HR --- "C:\Documents and Settings\Default User\Application Data\SecuROM\UserData\securom_v7_01.bak"
Mon 30 Jan 2006 444 ...HR --- "C:\Documents and Settings\Owner\Application Data\SecuROM\UserData\securom_v7_01.bak"
Mon 30 Jan 2006 444 A..HR --- "C:\WINDOWS\system32\config\systemprofile\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!
 
and here is the new HJT log after i tried to delete those files that u list:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:38 AM, on 12/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\Yahoo!\SEARCH~1\SEARCH~1.EXE
C:\PROGRA~1\SUPERA~1\SUPERA~1.EXE
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
C:\PROGRA~1\COMPAQ~1\1940576\Program\BACKWE~1.EXE
C:\PROGRA~1\INTERM~1\SPAMSU~1\SpamSub.exe
C:\PROGRA~1\SBCSEL~1\bin\mpbtn.exe
C:\PROGRA~1\AVANTB~1\avant.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn7\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer]
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2]
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRA~1\QUICKT~1\qttask.exe" -atboottime
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - .DEFAULT User Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe

--
End of file - 7865 bytes
 
This is all we have left to fix, the rest of your log looks fine:bigthumb:


Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad

Folder::
C:\Program Files\MyWebSearch
Click to expand...

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.


Then remove this with HJT
O4 - .DEFAULT User Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (User 'Default user')

Post the new Combofix log and hopefully one last HJT log
 
thanks for ur respond. here is the combofix log:
ComboFix 07-12-09.1 - Owner 2007-12-08 22:30:09.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.242 [GMT -8:00]
Running from: C:\DOCUME~1\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\svchost.com

.
((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))
.

2007-12-06 11:47 . 2007-12-07 13:09 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-06 11:47 . 2007-12-06 11:47 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-12-06 11:47 . 2007-12-06 11:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-06 11:45 . 2007-12-06 11:45 <DIR> d-------- C:\Program Files\CCleaner
2007-12-05 17:39 . 2007-12-06 10:53 807,528 ---hs---- C:\WINDOWS\system32\xdcmtxhf.ini
2007-12-05 03:45 . 2004-01-26 05:10 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-12-05 03:45 . 2005-08-01 15:59 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2007-12-05 03:45 . 2005-08-01 15:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo! Messenger
2007-12-05 03:45 . 2005-09-12 22:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2007-12-05 03:45 . 2005-12-04 02:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ventrilo
2007-12-05 03:45 . 2004-01-27 02:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-05 03:45 . 2004-01-26 04:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-12-05 03:45 . 2006-01-30 16:11 <DIR> dr-h----- C:\Documents and Settings\Administrator\Application Data\SecuROM
2007-12-05 03:45 . 2004-01-26 05:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-12-05 03:45 . 2005-12-05 15:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Motive
2007-12-05 03:45 . 2005-08-16 23:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Kazaa Lite
2007-12-05 03:45 . 2004-01-27 02:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2007-12-05 03:45 . 2005-08-20 20:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\FotoWire
2007-12-05 03:45 . 2005-10-22 11:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Aim
2007-12-05 03:45 . 2005-09-15 09:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-12-05 03:45 . 2005-10-31 18:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\.bt2
2007-12-05 03:45 . 2005-10-09 02:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\.BitTornado
2007-12-04 23:46 . 2007-12-05 12:43 2,076,049 ---hs---- C:\WINDOWS\system32\lrfojqbb.ini
2007-12-04 23:21 . 2007-12-04 23:21 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-04 23:21 . 2007-12-04 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-04 23:02 . 2007-12-04 23:02 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-04 22:46 . 2007-12-04 23:44 1,471,158 ---hs---- C:\WINDOWS\system32\cjynxpts.ini
2007-12-04 22:42 . 2004-05-27 18:53 237,568 -ra------ C:\WINDOWS\system32\SiSWPars.dll
2007-12-04 22:42 . 2004-05-27 18:53 155,648 -ra------ C:\WINDOWS\system32\SiSWInst.dll
2007-12-04 22:42 . 2004-05-27 19:49 154,112 -ra------ C:\WINDOWS\system32\drivers\sis162u.sys
2007-12-04 22:42 . 2004-05-27 18:53 49,152 -ra------ C:\WINDOWS\system32\SiSWBase.dll
2007-12-04 15:10 . 2007-12-04 22:38 848,777 ---hs---- C:\WINDOWS\system32\mkwhomsv.ini
2007-12-03 15:32 . 2007-12-04 15:05 794,770 ---hs---- C:\WINDOWS\system32\ulbmfrpa.ini
2007-12-02 21:35 . 2007-12-03 15:30 794,325 ---hs---- C:\WINDOWS\system32\exmkqfsi.ini
2007-12-01 23:58 . 2007-12-01 23:59 <DIR> d-------- C:\Program Files\7-Zip
2007-12-01 23:08 . 2007-12-01 23:08 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-01 23:08 . 2007-12-01 23:08 268 --ah----- C:\sqmdata03.sqm
2007-12-01 23:08 . 2007-12-01 23:08 244 --ah----- C:\sqmnoopt03.sqm
2007-12-01 21:27 . 2007-12-02 21:30 794,205 ---hs---- C:\WINDOWS\system32\eqvioqie.ini
2007-11-30 14:16 . 2007-11-30 14:16 2,238 --a------ C:\WINDOWS\system32\GClogo_32x32.ico
2007-11-30 11:10 . 2007-12-01 21:22 794,085 ---hs---- C:\WINDOWS\system32\vpgxequf.ini
2007-11-29 21:42 . 2007-11-30 11:02 789,960 ---hs---- C:\WINDOWS\system32\yidiauvd.ini
2007-11-26 16:05 . 2007-11-30 13:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Avant Profiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-07 22:14 --------- d-----w C:\Program Files\Winamp
2007-12-07 22:14 --------- d-----w C:\Program Files\Common Files\rqzi
2007-12-07 22:14 --------- d-----w C:\Program Files\AIM
2007-12-06 22:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-06 19:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-02 07:07 --------- d-----w C:\Program Files\MSN Messenger
2007-11-30 23:12 --------- d-----w C:\Program Files\Starcraft
2007-10-19 08:46 --------- d-----w C:\Program Files\Avant Browser
2007-10-19 03:43 --------- d-----w C:\Program Files\Norton AntiVirus
2007-10-19 01:51 --------- d-----w C:\Documents and Settings\Owner\Application Data\Avant Browser
2007-10-13 23:09 75,840 ----a-w C:\WINDOWS\system32\awooswon.dll
2007-10-13 10:57 75,840 ----a-w C:\WINDOWS\system32\lsbajwxf.dll
2007-09-23 07:25 7,806 ----a-w C:\syssylo.exe
2007-09-19 06:14 4,096 ----a-w C:\WINDOWS\system32\tcpsvcs.dll
2007-09-18 06:14 133,632 --s-a-r C:\WINDOWS\system32\sys32time.dll
2007-09-02 10:50 304,453 ----a-w C:\Documents and Settings\Owner\mcc.exe
2007-09-02 06:01 160,768 ----a-w C:\Documents and Settings\Owner\gotgo.exe
2006-01-02 08:03 300,760 --sh--w C:\WINDOWS\mshostsr.exe
1989-12-12 16:10 404,208 --sh--r C:\WINDOWS\orqeenq.exe
2006-02-23 07:31 19,456 --sh--r C:\WINDOWS\system\svchost.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-07_14.58.32.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-27 11:58:11 140,288 ----a-w C:\WINDOWS\catchme.exe
+ 2007-12-08 11:32:45 141,824 ----a-w C:\WINDOWS\catchme.exe
- 2007-12-07 22:45:48 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-09 06:25:57 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-07 22:45:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-09 06:25:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-12-07 22:45:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-09 06:25:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-07 22:53:12 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2007-12-09 06:11:53 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95CB3857-A0E7-F21B-EE5B-FD8A45862C97}]
C:\WINDOWS\System32\cnsi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-28 14:10]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" []
"Notn"="C:\WINDOWS\System32\SCURIT~1\wuaclt.exe" []
"Omht"="C:\WINDOWS\??stem32\?poolsv.exe" [2003-08-15 18:40]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-26 02:24]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-11-18 07:11]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 03:23]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 03:15]
"KBD"="C:\HP\KBD\KBD.EXE" [2007-12-08 22:01]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 08:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-01-26 04:29]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 16:50]
"VTTimer"=" " []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-15 00:59]
"LTMSG"="LTMSG.exe" [2003-07-14 17:52 C:\WINDOWS\ltmsg.exe]
"PS2"=" " []
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 20:35 C:\WINDOWS\ALCXMNTR.EXE]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-12 04:23]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-28 14:10]
"QuickTime Task"="C:\PROGRA~1\QUICKT~1\qttask.exe" [2007-09-24 23:37]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2004-01-27 02:26:18]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2004-01-27 02:26:18]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2004-01-26 05:20:47]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 12:19:24]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-01-19 00:44:15]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 04:49:48]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2006-07-11 13:16:00]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


.
Contents of the 'Scheduled Tasks' folder
"2007-10-19 00:33:48 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-08 22:33:14
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-08 22:34:05
C:\ComboFix2.txt ... 2007-12-08 22:18
C:\ComboFix3.txt ... 2007-12-07 22:31
.
--- E O F ---
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:28 PM, on 12/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\3582-490\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\PROGRA~1\Yahoo!\SEARCH~1\SEARCH~1.EXE
C:\PROGRA~1\SUPERA~1\SUPERA~1.EXE
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
C:\PROGRA~1\COMPAQ~1\1940576\Program\BACKWE~1.EXE
C:\PROGRA~1\INTERM~1\SPAMSU~1\SpamSub.exe
C:\PROGRA~1\SBCSEL~1\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\scanner.exe
C:\WINDOWS\svchost.com
C:\DOCUME~1\Owner\LOCALS~1\Temp\3582-490\KBD.EXE
C:\WINDOWS\svchost.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn7\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer]
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2]
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRA~1\QUICKT~1\qttask.exe" -atboottime
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - .DEFAULT User Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe

--
End of file - 8015 bytes
 
You must log in or register to reply here.
Back
Top