* I caught the AntiVirus on my other computer * HiJack Log included and IceSword

View previous topic View next topic Go down

* I caught the AntiVirus on my other computer * HiJack Log included and IceSword

Post by brysonprice on 23rd June 2009, 10:19 pm

I caught Antivirus on my other computer and I need some help removing it. I am able to open programs on this one so hopefully it will stay that way.

What steps do I need to take to remove this ? I saw some previous posts telling others to download HiJack and post the log (below) and also ICESWORD. I opened ICESWORD and deleted the 2 random numbers.

- I also tried downloading MalwareBytes, but it wouldn't install. Do I have to change the name for it to work ?

thanks!

*********HERE IS MY HIJACK THIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:35 PM, on 6/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\HP_Owner\HP_Owner.exe
C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FireBox.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,uqcydfm.exe
O2 - BHO: (no name) - {5486811F-BE86-4076-96DF-21770E534DAD} - C:\WINDOWS\system32\tuvSmmlk.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {D5BF49A2-94F1-42BD-F434-3604812C807D} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKLM\..\Run: [xsgds4fgffght] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\winloggn.exe
O4 - HKLM\..\Run: [50f939b4] rundll32.exe "C:\WINDOWS\system32\lavcqstq.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [xsgds4fgffght] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\winloggn.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [HP_Owner] C:\Documents and Settings\HP_Owner\HP_Owner.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Jnskdfmf9eldfd] C:\WINDOWS\TEMP\csrssc.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: FireBox Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FireBox.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - [You must be registered and logged in to see this link.]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - [You must be registered and logged in to see this link.]
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{9EC11316-C2C5-4893-908B-415D3BF0CF83}: NameServer = 192.168.1.1,66.90.138.145,66.90.133.117
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: psxpxh.dll vgtssa.dll orggab.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ljJayyVN - ljJayyVN.dll (file missing)
O20 - Winlogon Notify: OemStartMenuData - C:\WINDOWS\system32\o248lchu1f48.dll (file missing)
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\l24q0ch5ef4.dll (file missing)
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\cymres.dll (file missing)
O22 - SharedTaskScheduler: KJhaiufhw3nrih7wefywjfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\pohocyb.html
O24 - Desktop Component 1: (no name) - C:\Program Files\WindowsUpdate\mefezoxes.html
O24 - Desktop Component 2: (no name) - [You must be registered and logged in to see this link.]
O24 - Desktop Component 3: (no name) - [You must be registered and logged in to see this link.]
O24 - Desktop Component 4: (no name) - [You must be registered and logged in to see this link.]

--
End of file - 12352 bytes

brysonprice
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-06-20
OS OS : Vista 32 bit
Points Points : 27663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: * I caught the AntiVirus on my other computer * HiJack Log included and IceSword

Post by Belahzur on 24th June 2009, 2:29 pm

Hello.

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,uqcydfm.exe
    O2 - BHO: (no name) - {5486811F-BE86-4076-96DF-21770E534DAD} - C:\WINDOWS\system32\tuvSmmlk.dll (file missing)
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
    O2 - BHO: (no name) - {D5BF49A2-94F1-42BD-F434-3604812C807D} - (no file)
    O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
    O4 - HKLM\..\Run: [xsgds4fgffght] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\winloggn.exe
    O4 - HKLM\..\Run: [50f939b4] rundll32.exe "C:\WINDOWS\system32\lavcqstq.dll",b
    O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
    O4 - HKCU\..\Run: [xsgds4fgffght] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\winloggn.exe
    O4 - HKCU\..\Run: [HP_Owner] C:\Documents and Settings\HP_Owner\HP_Owner.exe
    O4 - HKUS\S-1-5-18\..\Run: [Jnskdfmf9eldfd] C:\WINDOWS\TEMP\csrssc.exe (User 'SYSTEM')
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O20 - AppInit_DLLs: psxpxh.dll vgtssa.dll orggab.dll
    O20 - Winlogon Notify: ljJayyVN - ljJayyVN.dll (file missing)
    O20 - Winlogon Notify: OemStartMenuData - C:\WINDOWS\system32\o248lchu1f48.dll (file missing)
    O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\l24q0ch5ef4.dll (file missing)
    O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\cymres.dll (file missing)
    O22 - SharedTaskScheduler: KJhaiufhw3nrih7wefywjfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - (no file)
    O24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\pohocyb.html
    O24 - Desktop Component 1: (no name) - C:\Program Files\WindowsUpdate\mefezoxes.html


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: * I caught the AntiVirus on my other computer * HiJack Log included and IceSword

Post by brysonprice on 24th June 2009, 6:55 pm

[You must be registered and logged in to see this link.] wrote:Hello.

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,uqcydfm.exe
    O2 - BHO: (no name) - {5486811F-BE86-4076-96DF-21770E534DAD} - C:\WINDOWS\system32\tuvSmmlk.dll (file missing)
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
    O2 - BHO: (no name) - {D5BF49A2-94F1-42BD-F434-3604812C807D} - (no file)
    O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
    O4 - HKLM\..\Run: [xsgds4fgffght] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\winloggn.exe
    O4 - HKLM\..\Run: [50f939b4] rundll32.exe "C:\WINDOWS\system32\lavcqstq.dll",b
    O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
    O4 - HKCU\..\Run: [xsgds4fgffght] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\winloggn.exe
    O4 - HKCU\..\Run: [HP_Owner] C:\Documents and Settings\HP_Owner\HP_Owner.exe
    O4 - HKUS\S-1-5-18\..\Run: [Jnskdfmf9eldfd] C:\WINDOWS\TEMP\csrssc.exe (User 'SYSTEM')
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O20 - AppInit_DLLs: psxpxh.dll vgtssa.dll orggab.dll
    O20 - Winlogon Notify: ljJayyVN - ljJayyVN.dll (file missing)
    O20 - Winlogon Notify: OemStartMenuData - C:\WINDOWS\system32\o248lchu1f48.dll (file missing)
    O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\l24q0ch5ef4.dll (file missing)
    O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\cymres.dll (file missing)
    O22 - SharedTaskScheduler: KJhaiufhw3nrih7wefywjfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - (no file)
    O24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\pohocyb.html
    O24 - Desktop Component 1: (no name) - C:\Program Files\WindowsUpdate\mefezoxes.html


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

do I have to change the name of Malwarebytes for it to run? Because it won't run right now.

brysonprice
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-06-20
OS OS : Vista 32 bit
Points Points : 27663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: * I caught the AntiVirus on my other computer * HiJack Log included and IceSword

Post by brysonprice on 25th June 2009, 12:20 am

After clicking "Fix Checked" I got like 7 messages saying that "Registry editing has been disabled by administrator".
What does this mean ?

I ran another scan and all were deleted, but 1 of the things your told me to delete...Then after I pressed "fix checked" it deleted it. Is this normal?

brysonprice
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-06-20
OS OS : Vista 32 bit
Points Points : 27663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: * I caught the AntiVirus on my other computer * HiJack Log included and IceSword

Post by brysonprice on 25th June 2009, 1:41 am

I also did the COMBO Fix...not sure if I was supposed to, but it can't hurt.

Here is the log for the Combo Fix:

ComboFix 09-06-23.01 - HP_Owner 06/24/2009 19:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1527.1091 [GMT -5:00]
Running from: c:\documents and settings\HP_Owner\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\LocalService\Application Data\NetMon
c:\program files\deskbar
c:\program files\Download Plugin
c:\windows\IA
c:\windows\system32\drivers\SKYNETjaoyfgeb.sys
c:\windows\system32\drivers\TDSSqyve.sys
c:\windows\system32\drivers\UACsvpksmesehhrcffkp.sys
c:\windows\system32\TDSShshc.dll
c:\windows\system32\TDSSjdkw.dll
c:\windows\system32\TDSSlhdv.log
c:\windows\system32\TDSSnesi.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSofbm.log
c:\windows\system32\TDSSprhp.dll
c:\windows\system32\TDSSqxjb.dll
c:\windows\system32\TDSSsmyi.dat
c:\windows\system32\TDSSyyen.dll
c:\windows\system32\UACfrdvxarowheuwbuxy.dll
c:\windows\system32\UAChcltedyowbijuvwol.log
c:\windows\system32\UACobieuclglsgesvyjg.db
c:\windows\system32\UACotvldslmmtefwufra.log
c:\windows\system32\UACoxhtanphtrcmkmbfs.dll
c:\windows\system32\UACoyjjmtypawudasxdl.dat
c:\windows\system32\UACqqmdcabqoshtlaisq.dll
c:\windows\system32\UACtuhkneruwdrlkfiku.dll
c:\windows\system32\UACuqpysdntjidnlppuf.dll
c:\windows\system32\UACvntqedsevogvlooeg.log
c:\windows\system32\UACwntitjsobxdjhtfrf.dll
c:\documents and settings\HP_Owner\HP_Owner.exe
c:\documents and settings\LocalService\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService\Application Data\NetMon\log.txt
c:\program files\deskbar\inst.bat
c:\program files\download plugin\DlPlugin-MSIE_1.5.0.0\axdlplug.inf
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\SKYNETjaoyfgeb.sys
c:\windows\system32\drivers\TDSSqyve.sys
c:\windows\system32\drivers\UACsvpksmesehhrcffkp.sys
c:\windows\system32\ewxcksr.exe
c:\windows\system32\install.exe
c:\windows\system32\klmmSvut.ini
c:\windows\system32\klmmSvut.ini2
c:\windows\system32\SKYNETgjfpyiqr.dat
c:\windows\system32\SKYNETpumljclc.dll
c:\windows\system32\SKYNETqyhtqnct.dat
c:\windows\system32\SKYNETxecdjsyw.dll
c:\windows\system32\TDSShshc.dll
c:\windows\system32\TDSSjdkw.dll
c:\windows\system32\TDSSlhdv.log
c:\windows\system32\TDSSnesi.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSofbm.log
c:\windows\system32\TDSSprhp.dll
c:\windows\system32\TDSSqxjb.dll
c:\windows\system32\TDSSsmyi.dat
c:\windows\system32\TDSSyyen.dll
c:\windows\system32\UACfrdvxarowheuwbuxy.dll
c:\windows\system32\UAChcltedyowbijuvwol.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACobieuclglsgesvyjg.db
c:\windows\system32\UACotvldslmmtefwufra.log
c:\windows\system32\UACoxhtanphtrcmkmbfs.dll
c:\windows\system32\UACoyjjmtypawudasxdl.dat
c:\windows\system32\UACqqmdcabqoshtlaisq.dll
c:\windows\system32\uactmp.db
c:\windows\system32\UACtuhkneruwdrlkfiku.dll
c:\windows\system32\UACuqpysdntjidnlppuf.dll
c:\windows\system32\UACvntqedsevogvlooeg.log
c:\windows\system32\UACwntitjsobxdjhtfrf.dll
c:\windows\Tasks\vsmtlmnj.job
D:\Autorun.inf
D:\Desktop.ini

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Service_UACd.sys
-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Legacy_WINDOWS_OVERLAY_COMPONENTS
-------\Service_SKYNETojjuieck


((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-23 21:54 . 2009-06-23 21:54 -------- dc----w- c:\program files\SUPERAntiSpyware
2009-06-23 21:54 . 2009-06-23 21:54 -------- dc----w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2009-06-23 21:33 . 2009-06-23 21:45 -------- dc----w- c:\program files\Enigma Software Group
2009-06-23 21:07 . 2009-06-23 21:44 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-23 20:56 . 2009-06-23 20:56 16409960 -c--a-w- C:\spybotsd162.exe
2009-06-23 20:17 . 2009-06-23 20:49 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-23 20:11 . 2009-06-23 20:11 401 -c--a-w- c:\documents and settings\HP_Owner\TXVLSD.bat
2009-06-23 20:11 . 2009-06-23 20:11 60416 -c--a-w- c:\documents and settings\HP_Owner\UTGQDG.exe
2009-05-31 22:12 . 2009-05-31 22:34 -------- dc----w- C:\Adobe Premiere Pro CS4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 00:20 . 2008-09-18 02:18 -------- dc----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-23 22:46 . 2006-08-24 22:58 -------- dc----w- c:\program files\Trend Micro
2009-06-23 21:54 . 2007-04-25 20:33 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-23 20:16 . 2006-10-04 05:18 -------- dc----w- c:\documents and settings\HP_Owner\Application Data\U3
2009-06-23 20:12 . 2009-06-23 20:12 1 -c--a-w- c:\documents and settings\HP_Owner\507.tmp
2009-06-23 20:12 . 2009-06-23 20:12 108 -c--a-w- c:\documents and settings\HP_Owner\505.tmp
2009-05-31 22:54 . 2005-10-07 21:18 -------- dc----w- c:\program files\Common Files\Adobe
2009-05-26 05:31 . 2005-10-07 21:32 3645 -c--a-w- c:\windows\viassary-hp.reg
2009-05-15 13:59 . 2009-05-15 13:59 -------- dc----w- c:\documents and settings\HP_Owner\Application Data\Sound Quest
2007-11-25 22:52 . 2007-11-25 22:45 2293848 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
2007-11-25 22:52 . 2007-11-25 22:43 3928264 -c--a-w- c:\program files\FLV PlayerRCATSetup.exe
2007-11-25 22:51 . 2007-11-25 22:42 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
2007-04-25 20:33 . 2007-04-25 20:33 14618168 -c--a-w- c:\program files\snagit.exe
2007-04-11 22:18 . 2007-04-11 22:17 458092 -c--a-w- c:\program files\FileFactoryTurbo-0.9.2.exe
2007-03-09 08:12 . 2007-03-09 08:12 27648 -csha-w- c:\windows\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-08 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 385024]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-09-21 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
FireBox Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FIREBox\FireBox.exe [2009-4-26 1077248]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-2-16 6379080]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^lsqry.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\lsqry.exe
backup=c:\windows\pss\lsqry.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\limewire\\stuff\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/17/2008 8:58 PM 210216]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [9/15/2007 11:05 AM 33792]
S3 ps_1394;ps_1394;c:\windows\system32\drivers\ps_1394.sys [12/26/2005 11:54 AM 97152]
S3 ps_avs;ps_avs;c:\windows\system32\drivers\ps_avs.sys [12/26/2005 11:54 AM 24576]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
S3 USB22LDR;M-Audio USB MIDISPORT 2x2 Loader;c:\windows\system32\drivers\usb22ldr.sys [11/27/2008 6:06 PM 20936]
S3 USBMN2X2;M-Audio USB MidiSport 2x2;c:\windows\system32\drivers\usbmn2x2.sys --> c:\windows\system32\drivers\usbmn2x2.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder

2009-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:57]

2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-09-18 15:53]

2009-06-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-09-18 15:53]
.

brysonprice
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-06-20
OS OS : Vista 32 bit
Points Points : 27663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: * I caught the AntiVirus on my other computer * HiJack Log included and IceSword

Post by brysonprice on 25th June 2009, 1:41 am

- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
IE: Download with &FileFactory Turbo - c:\program files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
TCP: {9EC11316-C2C5-4893-908B-415D3BF0CF83} = 192.168.1.1,66.90.138.145,66.90.133.117
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-24 20:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,81,7e,4b,28,4d,
95,14,0f,c8,28,51,af,b0,29,a3,98,c2,73,4b,ca,3c,98,46,dd,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,1a,66,4f,22,92,
4c,3a,9a,71,3b,04,66,8b,46,0d,96,84,21,ff,a7,50,a4,33,ee,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,33,e6,6c,74,51,
55,05,72,25,da,ec,7e,55,20,c9,26,c1,51,06,be,da,a7,8d,11,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,41,84,26,c4,56,
f8,bb,fd,3e,1e,9e,e0,57,5a,93,61,9e,fe,00,f2,99,67,39,5d,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,f7,06,73,47,af,
f8,99,20,cd,44,cd,b9,a6,33,6c,cd,39,57,c9,f6,2f,ce,e6,cd,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,3c,4b,6b,08,87,
07,5e,06,b0,18,ed,a7,3f,8d,37,a4,a9,c1,3d,e2,16,41,ba,41,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,8b,ca,a8,00,f9,
3a,64,53,31,77,e1,ba,b1,f8,68,02,b7,9d,cb,2c,7a,35,3a,73,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,f0,62,55,3e,43,
c5,00,1d,83,6c,56,8b,a0,85,96,ab,2c,e1,6a,f9,b8,2f,21,f0,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,90,c2,44,59,22,
4e,1b,54,51,fa,6e,91,28,9e,14,cc,21,8a,ed,bf,a1,d2,21,e3,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,c9,94,2f,36,90,
ee,6a,9f,b1,cd,45,5a,a8,c4,f8,b9,91,39,8c,4f,82,42,c2,f2,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,19,84,3c,02,65,
04,f9,18,e3,0e,66,d5,eb,bc,2f,6b,a1,28,69,80,5d,5d,ae,60,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,72,9e,6e,4f,6b,
70,77,b0,fa,ea,66,7f,d4,3b,6b,70,1f,e0,0f,28,ce,64,dc,cf,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1088)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3592)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\TechSmith\SnagIt 8\TscHelp.exe
c:\program files\TechSmith\SnagIt 8\SnagPriv.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\windows\SoftwareDistribution\Download\dd1d31f82e16f1dce87e833fd358b78e\update\update.exe
.
**************************************************************************
.
Completion time: 2009-06-25 20:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-25 01:17

Pre-Run: 90,179,497,984 bytes free
Post-Run: 90,049,703,936 bytes free

336 --- E O F --- 2008-08-24 21:36

brysonprice
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-06-20
OS OS : Vista 32 bit
Points Points : 27663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: * I caught the AntiVirus on my other computer * HiJack Log included and IceSword

Post by Belahzur on 25th June 2009, 9:33 am

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: * I caught the AntiVirus on my other computer * HiJack Log included and IceSword

Post by brysonprice on 25th June 2009, 7:07 pm

I tried to copy paste that in there and pressed 'ok' but it said "windows cannot find ComboFix /u"

My machine is running good right now, but it was also running good before (i just didn't want the problem to escalate and not be able to open any programs like my other computer).

I really appreciate your help! Is there anything else I should do or look for ?

brysonprice
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-06-20
OS OS : Vista 32 bit
Points Points : 27663
# Likes # Likes : 0

View user profile

Back to top Go down

Re: * I caught the AntiVirus on my other computer * HiJack Log included and IceSword

Post by Belahzur on 25th June 2009, 11:53 pm

Nope, this looks fine now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: * I caught the AntiVirus on my other computer * HiJack Log included and IceSword

Post by brysonprice on 26th June 2009, 3:19 am

I really appreciate your help! Smile I will refer this website to anyone who has a virus

brysonprice
Intermediate
Intermediate

Posts Posts : 61
Joined Joined : 2009-06-20
OS OS : Vista 32 bit
Points Points : 27663
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum