Ran Hijack and ComboFIx to remove Antivirus 2009

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

Ran Hijack and ComboFIx to remove Antivirus 2009, What else do I need to do?

Options

Alex Saucedo View Member Profile	Aug 25 2008, 08:48 PM Post #1
New Member Group: New Member Posts: 12 Joined: 25-August 08 Member No.: 81,204 Operating System: Windows XP	Hi, I had tha Antivirus 2009 virus and I ran HiJack and ComboFix and I was wondering what else I needed to do. I first went into My Computer> Folder Options> View Tab. I had cleared "Hide exensions for known file types" and "Hide protected operating system files" and I also clicked "Show hidden files and folders" before I ran the HiJack and ComboFIx. Do I need to check and uncheck these 3 files back to the way they were before I changed them? Please let me know. Here are my HiJack and ComboFix Log Files: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:07:21 PM, on 8/25/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Winamp Remote\bin\OrbTray.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Winamp Remote\bin\Orb.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll (file missing) O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?ef121514b8394fa799a9cb9e540441e0 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?ef121514b8394fa799a9cb9e540441e0 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing) O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing) O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing) O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing) O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing) O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe (file missing) O23 - Service: Print Spooler Service (vus8yue1aakcao) - Unknown owner - C:\WINDOWS\system32\wxjwqbdjr.exe (file missing) O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 11770 bytes ComboFix Log File: ComboFix 08-08-24.03 - Sonia 2008-08-25 20:40:57.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.199 [GMT -5:00] Running from: C:\Documents and Settings\Sonia\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Sonia\Application Data\macromedia\Flash Player\#SharedObjects\8VR3NUXE\interclick.com C:\Documents and Settings\Sonia\Application Data\macromedia\Flash Player\#SharedObjects\8VR3NUXE\interclick.com\ud.sol C:\Documents and Settings\Sonia\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Sonia\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\WINDOWS\system32\bszip.dll C:\WINDOWS\system32\winsrc.dll.tmp . ((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 ))))))))))))))))))))))))))))))) . 2008-08-23 11:04 . 2008-08-23 11:04 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-23 10:53 . 2004-12-09 05:06 341,064 --a------ C:\WINDOWS\system32\mcinsctl.dll 2008-08-23 10:53 . 2004-07-22 10:57 279,624 --a------ C:\WINDOWS\system32\mcgdmgr.dll 2008-08-23 10:10 . 2008-08-23 10:10 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-23 10:10 . 2008-08-23 10:10 <DIR> d-------- C:\Documents and Settings\Sonia\Application Data\Malwarebytes 2008-08-23 10:10 . 2008-08-23 10:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-23 10:10 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-23 10:10 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-23 10:09 . 2008-08-23 10:09 <DIR> d-------- C:\Program Files\Common Files\Download Manager 2008-08-19 20:06 . 2008-08-19 20:06 <DIR> d-------- C:\Documents and Settings\Sonia\Application Data\U3 2008-08-18 22:16 . 2008-08-19 20:04 2,850 --a------ C:\WINDOWS\system32\Config.MPF 2008-08-18 22:05 . 2008-08-18 22:05 <DIR> d-------- C:\Program Files\SiteAdvisor 2008-08-18 22:05 . 2008-08-18 22:05 <DIR> d-------- C:\Program Files\McAfee.com 2008-08-18 22:05 . 2008-08-18 22:05 <DIR> d-------- C:\Program Files\McAfee 2008-08-18 22:05 . 2008-08-18 22:13 <DIR> d-------- C:\Documents and Settings\Sonia\Application Data\SiteAdvisor(2) 2008-08-18 22:04 . 2008-08-18 22:04 <DIR> d-------- C:\Program Files\Common Files\McAfee 2008-08-18 21:28 . 2008-08-18 21:28 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\Leadertech 2008-08-14 19:22 . 2008-05-01 09:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-07-31 19:41 . 2008-08-18 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-26 01:33 19,748 ----a-w C:\Documents and Settings\Sonia\Application Data\wklnhst.dat 2008-08-25 23:53 --------- d-----w C:\Program Files\Winamp Remote 2008-08-20 22:27 --------- d-----w C:\Documents and Settings\Alex\Application Data\Yahoo! 2008-08-19 03:09 --------- d-----w C:\Program Files\Google 2008-08-19 00:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2008-08-19 00:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2008-08-14 02:00 --------- d-----w C:\Program Files\AutoCAD Civil 3D 2008 2008-08-05 22:51 --------- d-----w C:\Documents and Settings\Sonia\Application Data\AdobeUM 2008-07-20 20:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks 2008-07-11 00:50 --------- d-----w C:\Documents and Settings\Sonia\Application Data\Apple Computer 2008-07-10 00:37 --------- d-----w C:\Documents and Settings\Sonia\Application Data\Autodesk 2008-07-10 00:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk 2008-07-10 00:14 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2008-07-10 00:14 --------- d-----w C:\Program Files\Common Files\Autodesk 2008-07-10 00:14 --------- d-----w C:\Program Files\Autodesk 2008-07-10 00:14 --------- d-----w C:\Program Files\AutoCAD 2008 2008-07-10 00:11 --------- d-----w C:\Program Files\DWG TrueView 2007 2008-07-10 00:10 --------- d-----w C:\Program Files\Microsoft WSE 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-06-26 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell 2008-06-26 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft 2008-06-26 15:22 --------- d-----w C:\Program Files\Dell Support Center 2008-06-26 15:21 --------- d-----w C:\Program Files\Common Files\supportsoft 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-23 16:12 667,136 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-23 16:12 667,136 ------w C:\WINDOWS\system32\dllcache\wininet.dll 2008-06-23 16:12 618,496 ------w C:\WINDOWS\system32\dllcache\urlmon.dll 2008-06-23 16:12 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll 2008-06-23 16:12 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll 2008-06-23 16:12 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll 2008-06-23 16:12 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll 2008-06-23 16:12 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll 2008-06-23 16:12 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll 2008-06-23 16:11 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll 2008-06-23 16:11 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll 2008-06-23 16:11 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2008-06-23 16:11 3,067,392 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-23 16:11 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll 2008-06-23 16:11 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll 2008-06-23 16:11 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll 2008-06-23 16:11 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll 2008-06-23 16:11 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll 2008-06-23 16:11 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll 2008-06-23 09:53 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2008-03-21 18:04 96,256 ----a-w C:\Documents and Settings\Sonia\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2007-12-02 09:13 394680 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-18 19:47 68856] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 15:02 495616] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [X] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 16:33 155648] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-15 15:02 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-15 15:02 126976] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496] "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15 290816] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 11:26 606208] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248] "MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 08:50 131072] "mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 08:50 53248] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-09-13 10:32 26112] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 17:54 37376] "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 16:45 279912] "VX3000"="C:\WINDOWS\vVX3000.exe" [2007-04-10 16:46 709992] C:\Documents and Settings\Sonia\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-09-17 09:19:14 147456] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-09-13 10:24:33 24576] Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 04:33:46 282624] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360] QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 11:59:36 806912] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 16:45] S2 vus8yue1aakcao;Print Spooler Service;C:\WINDOWS\system32\wxjwqbdjr.exe [] Newly Created Service - CATCHME Newly Created Service - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-08-26 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20] 2008-04-08 C:\WINDOWS\Tasks\EasyShare Registration Task.job - C:\WINDOWS\system32\rundll32.exe [2004-08-04 05:00] . - - - - ORPHANS REMOVED - - - - HKLM-Run-wxjwqbdjr - C:\WINDOWS\system32\wxjwqbdjr.exe HKLM-Run-SiteAdvisor - C:\Program Files\SiteAdvisor\6261\SiteAdv.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Search Page = hxxp://www.google.com R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie R0 -: HKLM-Main,Start Page = hxxp://www.dell4me.com/myway R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O8 -: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O8 -: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?ef121514b8394fa799a9cb9e540441e0 O8 -: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?ef121514b8394fa799a9cb9e540441e0 O9 -: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-25 20:44:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-08-25 20:46:11 ComboFix-quarantined-files.txt 2008-08-26 01:45:53 Pre-Run: 37,403,881,472 bytes free Post-Run: 37,432,455,168 bytes free 200 --- E O F --- 2008-08-20 03:00:34 Is there anything else I need to do?

LDTate View Member Profile	Sep 3 2008, 05:41 PM Post #2
Forum God Group: Root Admin Posts: 39,364 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Your post has been Moved, Closed or Edited for one of the following reasons: 1.) You posted multiple topics and only one is required 2.) You are spamming links to other places without approval 3.) You have posted your hijackthis log to the wrong forum: ( http://forums.whatthetech.com/HijackThis_L...emoval_f27.html ) <--- correct forum for HijackThis Logs 4.) Abusive language or other problems in your text 5.) Your log is too old (20 days or more) and no replies from you after a volunteer tried to help you If you came here for help, and you have not posted a Hijackthis log to the proper forum, then you may do so now, if you came here to spam or abuse, you will be dealt with harsher on your next offense This is a family oriented forum to help those that need help. ==============================

« Next Oldest · HijackThis™ Logs and Infections Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
HijackThis™ Logs and Infections Removal hijack log analysis please 12	27	sooty4	279	15 minutes ago Last post by: little eagle
HijackThis™ Logs and Infections Removal A Trojan ( TROJAN-PWS.WOW ), A vulnerability and a Website hijack!	0	singseeker	8	Today, 12:14 PM Last post by: singseeker
HijackThis™ Logs and Infections Removal Hijack.Taskmanager and else	12	J1nX	98	Today, 10:12 AM Last post by: LDTate
HijackThis™ Logs and Infections Removal [Closed] Please help me to remove Rapid Antivirus	8	fragolla	317	Today, 08:59 AM Last post by: BHowett