Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91734 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Blue Screen -- Warning: Spyware threat has been detect


  • This topic is locked This topic is locked
38 replies to this topic

#16 brandon99337

brandon99337

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 29 April 2008 - 03:06 PM

Do you need anything else?

    Advertisements

Register to Remove


#17 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 29 April 2008 - 06:07 PM

Note: The folders that I am not cleaning out with the tool will be cleaned automatically when we perform our final cleanup procedures. After the tool has run, please tell me how your system is running.

A. First, we must ensure that your security programs are still disabled.


B. 1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\Documents and Settings\Mikaela Thepvongsa\My Documents\My Downloads\waterfalls2free.exe
C:\Documents and Settings\Singha Thepvongsa\My Documents\Downloads\OregonTrail-dm.exe
C:\Program Files\Windows Media Player\rteqepranek.html
C:\WINDOWS\system32\dktmvnnk.exe
C:\WINDOWS\system32\gllnmicj.exe
C:\WINDOWS\system32\gyfrbamj.exe
C:\WINDOWS\system32\mgpqcmvt.exe
C:\WINDOWS\system32\raruvwlh.exe
C:\WINDOWS\system32\reqiemqs.exe
C:\WINDOWS\system32\sodknaek.exe
C:\WINDOWS\system32\xbcvhmmx.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\vzbb.dll
C:\WINDOWS\system32\aycqlayw.exe

Folder::
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Now drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. Do not use your computer for any other purpose while ComboFix is running.

5. All your monitoring programs (Antivirus/Antispyware, Guards and Shields) will be stopped.

Posted Image

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

6. ComboFix will automatically REBOOT your machine when the KillAll:: switch is used..

7. Post the following logs/Reports:
  • ComboFix.txt
  • Fresh HijackThis log run after all the other tools have performed their cleanup.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#18 brandon99337

brandon99337

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 29 April 2008 - 09:02 PM

Alright everything seems to be running fine, exept whever I try to run combofix and a few other files I get an error that says cannot find file clb.dll. I was not getting this error before... Also after the combofix finished and the log came up my computer disappeared. No menubar and all i could see was my desktop background. I had to shut off the computer with the task manager.... But Here are the logs... Combofix First.

ComboFix 08-04-27.3 - Brandon Thepvongsa 2008-04-29 19:25:17.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.539 [GMT -7:00]
Running from: C:\Documents and Settings\Brandon Thepvongsa\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Brandon Thepvongsa\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Mikaela Thepvongsa\My Documents\My Downloads\waterfalls2free.exe
C:\Documents and Settings\Singha Thepvongsa\My Documents\Downloads\OregonTrail-dm.exe
C:\Program Files\Windows Media Player\rteqepranek.html
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\vzbb.dll
C:\WINDOWS\system32\aycqlayw.exe
C:\WINDOWS\system32\dktmvnnk.exe
C:\WINDOWS\system32\gllnmicj.exe
C:\WINDOWS\system32\gyfrbamj.exe
C:\WINDOWS\system32\mgpqcmvt.exe
C:\WINDOWS\system32\raruvwlh.exe
C:\WINDOWS\system32\reqiemqs.exe
C:\WINDOWS\system32\sodknaek.exe
C:\WINDOWS\system32\xbcvhmmx.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\assosfix.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\cliptext.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\download.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\dummy.sys
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Enable_Command_Prompt.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\ERDNT.E_E
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\ERDNTDOS.LOC
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\ERDNTWIN.LOC
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\ERUNT.EXE
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\ERUNT.LOC
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\fix.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\FixBH.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\FixComponents.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\FIXCU.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\FIXLM.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\FixPath.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\FixRedir.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\FixSchedule.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\FixWebCheck.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\fixXP.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\FixXPsp2.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\grep.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\HPFix.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\HPFix2.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\HPFix3.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\HPFix4.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\HPFix5.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\HPFix6.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\HPFix7.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\isadmin.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\leg2.txt
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\legacy.txt
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\legacybk.txt
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\locate.com
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\LS.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\MD5File.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\MyGcpvFix.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\MyGkFix2.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Process.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\procs.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\psservice.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Rem.txt
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Rem2.txt
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Replace\regedit.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Replace\W2K.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Replace\w2k\beep.sys
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Replace\w2k\null.sys
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Replace\XP.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Replace\xp\beep.sys
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Replace\xp\null.sys
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Reset_AppInit_DLLs.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\RestartIt!.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Restore_SecurityCenter.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\Restore_SharedAccess.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\sc.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\sed.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\SF.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\shutdown.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\srv2.txt
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\srv2bk.txt
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\svc.txt
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\svcbk.txt
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\swreg.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\swsc.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\unzip.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\vfind.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\WINMSG.EXE
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\winsec.reg
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\apps\zip.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\backupreg.zip
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\backups.zip
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\catchme.log
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\catchme.zip
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\HOSTS
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\catchme.exe
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\dummy.sys
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\Report.txt
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\RunThis.bat
C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\SDFIX_ReadMe_Online.url
C:\Documents and Settings\Mikaela Thepvongsa\My Documents\My Downloads\waterfalls2free.exe
C:\Program Files\Windows Media Player\rteqepranek.html
C:\WINDOWS\Downloaded Program Files\vzbb.dll
C:\WINDOWS\system32\dktmvnnk.exe
C:\WINDOWS\system32\mgpqcmvt.exe
C:\WINDOWS\system32\sodknaek.exe
C:\WINDOWS\system32\xbcvhmmx.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))
.

2008-04-28 21:29 . 2008-04-28 21:29 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-28 21:29 . 2008-04-28 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-28 21:07 . 2008-04-28 21:07 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-04-28 20:49 . 2008-04-28 20:49 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-28 20:49 . 2008-04-28 20:49 <DIR> d-------- C:\Documents and Settings\Brandon Thepvongsa\Application Data\Webroot
2008-04-28 20:49 . 2007-12-04 23:24 145,208 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-04-28 20:49 . 2007-12-04 23:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-04-28 20:49 . 2007-12-04 23:24 20,792 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-04-28 20:49 . 2007-12-04 23:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2008-04-28 20:43 . 2008-04-28 20:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-28 17:28 . 2008-04-28 17:29 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-28 17:18 . 2008-04-28 17:18 578 --a------ C:\WINDOWS\index.html
2008-04-28 12:02 . 2008-04-28 12:02 <DIR> d-------- C:\Documents and Settings\Brandon Thepvongsa\Application Data\SUPERAntiSpyware.com
2008-04-28 11:08 . 2008-04-28 11:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-28 11:01 . 2008-04-28 16:19 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-28 11:01 . 2008-04-28 11:01 <DIR> d-------- C:\Documents and Settings\Singha Thepvongsa\Application Data\SUPERAntiSpyware.com
2008-04-28 11:01 . 2008-04-28 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-28 11:00 . 2008-04-28 11:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-27 22:15 . 2008-04-27 22:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\McAfee.com Personal Firewall
2008-04-27 14:09 . 2004-08-04 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-04-25 17:08 . 2008-04-25 17:08 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-18 16:42 . 2008-04-29 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-18 10:06 . 2008-04-18 10:06 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Earthlink
2008-04-17 18:44 . 2008-04-17 18:44 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\McAfee.com Personal Firewall
2008-04-17 15:48 . 2007-10-17 13:53 43,816 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys
2008-04-14 18:24 . 2008-04-14 18:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-14 12:02 . 2008-04-27 14:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-03 10:32 . 2008-04-03 10:32 <DIR> d-------- C:\Program Files\Citrix
2008-03-21 21:15 . 2008-03-21 21:16 <DIR> d-------- C:\Program Files\PHP
2008-03-21 21:09 . 2008-03-21 21:09 <DIR> d-------- C:\Program Files\Apache Software Foundation
2008-03-19 00:19 . 2008-03-19 00:19 <DIR> d-------- C:\Documents and Settings\Brandon Thepvongsa\Application Data\gtk-2.0
2008-03-18 23:23 . 2008-03-18 23:23 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-17 11:30 . 2008-03-17 11:30 <DIR> d-------- C:\Documents and Settings\Brandon Thepvongsa\Application Data\Inkscape
2008-03-17 11:27 . 2008-03-17 11:30 <DIR> d-------- C:\Program Files\Inkscape
2008-03-10 11:33 . 2008-03-10 11:33 <DIR> d-------- C:\Program Files\Inno Setup 5
2008-03-10 10:45 . 2008-03-10 10:46 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-03-10 10:43 . 2007-02-19 13:00 1,645,320 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-03-06 13:44 . 2008-03-06 13:44 <DIR> d-------- C:\Program Files\Cheat Engine
2008-03-06 13:44 . 2007-12-26 18:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-03-06 13:44 . 2007-12-26 18:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-03-04 17:12 . 2008-03-04 17:25 <DIR> d-------- C:\Program Files\Spanish CD
2008-03-04 16:16 . 2008-03-04 16:16 30 --a------ C:\WINDOWS\RESULT.QTW

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 19:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-29 19:28 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 19:26 --------- d-----w C:\Documents and Settings\Singha Thepvongsa\Application Data\Viewpoint
2008-04-29 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-29 03:49 --------- d-----w C:\Program Files\EarthLink TotalAccess
2008-04-28 23:58 --------- d-----w C:\Documents and Settings\Singha Thepvongsa\Application Data\DNA
2008-04-27 20:43 --------- d-----w C:\Documents and Settings\Singha Thepvongsa\Application Data\MSN6
2008-04-27 18:28 --------- d-----w C:\Program Files\Axis & Allies
2008-04-26 00:07 --------- d-----w C:\Program Files\Common Files\Real
2008-04-21 04:06 --------- d-----w C:\Documents and Settings\Brandon Thepvongsa\Application Data\MSN6
2008-04-18 23:44 --------- d-----w C:\Program Files\Google
2008-04-18 05:02 --------- d-----w C:\Documents and Settings\Singha Thepvongsa\Application Data\Lexmark Productivity Studio
2008-04-17 22:48 --------- d-----w C:\Program Files\Windows Live
2008-04-17 22:47 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-17 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-15 05:16 --------- d-----w C:\Program Files\Jasc Software Inc
2008-04-13 10:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-22 00:29 --------- d-----w C:\Program Files\No-IP
2008-03-18 04:11 --------- d-----w C:\Documents and Settings\Brandon Thepvongsa\Application Data\Intuit
2008-03-11 16:41 --------- d-----w C:\Program Files\Lexmark 3500-4500 Series
2008-03-10 17:52 --------- d-----w C:\Documents and Settings\Brandon Thepvongsa\Application Data\Lexmark Productivity Studio
2008-03-10 17:47 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2008-03-07 05:51 --------- d-----w C:\Program Files\GrassSoft
2008-03-07 05:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grasssoft
2008-03-07 05:49 --------- d-----w C:\Program Files\Flash Website Design
2008-03-07 05:48 --------- d-----w C:\Program Files\Perfect Sound Recorder
2008-03-05 03:00 --------- d-----w C:\Documents and Settings\Brandon Thepvongsa\Application Data\Dev-Cpp
2008-03-03 05:04 --------- d-----w C:\Program Files\Microsoft Money 2006
2008-03-01 00:52 --------- d-----w C:\Program Files\Common Files\Bcgsoft
2008-03-01 00:43 --------- d-----w C:\Program Files\The Game Creators
2008-02-29 23:46 --------- d-----w C:\Documents and Settings\Brandon Thepvongsa\Application Data\CoreFTP
2008-02-29 22:04 --------- d-----w C:\Program Files\CoreFTP
2008-02-29 03:22 --------- d-----w C:\Program Files\Conquer 2.0
2008-02-28 00:48 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-02-28 00:48 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-02-28 00:48 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-07 19:20 439,296 ----a-w C:\Documents and Settings\Brandon Thepvongsa\GoToAssist_phone__317_en.exe
2007-09-18 22:17 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2007-05-26 22:39 64,280 -c--a-w C:\Documents and Settings\Singha Thepvongsa\Application Data\GDIPFONTCACHEV1.DAT
2006-05-09 03:43 57,312 -c--a-w C:\Documents and Settings\Brandon Thepvongsa\Application Data\GDIPFONTCACHEV1.DAT
2005-10-19 03:32 51,000 -c--a-w C:\Documents and Settings\Nancy Thepvongsa\Application Data\GDIPFONTCACHEV1.DAT
2005-10-06 23:51 389,632 -c--a-w C:\Documents and Settings\Singha Thepvongsa\remote.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-28_19.43.36.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-07-26 04:20:23 110,080 -c--a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll
+ 2005-07-26 04:20:24 498,688 -c--a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll
+ 2004-08-04 12:00:00 110,080 -c----w C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll
+ 2004-08-04 12:00:00 501,248 -c----w C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll
- 2008-04-29 02:30:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-30 02:30:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2004-08-04 12:00:00 10,752 -c--a-w C:\WINDOWS\system32\dllcache\clb.dll
+ 2005-07-26 04:39:43 110,080 -c--a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
+ 2005-07-26 04:39:43 498,688 -c--a-w C:\WINDOWS\system32\dllcache\clbcatq.dll
+ 2005-05-24 19:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 22:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 22:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2007-12-05 06:28:22 10,240 ----a-w C:\WINDOWS\system32\ssiefr.EXE
+ 2007-12-05 06:28:56 232,760 ----a-w C:\WINDOWS\system32\WRLogonNtf.dll
+ 2007-12-05 06:28:54 26,424 ----a-w C:\WINDOWS\system32\wrlzma.dll
+ 2007-12-05 06:28:52 612,152 ----a-w C:\WINDOWS\WRUninstall.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"SpySweeper"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-16 20:52 155648]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 14:46 135168]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 17:42 1404928]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12 221184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 14:54 57344]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-06 23:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-05 23:05 127035]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 13:20 50744]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-04-05 14:41 950272]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05 212992]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-03-02 19:19 143360]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 20:28 196608]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 21:36 50688]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 03:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 03:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 14:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 14:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 14:50 114688]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-16 20:52 155648]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 18:54 166304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 04:42 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 11:07 435120]
"lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 05:40 20480]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 11:10 312240]
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [2007-12-17 11:12 243240]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-25 17:06 185896]
"combofix"="C:\WINDOWS\system32\CF546.exe" [2004-08-04 05:00 388608]
"SpySweeper"="C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeperUI.exe" [2007-12-04 23:28 5081400]

C:\Documents and Settings\Singha Thepvongsa\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2007-11-14 09:30:45 3656]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-18 16:42:00 124400]
Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2008-01-18 00:38:50 41041]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Singha Thepvongsa^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Singha Thepvongsa\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Singha Thepvongsa^Start Menu^Programs^Startup^OneNote Table Of Contents.onetoc2]
path=C:\Documents and Settings\Singha Thepvongsa\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
backup=C:\WINDOWS\pss\OneNote Table Of Contents.onetoc2Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2004-09-13 16:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon]
--a------ 2007-03-05 05:40 20480 C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe]
--a------ 2007-05-07 11:07 435120 C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2005-04-13 19:51 385024 C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-11-16 20:52 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-18 16:42 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-25 17:06 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\Wireless\\lxdiwpss.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdiwbgw.exe"=
"C:\\Program Files\\Java\\jdk1.6.0_03\\bin\\java.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\WINDOWS\\system32\\lxdicoms.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\App4r.exe"=
"C:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"C:\\Program Files\\Lexmark Fax Solutions\\faxctr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"43594:TCP"= 43594:TCP:PkScape

R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Family Safety;"C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 11:13]
R2 lxdi_device;lxdi_device;C:\WINDOWS\system32\lxdicoms.exe [2007-04-26 08:38]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-04-26 08:38]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 18:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 18:54]
R3 kbdcap;kbdcap;C:\WINDOWS\system32\drivers\kbdcap.sys [2008-02-02 23:36]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 05:00]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 18:54]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-29 15:53:55 C:\WINDOWS\Tasks\dfrg.job"
- C:\WINDOWS\system32\dfrg.msc
"2008-04-29 15:53:59 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 19:33:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiserv.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\PROGRA~1\McAfee.com\VSO\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeper.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\McAfee.com\VSO\McShield.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\VSO\mcvsftsn.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-04-29 19:43:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-30 02:43:03
ComboFix2.txt 2008-04-29 04:27:54
ComboFix3.txt 2008-04-29 02:44:13

Pre-Run: 47,836,418,048 bytes free
Post-Run: 48,077,361,152 bytes free

397 --- E O F --- 2008-04-19 10:08:31




Hijack This Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:08 PM, on 4/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeperUI.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF546.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...abs/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zon...nt.cab50997.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by135fd.bay13...es/MsnPUpld.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.h...nosticsxp2k.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zon...ro.cab50997.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B54F3AD8-23D1-4C34-B421-525200FCDA81}: NameServer = 206.124.64.253,206.124.65.253
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeper.exe

--
End of file - 12187 bytes

#19 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 29 April 2008 - 10:05 PM

A. It is very important that your security programs again be disabled.

B. Launch Notepad, and copy/paste everything in the codebox below into the new document, including the word REGEDIT4. Go up to "File Save As" and click the drop-down box to change the "Save As Type" to "All Files" and save it to your desktop as fixme.reg.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]


C. Please RUN HijackThis.
  • Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
    O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.


D. Locate fixme.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer Yes and wait for a message to appear similar to Merged Successfully.


E. REBOOT BACK INTO NORMAL MODE


F. Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.[/list]
Please also report if there is any improvement in your startup issues.
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#20 brandon99337

brandon99337

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 30 April 2008 - 09:52 AM

I'm trying to double click on fixme.reg but instead of what's supposed to happen I get the same error, Ths Application has failed to start because clb.dll was not found. Re-installing the application may fix this problem

#21 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 30 April 2008 - 10:06 AM

Let us try a system file checker/repair procedure.. You will need a copy of your original Operating System CD for this: (if you only have Recovery Disks, please advise as there are different instructions to follow)

1. Please go to Start -> Run -> type cmd and press Enter.

2. At the command prompt type sfc /scannow, making sure to put a space between the "c" and the slash, and then press Enter. This will run the System File Checker.

3. Follow the prompts, and insert your Windows installation CD if requested.

4. Then please REBOOT your computer.
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#22 brandon99337

brandon99337

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 30 April 2008 - 06:41 PM

Did everything you said, still same error. It looked like it was working when I entered the disk and it said something like ..please wait while windows verifies that...original files.....something else. But after rebooting the computer I tested to see if it worked by trying to open regedit and I got the same error! What can I do!

#23 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 30 April 2008 - 06:59 PM

Things to research:

Does the file clb.dll exist on your system and if it does, where is it?

Make sure all files are visible:

To enable the viewing of Hidden files follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Put a checkmark in the checkbox labeled Display the contents of system folders.
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
9. Press the Apply button and then the OK button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.


Now use the Windows Search tool and perform a search for clb.dll

Please post the complete path of all instances of that file found on your system, if any exist.
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#24 brandon99337

brandon99337

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 30 April 2008 - 09:12 PM

Do I search my whole computer? Because this is taking forever :D. Anyways I'm currently searching for it but I just had a flashback. Around a year ago I had this same error and I went online and downloaded clb.dll. Maybe it was just a virus or something but at least it took away the error.... did that help anything?

Edited by brandon99337, 30 April 2008 - 09:13 PM.


#25 brandon99337

brandon99337

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 30 April 2008 - 09:16 PM

Done! umm how can I send you the found files?

    Advertisements

Register to Remove


#26 brandon99337

brandon99337

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 30 April 2008 - 09:19 PM

Here's the search results in a photo... Click on the thumbnail then zoom in to see it clearly

Attached Thumbnails

  • clbpicture.JPG

Edited by brandon99337, 30 April 2008 - 09:19 PM.


#27 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 30 April 2008 - 09:27 PM

Try this:

A. Go to Start Run, and type:

expand C:\i386\clb.dl_ C:\Windows\System32\clb.dll

Click OK

B. Then, go to Start Run, and type:

regsvr32 clb.dll


Click OK


C. Restart your computer. Post back with the results as in error messages yes/no and which ones if any.

D. If all is well we will, we will proceed with the final cleanup procedures.
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#28 brandon99337

brandon99337

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 30 April 2008 - 09:29 PM

Part A worked fine, Part B had an error that said LoadLibrary("clb.dll") failed - The specified module could not be found. Restarting my computer right now.....be right back

Edited by brandon99337, 30 April 2008 - 09:30 PM.


#29 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 30 April 2008 - 09:51 PM

Restart your system and post any/all error messages
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#30 brandon99337

brandon99337

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 30 April 2008 - 10:18 PM

It's all still the same and part B still doesnt' work

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users