Jump to content
Sign in to follow this  
tileytan

Pls help check my HJT log

Recommended Posts

Hi, i just tried to remove a smitfraud and a dialer trojan would appreciate if someone can help me check whether my pc is totally clean now=)

 

Logfile of HijackThis v1.99.1

Scan saved at 02:55:40, on 18/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Dell\QuickSet\Quickset.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Rainlendar2\Rainlendar2.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Tiley Tan\Desktop\Manual Spyware Removal Kit\Superman.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE /P26 "EPSON Stylus CX3700 Series" /O6 "USB001" /M "Stylus CX3700"

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163789453125

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Edited by tileytan

Share this post


Link to post
Share on other sites

Rescan with HJT, check this item:

 

O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)

 

Close all browser windows except HJT, then click 'fix checked'. Exit HJT....

 

Reboot into safe mode:

Restart the computer

Immediately begin tapping the <F8> key.

Use the arrow keys to highlight Safe Mode and press the <Enter> key.

 

Show Hidden Files and Folders

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.

Uncheck: Hide file extensions for known file types

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

 

Using Windows Explorer, search for and delete this file if found:

 

winmfu32.dll

 

rehide hidden files and folders

 

Reboot.

 

Please go

HERE

to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button

 

A new window will open...click the Check Now button

Enter your Country

Enter your State/Province

Enter your e-mail address and click send

Select either Home User or Company

 

Click the big Scan Now button

 

*If it wants to install an ActiveX component allow it

*It will start downloading the files it requires for the scan (Note: It may

take a couple of minutes)

 

When download is complete, click on My Computer to start the scan

 

*Leave the autoclean checked

 

When the scan completes, if anything malicious is detected, click the See

Report button, then Save Report and save it to a convenient

location (activescan.txt to desktop). Post the contents of the

ActiveScan report and a new HJT log

Share this post


Link to post
Share on other sites

Hi, there was no option for me to check autoclean when using panda scan=( anyway the activescan report and hjt log are as follows:

 

Activescan Report

 

Incident Status Location

 

Adware:adware/dollarrevenue Not disinfected Windows Registry

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Tiley Tan\Application Data\Mozilla\Firefox\Profiles\nlghapo7.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Tiley Tan\Application Data\Mozilla\Firefox\Profiles\nlghapo7.default\cookies.txt[.go.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Tiley Tan\Application Data\Mozilla\Firefox\Profiles\nlghapo7.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Tiley Tan\Application Data\Mozilla\Firefox\Profiles\nlghapo7.default\cookies.txt[.hitbox.com/]

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Tiley Tan\Application Data\Mozilla\Firefox\Profiles\nlghapo7.default\cookies.txt[.ehg-dig.hitbox.com/]

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Tiley Tan\Application Data\Mozilla\Firefox\Profiles\nlghapo7.default\cookies.txt[.hitbox.com/]

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tiley Tan\Application Data\Mozilla\Firefox\Profiles\nlghapo7.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Tiley Tan\Application Data\Mozilla\Firefox\Profiles\nlghapo7.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tiley Tan\Application Data\Mozilla\Firefox\Profiles\nlghapo7.default\cookies.txt[.fastclick.net/]

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tiley Tan\Application Data\Mozilla\Firefox\Profiles\nlghapo7.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Tiley Tan\Cookies\tiley_tan@ehg-dig.hitbox[1].txt

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Tiley Tan\Cookies\tiley_tan@hitbox[1].txt

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Tiley Tan\Desktop\Manual Spyware Removal Kit\SmitfraudFix\Process.exe

Possible Virus. Not disinfected C:\Documents and Settings\Tiley Tan\Desktop\Manual Spyware Removal Kit\SmitfraudFix\swsc.exe

Adware:Adware/Mytoolbar Not disinfected C:\Program Files\Common Files\{9C555C70-063B-1033-0929-06002c}\Update.exe

Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-936589892-3548457447-4186604906-1006\Dc2\SmitfraudFix\Process.exe

Possible Virus. Not disinfected C:\RECYCLER\S-1-5-21-936589892-3548457447-4186604906-1006\Dc2\SmitfraudFix\swsc.exe

Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe

Possible Virus. Not disinfected C:\WINDOWS\system32\swsc.exe

Dialer:Dialer.HLD Not disinfected C:\WINDOWS\Temp\win8.tmp.exe

Spyware:Cookie/Com.com Not disinfected F:\Tiley Tan\Cookies\tiley tan@com[1].txt

Potentially unwanted tool:Application/Processor Not disinfected H:\Manual Spyware Removal Kit\SmitfraudFix\Process.exe

Possible Virus. Not disinfected H:\Manual Spyware Removal Kit\SmitfraudFix\swsc.exe

---------------------------------------------------------------------------------------------------------------------------------------------

HJT Log

 

Logfile of HijackThis v1.99.1

Scan saved at 04:07:43, on 19/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Dell\QuickSet\Quickset.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Rainlendar2\Rainlendar2.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Tiley Tan\Desktop\Manual Spyware Removal Kit\analyse.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE /P26 "EPSON Stylus CX3700 Series" /O6 "USB001" /M "Stylus CX3700"

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163789453125

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Share this post


Link to post
Share on other sites

1. Download this file - combofix.exe

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

2. Double click on combofix.exe & follow the prompts.

 

Note: If you receive a popup with a Disclaimer, read that and answer

Y for yes (or N for no) Enter

Y is recommended (if you put N, the tool will exit without fixing and

will remove the combofix file and folders)

 

Do NOT click on the window while the fix is running, because that will cause

your system to hang and the fix to stall.

 

3. When finished, it will produce a log for you. Post that log in your next

reply

 

Reboot

 

Download ATF Cleaner http://www.atribune.org/content/view/19/2/

Click "Main" > check 'select all' this first time using it, then click "Empty Selected". Do the same for FireFox or Opera if you use either of those browsers.

 

Go to Control Panel > Internet Options.

On the General tab under "Temporary Internet Files" Click "Delete Files".

Put a check by "Delete Offline Content" and click OK.

Click Apply then OK.

 

***note you will have to reset your 'log-on' cookies for the various sites/forums you are a member of.

 

Next,

Open Hijackthis, In the lower right corner click the Config...

(Configuration) button.

Once in the Configuration panel, click Misc Tools button.

Then click the Open Uninstall Manager... button.

The Add/Remove Programs Manager panel should appear.

In this panel click the Save list button.

Save the uninstall_list.txt file to your desktop and copy and paste the

contents back in your next reply along with the Combofix log..

Share this post


Link to post
Share on other sites

Combofix log

 

Tiley Tan - 06-11-19 10:10:56.00 Service Pack 2

ComboFix 06.11.9 - Running from: "C:\Program Files\Mozilla Firefox"

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\components

C:\Program Files\Common Files\{9C555C70-063B-1033-0929-06002c}

 

 

((((((((((((((((((((((((((((((( Files Created from 2006-10-19 to 2006-11-19 ))))))))))))))))))))))))))))))))))

 

 

2006-11-18 14:41 127,208 --a------ C:\WINDOWS\system32\mucltui.dll

2006-11-18 09:48 121,856 --------- C:\WINDOWS\system32\xmllite.dll

2006-11-17 23:50 4,368 --a------ C:\WINDOWS\system32\tmp.reg

2006-11-17 22:42 53,248 --a------ C:\WINDOWS\system32\Process.exe

2006-11-17 22:42 40,960 --a------ C:\WINDOWS\system32\swsc.exe

2006-11-17 22:42 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2006-11-17 22:42 135,168 --a------ C:\WINDOWS\system32\swreg.exe

2006-11-08 10:09 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL

2006-11-08 10:09 446,464 -ra------ C:\WINDOWS\system32\hhactivex.dll

2006-11-08 10:09 176,128 --a------ C:\WINDOWS\system32\RcdScan.dll

2006-11-07 21:03 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll

2006-11-07 21:03 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll

2006-11-07 21:03 458,752 --------- C:\WINDOWS\system32\msfeeds.dll

2006-11-07 21:03 180,736 --------- C:\WINDOWS\system32\ieui.dll

2006-11-07 03:26 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe

2006-11-05 20:22 24,816 --a------ C:\WINDOWS\system32\mdimon.dll

2006-11-05 02:04 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys

2006-11-05 02:01 96,256 --a------ C:\WINDOWS\system32\drivers\sptd8765.sys

2006-11-05 02:01 643,072 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2006-11-05 01:27 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll

2006-11-05 01:27 479,232 --a------ C:\WINDOWS\system32\PICSDK.dll

2006-11-05 01:27 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll

2006-11-05 01:26 79,679 --a------ C:\WINDOWS\system32\E_FLMACP.DLL

2006-11-05 01:26 64,000 --a------ C:\WINDOWS\system32\E_FBCBACP.DLL

2006-11-05 01:26 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL

2006-11-05 01:26 34,304 --a------ C:\WINDOWS\system32\E_FBCHACP.DLL

2006-11-05 01:26 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2006-11-05 01:25 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2006-11-05 01:25 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2006-11-05 01:22 46,080 --a------ C:\WINDOWS\system32\escimgd.dll

2006-11-05 01:22 29,696 --a------ C:\WINDOWS\system32\escwiad.dll

2006-11-05 01:22 22,016 --a------ C:\WINDOWS\system32\esccmd.dll

2006-11-05 01:09 8,464 --a------ C:\WINDOWS\system32\sporder.dll

2006-11-04 23:19 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2006-11-04 23:19 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2006-11-04 23:19 38,912 --------- C:\WINDOWS\system32\picn20.dll

2006-11-04 23:19 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll

2006-11-04 23:19 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2006-11-04 23:19 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2006-11-04 23:19 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2006-11-04 23:19 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2006-11-04 15:02 48,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2006-11-04 15:02 110,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2006-11-04 15:02 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys

2006-11-04 14:47 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS

2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll

2006-11-04 10:57 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2006-11-04 10:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2006-11-02 05:11 53,248 --a------ C:\WINDOWS\system32\DellSys.dll

2006-11-02 05:11 17,153 --a------ C:\WINDOWS\system32\drivers\omci.sys

2006-11-02 05:05 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2006-11-02 05:05 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2006-11-02 05:04 94,299 --a------ C:\WINDOWS\system32\SynTPAPI.dll

2006-11-02 05:04 82,014 --a------ C:\WINDOWS\system32\SynCOM.dll

2006-11-02 05:04 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll

2006-11-02 05:04 69,723 --a------ C:\WINDOWS\system32\SynTPFcs.dll

2006-11-02 05:04 61,440 --a------ C:\WINDOWS\system32\KPower.dll

2006-11-02 05:04 307,200 --a------ C:\WINDOWS\system32\BMAPI.dll

2006-11-02 05:04 191,872 --a------ C:\WINDOWS\system32\drivers\SynTP.sys

2006-11-02 05:04 16,128 --a------ C:\WINDOWS\system32\drivers\APPDRV.SYS

2006-11-02 05:04 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll

2006-11-02 05:03 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys

2006-11-02 05:03 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys

2006-11-02 05:03 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys

2006-11-02 05:03 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys

2006-11-02 05:03 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys

2006-11-02 05:03 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys

2006-11-02 05:03 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2006-11-02 05:03 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys

2006-11-02 05:03 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys

2006-11-02 05:03 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys

2006-11-02 05:03 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys

2006-11-02 05:02 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys

2006-11-02 05:02 4,096 --a------ C:\WINDOWS\system32\ksuser.dll

2006-11-02 05:02 282,624 --a------ C:\WINDOWS\stsystra.exe

2006-11-02 05:02 1,052,672 --a------ C:\WINDOWS\system32\stlang.dll

2006-11-02 05:01 28,672 --------- C:\WINDOWS\system32\verclsid.exe

2006-11-02 05:01 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys

2006-11-02 04:51 135,168 --a------ C:\WINDOWS\system32\igfxres.dll

2006-11-02 04:48 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll

2006-11-02 04:48 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll

2006-11-02 04:48 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll

2006-11-02 04:48 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll

2006-11-02 04:48 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll

2006-11-02 04:48 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll

2006-11-02 04:48 76,288 --a------ C:\WINDOWS\system32\uniime.dll

2006-11-02 04:48 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll

2006-11-02 04:48 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll

2006-11-02 04:48 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll

2006-11-02 04:48 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll

2006-11-02 04:48 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll

2006-11-02 04:48 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll

2006-11-02 04:48 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll

2006-11-02 04:48 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll

2006-11-02 04:48 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll

2006-11-02 04:48 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll

2006-11-02 04:48 6,144 --a------ C:\WINDOWS\system32\kbd106.dll

2006-11-02 04:48 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll

2006-11-02 04:48 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll

2006-11-02 04:48 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll

2006-11-02 04:48 6,144 --a------ C:\WINDOWS\system32\kbd101.dll

2006-11-02 04:48 5,632 --a------ C:\WINDOWS\system32\kbd103.dll

2006-11-02 04:48 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll

2006-11-02 04:48 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll

2006-11-02 04:45 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys

2006-11-02 04:45 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys

2006-11-02 04:45 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys

2006-11-02 04:45 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys

2006-11-02 04:44 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys

2006-11-02 04:44 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys

2006-11-02 04:44 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys

2006-11-02 04:41 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll

2006-11-02 04:41 717,952 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys

2006-11-02 04:41 201,600 --a------ C:\WINDOWS\system32\drivers\HSFHWAZL.sys

2006-11-02 04:41 13,059 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys

2006-11-02 04:41 110,592 --a------ C:\WINDOWS\system32\uci100.dll

2006-11-02 04:41 1,035,008 --a------ C:\WINDOWS\system32\drivers\HSF_DPV.sys

2006-11-02 04:40 98,304 --a------ C:\WINDOWS\system32\igfxtray.exe

2006-11-02 04:40 94,208 --a------ C:\WINDOWS\system32\igfxext.exe

2006-11-02 04:40 90,112 --a------ C:\WINDOWS\system32\snymsico.dll

2006-11-02 04:40 899,196 --a------ C:\WINDOWS\system32\ialmdd5.dll

2006-11-02 04:40 86,016 --a------ C:\WINDOWS\system32\igfxdo.dll

2006-11-02 04:40 77,824 --a------ C:\WINDOWS\system32\hkcmd.exe

2006-11-02 04:40 73,728 --a------ C:\WINDOWS\system32\hccutils.dll

2006-11-02 04:40 61,440 --a------ C:\WINDOWS\system32\iAlmCoIn_v4446.dll

2006-11-02 04:40 57,344 --a------ C:\WINDOWS\system32\igfxsrvc.dll

2006-11-02 04:40 524,288 --a------ C:\WINDOWS\system32\igldev32.dll

2006-11-02 04:40 51,328 --a------ C:\WINDOWS\system32\drivers\rimsptsk.sys

2006-11-02 04:40 491,520 --a------ C:\WINDOWS\system32\w39NCPA.dll

2006-11-02 04:40 49,152 --a------ C:\WINDOWS\system32\ialmrem.dll

2006-11-02 04:40 49,152 --a------ C:\WINDOWS\setpwrcg.exe

2006-11-02 04:40 450,560 --a------ C:\WINDOWS\system32\igfxcfg.exe

2006-11-02 04:40 44,544 --a------ C:\WINDOWS\system32\drivers\bcm4sbxp.sys

2006-11-02 04:40 40,960 --a------ C:\WINDOWS\system32\igfxexps.dll

2006-11-02 04:40 36,992 --a------ C:\WINDOWS\system32\ialmrnt5.dll

2006-11-02 04:40 307,968 --a------ C:\WINDOWS\system32\drivers\rixdptsk.sys

2006-11-02 04:40 28,544 --a------ C:\WINDOWS\system32\drivers\rimmptsk.sys

2006-11-02 04:40 214,748 --a------ C:\WINDOWS\system32\ialmdev5.dll

2006-11-02 04:40 208,896 --a------ C:\WINDOWS\system32\stacapi.dll

2006-11-02 04:40 2,633,728 --a------ C:\WINDOWS\system32\w39MLRes.dll

2006-11-02 04:40 2,310,144 --a------ C:\WINDOWS\system32\iglicd32.dll

2006-11-02 04:40 16,480 --a------ C:\WINDOWS\system32\rixdicon.dll

2006-11-02 04:40 159,744 --a------ C:\WINDOWS\system32\igfxsrvc.exe

2006-11-02 04:40 147,456 --a------ C:\WINDOWS\system32\igfxpph.dll

2006-11-02 04:40 139,264 --a------ C:\WINDOWS\system32\igfxdev.dll

2006-11-02 04:40 119,933 --a------ C:\WINDOWS\system32\ialmdnt5.dll

2006-11-02 04:40 118,784 --a------ C:\WINDOWS\system32\igfxpers.exe

2006-11-02 04:40 114,688 --a------ C:\WINDOWS\system32\igfxzoom.exe

2006-11-02 04:40 112,128 --a------ C:\WINDOWS\system32\staco.dll

2006-11-02 04:40 1,503,232 --a------ C:\WINDOWS\system32\igfxress.dll

2006-11-02 04:40 1,429,632 --a------ C:\WINDOWS\system32\drivers\w39n51.sys

2006-11-02 04:40 1,364,574 --a------ C:\WINDOWS\system32\drivers\ialmnt5.sys

2006-11-02 04:40 1,156,648 --a------ C:\WINDOWS\system32\drivers\sthda.sys

2006-11-02 04:39 884,736 --a------ C:\WINDOWS\system32\msimsg.dll

2006-11-02 04:39 78,848 --a------ C:\WINDOWS\system32\msiexec.exe

2006-11-02 04:39 453,120 --a------ C:\WINDOWS\system32\drivers\mrxsmb.sys

2006-11-02 04:39 271,360 --a------ C:\WINDOWS\system32\msihnd.dll

2006-11-02 04:39 2,890,240 --a------ C:\WINDOWS\system32\msi.dll

2006-11-02 04:39 15,360 --a------ C:\WINDOWS\system32\msisip.dll

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-11-19 10:11 -------- d-------- C:\Program Files\Common Files

2006-11-19 10:10 -------- d-------- C:\Program Files\Mozilla Firefox

2006-11-19 03:24 -------- d-------- C:\Program Files\Windows Defender

2006-11-19 03:24 -------- d-------- C:\Program Files\Symantec

2006-11-19 03:24 -------- d-------- C:\Program Files\Rainlendar2

2006-11-19 03:22 -------- d-------- C:\Program Files\Messenger

2006-11-19 03:04 -------- d-------- C:\Program Files\Internet Explorer

2006-11-19 03:04 -------- d-------- C:\Program Files\Digital Line Detect

2006-11-19 03:03 -------- d-------- C:\Program Files\Common Files\Symantec Shared

2006-11-19 02:53 -------- d-------- C:\Documents and Settings\Tiley Tan\Application Data\Symantec

2006-11-19 02:28 -------- d-------- C:\Documents and Settings\Tiley Tan\Application Data\uTorrent

2006-11-18 09:35 -------- d-------- C:\Program Files\MathType

2006-11-18 00:18 -------- d-------- C:\Program Files\CCleaner

2006-11-17 21:11 -------- d-------- C:\Documents and Settings\Tiley Tan\Application Data\Uniblue

2006-11-17 19:23 -------- d-------- C:\Program Files\Lavasoft

2006-11-17 19:23 -------- d-------- C:\Documents and Settings\Tiley Tan\Application Data\Lavasoft

2006-11-17 00:00 -------- d-------- C:\Program Files\Norton AntiVirus

2006-11-16 22:37 -------- d-------- C:\Program Files\MSXML 4.0

2006-11-16 21:39 -------- d---s---- C:\Documents and Settings\Tiley Tan\Application Data\Microsoft

2006-11-10 08:06 -------- d-------- C:\Program Files\WinRAR

2006-11-08 10:09 -------- d--h----- C:\Program Files\InstallShield Installation Information

2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll

2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll

2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll

2006-11-07 20:44 -------- d-------- C:\Program Files\Google

2006-11-07 17:25 -------- d-------- C:\Program Files\Alcohol Soft

2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll

2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll

2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll

2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll

2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe

2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll

2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll

2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll

2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll

2006-11-06 23:37 -------- d-------- C:\Documents and Settings\Tiley Tan\Application Data\Ahead

2006-11-06 03:19 -------- d-------- C:\Program Files\Dell

2006-11-06 03:19 -------- d-------- C:\Program Files\Common Files\Sonic Shared

2006-11-05 23:38 -------- d-------- C:\Program Files\QuickTime

2006-11-05 22:14 -------- d-------- C:\Documents and Settings\Tiley Tan\Application Data\OpenOffice.org2

2006-11-05 21:15 -------- d-------- C:\Program Files\Microsoft Office

2006-11-05 21:15 -------- d-------- C:\Program Files\Common Files\Microsoft Shared

2006-11-05 20:27 -------- d-------- C:\Documents and Settings\Tiley Tan\Application Data\Design Science

2006-11-05 20:21 -------- d-------- C:\Program Files\Microsoft ActiveSync

2006-11-05 20:21 -------- d-------- C:\Program Files\Common Files\DESIGNER

2006-11-05 20:20 -------- d-------- C:\Program Files\Microsoft.NET

2006-11-05 09:32 -------- d-------- C:\Documents and Settings\Tiley Tan\Application Data\vlc

2006-11-05 02:44 -------- d-------- C:\Documents and Settings\Tiley Tan\Application Data\MathWorks

2006-11-05 02:35 -------- d-------- C:\Program Files\MATLAB71

2006-11-05 01:58 -------- d-------- C:\Documents and Settings\Tiley Tan\Application Data\Rainlendar

2006-11-05 01:33 -------- d-------- C:\Program Files\Common Files\InstallShield

2006-11-05 01:29 -------- d-------- C:\Program Files\epson

2006-11-04 23:46 -------- d-------- C:\Documents and Settings\Tiley Tan\Application Data\Sun

2006-11-04 23:20 -------- d-------- C:\Program Files\Ahead

2006-11-04 23:19 -------- d-------- C:\Program Files\Common Files\Ahead

2006-11-04 16:29 -------- d-------- C:\Program Files\MSN Messenger

2006-11-04 16:10 62 --a------ C:\Documents and Settings\Tiley Tan\Application Data\wklnhst.dat

2006-11-04 16:07 -------- d-------- C:\Program Files\pspvideo9

2006-11-04 16:07 -------- d-------- C:\Program Files\AviSynth 2.5

2006-11-04 14:54 -------- d-------- C:\Documents and Settings\Tiley Tan\Application Data\Help

2006-11-04 14:51 -------- d-------- C:\Documents and Settings\Tiley Tan\Application Data\AdobeUM

2006-11-04 14:48 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared

2006-11-04 14:48 -------- d-------- C:\Program Files\Common Files\Adobe

2006-11-04 14:48 -------- d-------- C:\Documents and Settings\Tiley Tan\Application Data\Adobe

2006-11-04 14:44 -------- d-------- C:\Program Files\Adobe

2006-11-04 14:40 -------- d-------- C:\Documents and Settings\Tiley Tan\Application Data\Template

2006-11-04 11:46 -------- d-------- C:\Program Files\Java

2006-11-04 11:34 -------- d-------- C:\Documents and Settings\Tiley Tan\Application Data\Macromedia

2006-11-04 11:07 -------- d-------- C:\Program Files\VideoLAN

2006-11-04 11:03 -------- d-------- C:\Documents and Settings\Tiley Tan\Application Data\Mozilla

2006-11-04 10:53 -------- d-------- C:\Documents and Settings\Tiley Tan\Application Data\McAfee.com Personal Firewall

2006-11-02 05:11 -------- d--h----- C:\Documents and Settings\Tiley Tan\Application Data\Gtek

2006-11-02 05:11 -------- d-------- C:\Program Files\Dell Support

2006-11-02 05:10 -------- d-------- C:\Program Files\Dell Network Assistant

2006-11-02 05:05 -------- d-------- C:\Program Files\Windows Media Player

2006-11-02 05:05 -------- d-------- C:\Program Files\NetWaiting

2006-11-02 05:05 -------- d-------- C:\Program Files\Modem Helper

2006-11-02 05:05 -------- d-------- C:\Program Files\Broadcom

2006-11-02 05:04 -------- d-------- C:\Program Files\Synaptics

2006-11-02 05:03 -------- d-------- C:\Program Files\CONEXANT

2006-11-02 05:02 -------- d-------- C:\Program Files\Sigmatel

2006-11-02 05:02 -------- d-------- C:\Program Files\Intel, Inc

2006-11-02 05:01 -------- d-------- C:\Program Files\Intel

2006-11-02 05:01 -------- d-------- C:\Documents and Settings\Tiley Tan\Application Data\Intel

2006-11-02 05:00 -------- d-------- C:\Program Files\Outlook Express

2006-11-02 05:00 -------- d-------- C:\Program Files\Common Files\System

2006-11-02 04:57 -------- d-------- C:\Program Files\Common Files\Java

2006-10-29 19:28 75736 --a------ C:\WINDOWS\system32\cdm.dll

2006-10-29 19:28 465368 --a------ C:\WINDOWS\system32\wuapi.dll

2006-10-29 19:28 41432 --a------ C:\WINDOWS\system32\wups.dll

2006-10-29 19:28 198616 --a------ C:\WINDOWS\system32\iuengine.dll

2006-10-29 19:28 194520 --a------ C:\WINDOWS\system32\wuaueng1.dll

2006-10-29 19:28 18392 --a------ C:\WINDOWS\system32\wups2.dll

2006-10-29 19:28 174040 --a------ C:\WINDOWS\system32\wuweb.dll

2006-10-29 19:28 172504 --a------ C:\WINDOWS\system32\wuauclt1.exe

2006-10-29 19:28 1353688 --a------ C:\WINDOWS\system32\wuaueng.dll

2006-10-29 19:28 127448 --a------ C:\WINDOWS\system32\wucltui.dll

2006-10-29 19:28 124376 --a------ C:\WINDOWS\system32\wuauclt.exe

2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll

2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll

2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe

2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll

2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll

2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll

2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll

2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe

2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll

2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll

2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe

2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll

2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll

2006-10-13 20:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll

2006-09-13 13:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

2006-08-25 23:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll

2006-08-21 20:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll

2006-08-21 17:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"Rainlendar2"="C:\\Program Files\\Rainlendar2\\Rainlendar2.exe"

"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"

"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"

"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"

"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"

"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"

"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"

"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""

"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"

"SigmatelSysTrayApp"="stsystra.exe"

"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"

"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""

"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"EPSON Stylus CX3700 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACP.EXE /P26 \"EPSON Stylus CX3700 Series\" /O6 \"USB001\" /M \"Stylus CX3700\""

"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"

"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\Quickset.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000000

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"matlabserver"=dword:00000002

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\MP Scheduled Scan.job

C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Tiley Tan.job

C:\WINDOWS\tasks\Norton AntiVirus - Run Norton QuickScan - Tiley Tan.job

 

Completion time: 06-11-19 10:11:39.45

C:\ComboFix.txt ... 06-11-19 10:11

 

 

HJT Uninstall list

 

Ad-Aware SE Personal

Adobe Acrobat 7.0 Professional

Adobe Flash Player 9 ActiveX

AviSynth 2.5

Broadcom Management Programs

ccCommon

CCleaner (remove only)

Conexant HDA D110 MDC V.92 Modem

Dell Media Experience

Dell Network Assistant

Dell ResourceCD

Dell Support 3.2

Digital Line Detect

EPSON Attach To Email

EPSON Copy Utility 3

EPSON Easy Photo Print

EPSON File Manager

EPSON Image Clip Palette

EPSON Printer Software

EPSON Scan

EPSON Scan Assistant

ESCX3700 User's Guide

High Definition Audio Driver Package - KB835221

HijackThis 1.99.1

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

Intel® Graphics Media Accelerator Driver

Intel® PROSet/Wireless Software

Internet Worm Protection

J2SE Runtime Environment 5.0 Update 6

J2SE Runtime Environment 5.0 Update 9

LiveUpdate 3.0 (Symantec Corporation)

MathType 5

MATLAB 7.1

mCore

MCU

mDrWiFi

mHlpDell

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB886903)

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edition 2003

mIWA

mLogView

mMHouse

Modem Helper

Mozilla Firefox (2.0)

mPfMgr

mPfWiz

mProSafe

mSSO

MSXML 4.0 SP2 (KB927978)

mWlsSafe

mWMI

mXML

mZConfig

NAVShortcut

Nero OEM

NetWaiting

Norton AntiVirus 2006

Norton AntiVirus 2006 (Symantec Corporation)

Norton AntiVirus Help

Norton AntiVirus Parent MSI

Norton AntiVirus SYMLT MSI

Norton Protection Center

Norton WMI Update

Panda ActiveScan

PSP Video 9 1.74

QuickSet

QuickTime

Rainlendar2 (remove only)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901190)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB925486)

SPBBC

Symantec

Synaptics Pointing Device Driver

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB912945)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

VideoLAN VLC media player 0.8.5

Windows Defender

Windows Internet Explorer 7

Windows Live Messenger

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890859

WinRAR archiver

Edited by tileytan

Share this post


Link to post
Share on other sites

Hi Jacee, I removed tons of spyware and 1 virus using panda antivirus+firewall 2007. Then I did an activescan and hjt scan. Below are the activescan log and hjt log...

 

Panda Activescan log

 

Incident Status Location

 

Possible Virus. Not disinfected C:\Documents and Settings\Tiley Tan\Desktop\Manual Spyware Removal Kit\SmitfraudFix\swsc.exe

Possible Virus. Not disinfected C:\WINDOWS\system32\Microsoft.exe

Possible Virus. Not disinfected C:\WINDOWS\system32\swsc.exe

Possible Virus. Not disinfected H:\Manual Spyware Removal Kit\SmitfraudFix\swsc.exe

Possible Virus. Not disinfected H:\Panda Antivirus + Firewall 2007 + Product Key.zip[Key.exe]

 

 

HJT log

 

Logfile of HijackThis v1.99.1

Scan saved at 16:48:09, on 19/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\apvxdwin.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

c:\program files\panda software\panda antivirus + firewall 2007\WebProxy.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Dell\QuickSet\Quickset.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Rainlendar2\Rainlendar2.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Documents and Settings\Tiley Tan\Desktop\Manual Spyware Removal Kit\HijackThis\analyse.exe

C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\psimreal.exe

C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\avciman.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE /P26 "EPSON Stylus CX3700 Series" /O6 "USB001" /M "Stylus CX3700"

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\RunServices: [TPSRV9x] "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163789453125

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe

O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Share this post


Link to post
Share on other sites

Your HJT log looks okay.

 

Reboot into safe mode:

Restart the computer

Immediately begin tapping the <F8> key.

Use the arrow keys to highlight Safe Mode and press the <Enter> key.

 

Show Hidden Files and Folders

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.

Uncheck: Hide file extensions for known file types

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

 

Using Windows Explorer, search for this file and delete it:

 

C:\WINDOWS\system32\Microsoft.exe

 

***Rehide hidden files and folders! Reboot/restart your computer normally.

 

You now have two anti-virus programs running on your computer...not a good idea. They are resource hogs and will fight for your systems resources. They could also fight each other's virus definitions. Please choose one and uninstall the other.

 

Please let me know how things are running now.

Share this post


Link to post
Share on other sites

Hi, I can't find Microsoft.exe :mrsgreen:

Also, just ran a full scan using Avast and spy sweeper, nothing came up :clap:

 

Here is my HJT log:

 

Logfile of HijackThis v1.99.1

Scan saved at 03:57:27, on 21/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Dell\QuickSet\Quickset.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Rainlendar2\Rainlendar2.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Tiley Tan\Desktop\Manual Spyware Removal Kit\HijackThis\analyse.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC

O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE" /P26 "EPSON Stylus CX3700 Series" /O6 "USB001" /M "Stylus CX3700"

O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"

O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\Quickset.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Rainlendar2] "C:\Program Files\Rainlendar2\Rainlendar2.exe"

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163789453125

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Edited by tileytan

Share this post


Link to post
Share on other sites

Looks good!

 

Download ATF Cleaner http://www.atribune.org/content/view/19/2/

Click "Main" > check 'select all' this first time using it, then click "Empty Selected". Do the same for FireFox or Opera if you use either of those browsers.

 

Finally go to Control Panel > Internet Options.

On the General tab under "Temporary Internet Files" Click "Delete Files".

Put a check by "Delete Offline Content" and click OK.

 

Next,

 

Defrag! and reboot

 

You will want to finish cleaning now by removing your restore points and

starting fresh with them.

Please do this:

 

Turn off System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore.

Click Apply, and then click OK.

Reboot.

Turn ON System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

UN-Check *Turn off System Restore*.

Click Apply, and then click OK.

 

Make your Internet Explorer more secure - This

can be done by following these simple instructions:

  • From within Internet Explorer click on the Tools menu and then

    click on Options.

  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    1. Change the Download signed ActiveX controls to Prompt
    2. Change the Download unsigned ActiveX controls to Disable
    3. Change the Initialize and script ActiveX controls not marked as

      safe

      to Disable
    4. Change the Installation of desktop items to Prompt
    5. Change the Launching programs and files in an IFRAME to

      Prompt

    6. Change the Navigate sub-frames across different domains to

      Prompt

    7. When all these settings have been made, click on the OK button.
    8. If it prompts you as to whether or not you want to save the settings,

      press the Yes button.

    9. Next press the Apply button and then the OK to exit the

      Internet Properties page.

    10. Use an AntiVirus Software - It is very

      important that your computer has an anti-virus software running on your

      machine. This alone can save you a lot of trouble with malware in the

      future. See this link for a listing of some online & their stand-alone

      antivirus programs:

      Virus, Spyware, and Malware Protection and Removal Resources

    11. Update your AntiVirus Software - It is

      imperitive that you update your Antivirus software at least once a week

      (Even more if you wish). If you do not update your antivirus software then

      it will not be able to catch any of the new variants that may come out.

    12. Use a Firewall - I can not stress how

      important it is that you use a Firewall on your computer. Without a firewall

      your computer is succeptible to being hacked and taken over. I am very

      serious about this and see it happen almost every day with my clients.

      Simply using a Firewall in its default configuration can lower your risk

      greatly. For a tutorial on Firewalls and a listing of some available ones

      see the link below:

      Understanding and Using Firewalls

    13. Visit Microsoft's Windows Update Site

      Frequently

      - It is important that you visit

      http://www.windowsupdate.com

      regularly. This will ensure your computer has always the latest security

      updates available installed on your computer. If there are new updates to

      install, install them immediately, reboot your computer, and revisit the

      site until there are no more critical updates.

    14. Install Spybot - Search and Destroy - Install

      and download Spybot - Search and Destroy with its TeaTimer option. This will

      provide realtime spyware & hijacker protection on your computer alongside

      your virus protection. You should also scan your computer with program on a

      regular basis just as you would an antivirus software. A tutorial on

      installing & using this product can be found here:

      Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

    15. Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:

      Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

    16. Install SpywareBlaster - SpywareBlaster will

      added a large list of programs and sites into your Internet Explorer

      settings that will protect you from running and downloading known malicious

      programs. A tutorial on installing & using this product can be found here:

      Using SpywareBlaster to protect your computer from Spyware and Malware

    17. Update all these programs regularly - Make

      sure you update all the programs I have listed regularly. Without regular

      updates you WILL NOT be protected when new malicious programs are

      released.

    18. Follow this list and your potential for being infected again will

      reduce dramatically.

Share this post


Link to post
Share on other sites

Thanks Jacee, your advice had been priceless=)

 

As of now, I have Avast!, ZoneAlarm, Webroot Spy Sweeper and Spywareblaster protecting my laptop. Will refer all my friends to this thread should they need a guide on internet security=) Cheers!!!

 

Regards,

Tiley

Share this post


Link to post
Share on other sites

I just got A BSOD and all my Firefox bookmarks were wipeout! But IE bookmars remained intact. Is it some software conflict causing this?

 

EDIT: i got the BSOD when i opened My Computer while avast was doing a standard scan.

Edited by tileytan

Share this post


Link to post
Share on other sites

Make sure Windows Firewall is turned off. You may have a conflict between Avast and ZA, so try one of the other free firewalls mention above.

Share this post


Link to post
Share on other sites
Sign in to follow this  

×