Author Topic: hijackthis report to be analyzed please (Read 6247 times)

LadySaszy · « **on:** December 28, 2009, 02:49:03 AM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:42 AM, on 12/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
D:\Poohbear\New Folder\iWin Games\iWinTrusted.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Poohbear\Application Data\Smilebox\SmileboxTray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - D:\Poohbear\New Folder\iWin Games\iWinGamesHookIE.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - (no file)
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - (no file)
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EPSON WorkForce 500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE /FU "C:\WINDOWS\TEMP\E_S96.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ChkMail] ˆH
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\Poohbear\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US/Lycos/Sidesearch.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244178995187
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244178963972
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebiof5_3_10_0.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iWinTrusted - iWin Inc. - D:\Poohbear\New Folder\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O24 - Desktop Component 0: (no name) - http://image.imgfarm.com/bz/ptnr/mywebsearch/channels_02.gif
O24 - Desktop Component 1: (no name) - http://content.cometsystems.com/mcc2content/cursorgifs/cute_penguin02.gif

--
End of file - 11276 bytes

SuperDave · « **Reply #1 on:** December 28, 2009, 01:45:44 PM »

The first thing I will need you to do is to go to this link and follow the directions precisely.

LadySaszy · « **Reply #2 on:** December 30, 2009, 02:33:35 AM »

Thank you SuperDave.
Sorry I did it wrong.
I hope I've done it right this time.
This is for the laptop there will be another one coming for the desk top. (Just to keep them straight)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/29/2009 at 11:35 PM

Application Version : 4.32.1000

Core Rules Database Version : 4423
Trace Rules Database Version: 2249

Scan type : Complete Scan
Total Scan Time : 03:45:03

Memory items scanned : 464
Memory threats detected : 0
Registry items scanned : 5490
Registry threats detected : 51
File items scanned : 59441
File threats detected : 9

Adware.IWinGames
   HKLM\Software\Classes\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}
   HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}
   HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}
   HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\InprocServer32
   HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\InprocServer32#ThreadingModel
   HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\ProgID
   HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\Programmable
   HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\VersionIndependentProgID
   HKCR\IEHlprObj.IEHlprObj.1
   HKCR\IEHlprObj.IEHlprObj.1\CLSID
   HKCR\IEHlprObj.IEHlprObj
   D:\POOHBEAR\NEW FOLDER\IWIN GAMES\IWINGAMESHOOKIE.DLL
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}
   HKU\S-1-5-21-1136238034-4007117610-1027543403-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8CA5ED52-F3FB-4414-A105-2E3491156990}

Adware.Tracking Cookie
   C:\Documents and Settings\Poohbear\Cookies\[email protected][2].txt
   C:\Documents and Settings\Poohbear\Cookies\poohbear@atdmt[2].txt
   C:\Documents and Settings\Poohbear\Cookies\[email protected][2].txt

Adware.MyWebSearch/FunWebProducts
   HKU\S-1-5-21-1136238034-4007117610-1027543403-1004\SOFTWARE\FunWebProducts
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{5D423018-0510-4B14-A810-F8CF8514EA21}\RP712\A0158048.SCR
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{5D423018-0510-4B14-A810-F8CF8514EA21}\RP712\A0158062.SCR

Adware.MyWay
   HKLM\Software\MyWay
   HKLM\Software\MyWay\myBar
   HKLM\Software\MyWay\myBar#Dir
   HKLM\Software\MyWay\myBar#CurInstall
   HKLM\Software\MyWay\myBar#sr
   HKLM\Software\MyWay\myBar#pl
   HKLM\Software\MyWay\myBar#Id
   HKLM\Software\MyWay\myBar#CacheDir
   HKLM\Software\MyWay\myBar#HistoryDir
   HKLM\Software\MyWay\myBar#Visible
   HKLM\Software\MyWay\myBar#Maximized

Browser Hijacker.Deskbar
   HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
   HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0
   HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0
   HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0\win32
   HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\FLAGS
   HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\HELPDIR
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version
   HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}
   HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid
   HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid32
   HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib
   HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib#Version
   HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}
   HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid
   HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid32
   HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib
   HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib#Version
   HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
   HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid
   HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid32
   HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib
   HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib#Version

Trojan.IEService
   C:\WINDOWS\SYSTEM\IESERVICE.EXE

Adware.MyWebSearch
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{5D423018-0510-4B14-A810-F8CF8514EA21}\RP712\A0158087.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{5D423018-0510-4B14-A810-F8CF8514EA21}\RP712\A0158156.EXE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:42 AM, on 12/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
D:\Poohbear\New Folder\iWin Games\iWinTrusted.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Poohbear\Application Data\Smilebox\SmileboxTray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - D:\Poohbear\New Folder\iWin Games\iWinGamesHookIE.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - (no file)
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - (no file)
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EPSON WorkForce 500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE /FU "C:\WINDOWS\TEMP\E_S96.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ChkMail] ˆH
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\Poohbear\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US/Lycos/Sidesearch.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244178995187
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244178963972
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebiof5_3_10_0.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iWinTrusted - iWin Inc. - D:\Poohbear\New Folder\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O24 - Desktop Component 0: (no name) - http://image.imgfarm.com/bz/ptnr/mywebsearch/channels_02.gif
O24 - Desktop Component 1: (no name) - http://content.cometsystems.com/mcc2content/cursorgifs/cute_penguin02.gif

--
End of file - 11276 bytes

Malwarebytes' Anti-Malware 1.42
Database version: 3443
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/30/2009 1:20:41 AM
mbam-log-2009-12-30 (01-20-41).txt

Scan type: Quick Scan
Objects scanned: 117742
Time elapsed: 25 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thank you again
LadySaszy

SuperDave · « **Reply #3 on:** December 30, 2009, 01:40:00 PM »

Hello LadySaszy and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

•Start HijackThis
•Click on the Misc Tools button
•Click on the Open Uninstall Manager button.
•Click on the Save list... button and specify where you would like to save this file. When you press Save button a Notepad will open with the contents of that file. Save the file to your desktop.
Copy and paste this file in your next reply.

LadySaszy · « **Reply #4 on:** December 31, 2009, 10:17:23 PM »

ABBYY FineReader 6.0 Sprint
Acer Notebook Manager
acer screen saver
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
Agere Systems AC'97 Modem
Apple QuickTime Installer
AVG Free 8.5
CardRd81
CCleaner
CCScore
CR2
Cradle Of Rome (remove only)
DB CIF Cam
Disney Micro
Disney Micro
Disney Pix 3.1
Disney Pix Micro Downloader
EPSON Scan
EPSON WorkForce 500 Series Printer Uninstall
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvcpt
ESSvpaht
ESSvpot
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
HLPIndex
HLPPDOCK
HLPSFO
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel(R) Extreme Graphics Driver
iWin Games (remove only)
Java(TM) 6 Update 17
Jewel Quest 2 (remove only)
Kodak EasyShare software
KODAK Picture CD
KSU
Launch Manager V1.0.5.0
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Photo 7.0
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Windows Media Video 9 VCM
Microsoft Word 2002
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyDefrag v4.2.7
Notifier
NTI CD & DVD-Maker 6 Gold
OfotoXMI
OGA Notifier 2.0.0048.0
OTtBP
OTtBPSDK
PowerDVD
QuickTime
RealPlayer Basic
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
Revo Uninstaller Pro 2.0.2
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 8 (KB911565)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SFR
SFR2
SHASTA
Shockwave
SKIN0001
SKINXSDK
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Uniblue DriverScanner 2009
Uniblue DriverScanner 2009
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
V3705 Digital Camera Driver
VPRINTOL
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
Yahoo! Companion
Yahoo! Customizations

SuperDave · « **Reply #5 on:** January 01, 2010, 05:25:14 PM »

Could I ask why you think that your computer is infected?

LadySaszy · « **Reply #6 on:** January 03, 2010, 08:37:33 PM »

Se takes this computer to Tagged.com, My Space.com & Facebook.com and has gotten messages saying that the computer is infected and asks her to download software. I just wanted to be sure that there weren't any problems. Plus it has been running slow.
Thanks LadySaszy

SuperDave · « **Reply #7 on:** January 04, 2010, 08:38:28 AM »

Quote

Se takes this computer to Tagged.com, My Space.com & Facebook.com and has gotten messages saying that the computer is infected and asks her to download software.

What does this mean?

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O24 - Desktop Component 0: (no name) - http://image.imgfarm.com/bz/ptnr/mywebsearch/channels_02.gif
O24 - Desktop Component 1: (no name) - http://content.cometsystems.com/mcc2content/cursorgifs/cute_penguin02.gif

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
link #2

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts.
Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

LadySaszy · « **Reply #8 on:** January 04, 2010, 09:49:23 PM »

the 3 sites listed have been known to have hidden malware, not from the site but from others on the site.
Sometimes when logging on to one of those sites suddenly you are re-directed to another screen which tells you that "you are infected" and won't let you out unless you download the recommended program to remove the infections unless you shut down Internet Explorer all together. If you run your anti-virus it doesn't find any virus'
In answer to your question.
Thanks

ComboFix 10-01-04.01 - Poohbear 01/04/2010 20:17:05.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.238.34 [GMT -8:00]
Running from: c:\documents and settings\Poohbear\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Poohbear\My Documents\java.exe
c:\program files\iWin Games\iWinGamesHookIE.dll
d:\poohbear\NEW FOLDER\IWIN GAMES\IWINgameshookie.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-05 03:45 . 2010-01-05 03:45   --------   d-----w-   c:\documents and settings\All Users\Application Data\FileCure
2010-01-04 17:48 . 2009-12-21 17:07   2066200   ----a-w-   c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2010-01-02 11:35 . 2010-01-02 11:35   --------   d-----w-   c:\windows\system32\XPSViewer
2010-01-02 11:34 . 2010-01-02 11:34   --------   d-----w-   c:\program files\MSBuild
2010-01-02 11:33 . 2010-01-02 11:33   --------   d-----w-   c:\program files\Reference Assemblies
2010-01-02 11:32 . 2008-07-06 12:06   89088   ----a-w-   c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-02 11:29 . 2008-07-06 12:06   89088   ------w-   c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-02 11:29 . 2008-07-06 12:06   117760   ------w-   c:\windows\system32\prntvpt.dll
2010-01-02 11:29 . 2008-07-06 10:50   597504   ------w-   c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-01-02 11:29 . 2008-07-06 10:50   597504   ------w-   c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-02 11:29 . 2008-07-06 12:06   575488   ------w-   c:\windows\system32\xpsshhdr.dll
2010-01-02 11:29 . 2008-07-06 12:06   575488   ------w-   c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-02 11:29 . 2008-07-06 12:06   1676288   ------w-   c:\windows\system32\xpssvcs.dll
2010-01-02 11:29 . 2008-07-06 12:06   1676288   ------w-   c:\windows\system32\dllcache\xpssvcs.dll
2010-01-01 04:59 . 2009-04-01 11:01   2653056   ----a-w-   c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
2010-01-01 04:58 . 2010-01-01 04:58   --------   d-----w-   c:\documents and settings\All Users\Application Data\DriverScanner
2010-01-01 04:58 . 2010-01-01 04:58   --------   d-----w-   c:\program files\Uniblue
2010-01-01 04:58 . 2010-01-01 04:58   --------   d-----w-   c:\documents and settings\Poohbear\Application Data\Uniblue
2010-01-01 04:56 . 2010-01-01 04:56   --------   d--h--w-   c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2010-01-01 04:16 . 2010-01-01 04:16   --------   d-----w-   c:\program files\Disney Pix Micro Downloader
2010-01-01 01:15 . 2010-01-01 01:15   --------   d-----w-   c:\program files\Disney
2010-01-01 01:11 . 2010-01-01 01:11   --------   d-----w-   c:\program files\Disney Micro
2010-01-01 00:09 . 2010-01-01 00:09   --------   d-----w-   c:\documents and settings\Poohbear\Application Data\Disney Pix 3.1
2010-01-01 00:05 . 2008-02-21 18:08   38656   ----a-w-   c:\windows\system32\drivers\Capt9052.sys
2010-01-01 00:05 . 2008-02-21 18:08   25216   ----a-w-   c:\windows\system32\drivers\Camd9052.sys
2010-01-01 00:05 . 2008-04-13 18:39   5504   ----a-w-   c:\windows\system32\drivers\MSTEE.sys
2010-01-01 00:04 . 2008-04-13 18:46   10880   ----a-w-   c:\windows\system32\drivers\NdisIP.sys
2010-01-01 00:03 . 2008-04-13 18:46   15232   ----a-w-   c:\windows\system32\drivers\StreamIP.sys
2010-01-01 00:03 . 2008-04-13 18:46   11136   ----a-w-   c:\windows\system32\drivers\SLIP.sys
2010-01-01 00:03 . 2008-04-13 18:46   19200   ----a-w-   c:\windows\system32\drivers\WSTCODEC.SYS
2010-01-01 00:03 . 2008-04-13 18:46   85248   ----a-w-   c:\windows\system32\drivers\NABTSFEC.sys
2010-01-01 00:02 . 2008-04-13 18:46   17024   ----a-w-   c:\windows\system32\drivers\CCDECODE.sys
2010-01-01 00:02 . 2008-04-14 00:12   53760   ----a-w-   c:\windows\system32\vfwwdm32.dll
2010-01-01 00:00 . 2007-05-18 19:41   37760   ----a-w-   c:\windows\system32\drivers\Capt905c.sys
2010-01-01 00:00 . 2007-04-28 18:25   25216   ----a-w-   c:\windows\system32\drivers\Camd905c.sys
2010-01-01 00:00 . 2010-01-01 00:00   --------   d-----w-   c:\program files\DB CIF Cam
2009-12-31 23:43 . 2009-12-31 23:43   --------   d-----w-   c:\program files\WMV9_VCM
2009-12-30 03:38 . 2009-12-30 03:38   52224   ----a-w-   c:\documents and settings\Poohbear\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-30 03:38 . 2009-12-30 03:38   117760   ----a-w-   c:\documents and settings\Poohbear\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-30 03:37 . 2009-12-30 03:37   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-30 03:36 . 2009-12-30 03:36   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-12-30 03:36 . 2009-12-30 03:36   --------   d-----w-   c:\documents and settings\Poohbear\Application Data\SUPERAntiSpyware.com
2009-12-30 03:35 . 2009-12-30 03:35   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-12-28 09:24 . 2009-12-28 09:24   --------   d-----w-   c:\program files\Trend Micro
2009-12-28 09:19 . 2009-12-28 09:18   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-12-28 09:17 . 2009-12-28 09:17   --------   d-----w-   c:\program files\Java
2009-12-28 08:27 . 2009-12-28 08:27   --------   d-----w-   c:\documents and settings\Poohbear\Application Data\Malwarebytes
2009-12-28 08:26 . 2009-12-04 00:14   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 08:26 . 2009-12-28 08:26   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-28 08:26 . 2009-12-04 00:13   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-12-28 08:26 . 2009-12-28 08:26   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-12-24 06:52 . 2009-12-24 06:52   --------   d-----w-   c:\documents and settings\Poohbear\Local Settings\Application Data\VS Revo Group
2009-12-24 06:51 . 2009-12-21 01:40   27064   ----a-w-   c:\windows\system32\drivers\revoflt.sys
2009-12-24 06:51 . 2009-12-24 06:51   --------   d-----w-   c:\program files\VS Revo Group
2009-12-24 04:43 . 2009-12-24 04:43   --------   d-----w-   c:\program files\MyDefrag v4.2.7
2009-12-24 03:57 . 2009-12-24 03:57   --------   d-----w-   c:\program files\CCleaner
2009-12-10 20:07 . 2009-12-10 20:07   --------   d-----w-   c:\windows\system32\wbem\Repository
2009-12-07 12:14 . 2009-12-07 12:14   1593992   ----a-w-   c:\documents and settings\Poohbear\Application Data\Smilebox\SmileboxClient.exe
2009-12-07 11:39 . 2009-12-07 11:39   344712   ----a-w-   c:\documents and settings\Poohbear\Application Data\Smilebox\SmileboxDvdEngine.dll
2009-12-07 11:39 . 2009-12-07 11:39   123528   ----a-w-   c:\documents and settings\Poohbear\Application Data\Smilebox\SmileboxUpdater.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 03:46 . 2003-10-08 16:36   114616   ----a-w-   c:\documents and settings\Poohbear\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-07 12:22 . 2009-09-22 19:37   266888   ----a-w-   c:\documents and settings\Poohbear\Application Data\Smilebox\SmileboxTray.exe
2009-12-07 12:22 . 2009-09-22 19:37   205448   ----a-w-   c:\documents and settings\Poohbear\Application Data\Smilebox\SmileboxDvd.exe
2009-12-07 12:22 . 2009-09-22 18:29   373384   ----a-w-   c:\documents and settings\Poohbear\Application Data\Smilebox\SmileboxStarter.exe
2009-12-07 12:22 . 2009-09-22 17:57   168584   ----a-w-   c:\documents and settings\Poohbear\Application Data\Smilebox\SmileboxBrowserEngine.dll
2009-10-29 07:45 . 2006-06-23 19:33   916480   ----a-w-   c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2006-11-12 05:17   25088   ----a-w-   c:\windows\system32\httpapi.dll
2009-10-21 05:38 . 2006-11-12 05:17   75776   ----a-w-   c:\windows\system32\strmfilt.dll
2009-10-20 16:20 . 2006-11-12 05:17   265728   ----a-w-   c:\windows\system32\drivers\http.sys
2009-10-19 20:17 . 2009-10-19 20:17   57943   ----a-w-   c:\documents and settings\Poohbear\Application Data\Smilebox\uninstall.exe
2009-10-13 10:30 . 2006-05-14 10:13   270336   ----a-w-   c:\windows\system32\oakley.dll
2009-10-12 13:38 . 1980-01-01 08:00   149504   ----a-w-   c:\windows\system32\rastls.dll
2009-10-12 13:38 . 1980-01-01 08:00   79872   ----a-w-   c:\windows\system32\raschap.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2002-08-29 . 2564949DBE5F643F50913BBE45D346E2 . 1157632 . . [5.1.2600.1106] . . c:\windows\SoftwareDistribution\Download\S-1-5-18\8b5e9cdb91dddbb342695fbdc36fe0e4\backup\sfcfiles.dll

c:\windows\System32\sfcfiles.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 19:58   1107200   ----a-w-   c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ChkMail"="ˆH" [X]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-12 39408]
"SmileboxTray"="c:\documents and settings\Poohbear\Application Data\Smilebox\SmileboxTray.exe" [2009-12-07 266888]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-17 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="LaunApp" [X]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-04-25 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-04-25 610304]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2003-05-12 32768]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2003-05-19 45056]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-05-12 167936]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2003-05-28 53248]
"AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 88107]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2002-11-25 172032]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-03-31 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-07-26 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-10-20 169472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-15 16:44   11952   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"d:\\Poohbear\\New Folder\\iWin Games\\iWinGames.exe"=
"d:\\Poohbear\\New Folder\\iWin Games\\WebUpdater.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/4/2009 9:45 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/4/2009 9:45 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R2 acernbm;acernbm;c:\windows\system32\drivers\acernbm.sys [5/20/2003 12:00 AM 6570]
R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [6/2/2003 11:45 AM 2343]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
S1 mailKmd;mailKmd;

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [12/23/2009 10:51 PM 27064]
S3 SQTECH9052;Disney Micro;c:\windows\system32\drivers\Capt9052.sys [12/31/2009 4:05 PM 38656]
.
Contents of the 'Scheduled Tasks' folder

2010-01-05 c:\windows\Tasks\User_Feed_Synchronization-{EC40516E-CB47-409C-8C66-F20F3931503F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 12:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.facebook.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Search
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - hxxp://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AcerNotebookManager - (no file)
AddRemove-{{598D99F7-B97C-424F-B899-69B339336411}} - c:\program files\InstallShield Installation Information\{{598D99F7-B97C-424F-B899-69B339336411}}\setup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-04 20:30
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(536)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-01-04 20:35:14
ComboFix-quarantined-files.txt 2010-01-05 04:34

Pre-Run: 2,670,411,776 bytes free
Post-Run: 2,671,165,440 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - A932E26E80666A6D9A6ED7F4B1AD90C4

SuperDave · « **Reply #9 on:** January 05, 2010, 04:48:53 PM »

Quote

the 3 sites listed have been known to have hidden malware, not from the site but from others on the site.
Sometimes when logging on to one of those sites suddenly you are re-directed to another screen which tells you that "you are infected" and won't let you out unless you download the recommended program to remove the infections unless you shut down Internet Explorer all together. If you run your anti-virus it doesn't find any virus'
In answer to your question.
Thanks

I went on all three sites and didn't find any problems. It's another infection on your computer that's causing this problem and we're going to find it.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - D:\Poohbear\New Folder\iWin Games\iWinGamesHookIE.dll
O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - (no file)
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - (no file)
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O3 - Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O4 - HKCU\..\Run: [ChkMail] ˆH
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US/Lycos/Sidesearch.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

FCopy::
c:\windows\ServicePackFiles\i386\sfcfiles.dll | c:\windows\System32\sfcfiles.dll

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

Are you still having problems with those sites?

LadySaszy · « **Reply #10 on:** January 09, 2010, 05:14:17 AM »

It's no longer important. Thank you for all of your help. The laptop shut down today and will no longer power up

Computer Hope Forum

News:

Author Topic: hijackthis report to be analyzed please (Read 6247 times)

LadySaszy

hijackthis report to be analyzed please

SuperDave

Re: hijackthis report to be analyzed please

LadySaszy

Re: hijackthis report to be analyzed please

SuperDave

Re: hijackthis report to be analyzed please

LadySaszy

Re: hijackthis report to be analyzed please

SuperDave

Re: hijackthis report to be analyzed please

LadySaszy

Re: hijackthis report to be analyzed please

SuperDave

Re: hijackthis report to be analyzed please

LadySaszy

Re: hijackthis report to be analyzed please

SuperDave

Re: hijackthis report to be analyzed please

LadySaszy

Re: hijackthis report to be analyzed please