Need help removing Braviax, CRU629 and PCAntispyware 2010

Posted 8/18/2009 10:50 PM
#76162
User avatar

VTXRider02 Valued member

Date Joined Nov 2016
Total Posts: 18
I have spent several days trying to rid my son's laptop of these viruses, and maybe more. I will greatly appreciate any assistance.


Here is the HJT log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:54 PM, on 8/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\c1cc9316-f32e-43cf-b477-1dd93595186f.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
C:\Program Files\Sprint\Sprint SmartView\SwiApiMuxCdma.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\internet explorer\iexplore.exe
C:\HJT\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe tapi.nfo beforeglav
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\c1cc9316-f32e-43cf-b477-1dd93595186f.exe
O4 - HKUS\S-1-5-21-2655507832-3565654872-2510279495-500\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Administrator')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - https://photos1.walmart.com/WalmartActivia.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - https://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10146 bytes



Please let me know if further infomation is needed. Thank you so much.
Posted 8/18/2009 10:59 PM
#76164
User avatar

VTXRider02 Valued member

Date Joined Nov 2016
Total Posts: 18
Here is the Superantispyware log. I omitted it . Sorry and thanks.

Scan Log
https://www.superantispyware.com

Generated 08/18/2009 at 05:41 PM

Application Version : 4.27.1002

Core Rules Database Version : 4061
Trace Rules Database Version: 2001

Scan type : Complete Scan
Total Scan Time : 00:17:06

Memory items scanned : 642
Memory threats detected : 2
Registry items scanned : 5069
Registry threats detected : 13
File items scanned : 14030
File threats detected : 11

Trojan.Smitfraud Variant-Gen/Bensorty
C:\WINDOWS\SYSTEM32\HS7F3UHDUHFUKDE.DLL
C:\WINDOWS\SYSTEM32\HS7F3UHDUHFUKDE.DLL

Trojan.Dropper/Sys-NV
C:\WINDOWS\SYSTEM32\TAPI.NFO
C:\WINDOWS\SYSTEM32\TAPI.NFO
C:\WINDOWS\SYSTEM32\XWREG32.DLL

Trojan.Agent/Gen-Ertfor
HKLM\Software\Classes\CLSID\{BD56A320-23F2-42AD-F4E4-00AAC39CAA53}
HKCR\CLSID\{BD56A320-23F2-42AD-F4E4-00AAC39CAA53}
HKCR\CLSID\{BD56A320-23F2-42AD-F4E4-00AAC39CAA53}
HKCR\CLSID\{BD56A320-23F2-42AD-F4E4-00AAC39CAA53}#ThreadingModel
HKCR\CLSID\{BD56A320-23F2-42AD-F4E4-00AAC39CAA53}\InProcServer32
HKCR\CLSID\{BD56A320-23F2-42AD-F4E4-00AAC39CAA53}\InProcServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{BD56A320-23F2-42AD-F4E4-00AAC39CAA53}
HKU\S-1-5-21-2655507832-3565654872-2510279495-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD56A320-23F2-42AD-F4E4-00AAC39CAA53}

Rootkit.Agent/Gen-WZSZX
HKLM\system\controlset001\services\WZSZXserv.sys
C:\WINDOWS\SYSTEM32\DRIVERS\WZSZXAWYQLYTKKCPGIDLMRHVHWSAKPOEUYNDY.SYS
HKLM\system\controlset003\services\WZSZXserv.sys

Rogue.PCAntiSpyware2010
HKLM\SOFTWARE\PC_Antispyware2010
HKLM\SOFTWARE\PC_Antispyware2010#info
HKLM\SOFTWARE\PC_Antispyware2010#email3

Trojan.Agent/Gen-MSFake
C:\DOCUMENTS AND SETTINGS\ANDY\LOCAL SETTINGS\TEMP\WZSZXB57.TMP

Trojan.Agent/Gen-FraudLoad
C:\UMOIKCHF.EXE

Trojan.Unclassified/BraviaX
C:\WINDOWS\BRAVIAX.EXE

Trojan.Downloader-Gen/Win
C:\WINDOWS\CRU629.DAT
C:\WINDOWS\SYSTEM32\CRU629.DAT

Rootkit.BraviaX-Installer
C:\WINDOWS\SYSTEM32\DLLCACHE\BEEP.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\BEEP.SYS
Posted 8/18/2009 11:06 PM
#76165
User avatar

VTXRider02 Valued member

Date Joined Nov 2016
Total Posts: 18
Here is the Combofix file. Sorry and thanks again.

ComboFix 09-05-11.09 - Andy 08/18/2009 18:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.894.412 [GMT -4:00]
Running from: c:\documents and settings\Andy\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated)
AV: PC Tools AntiVirus 6.0.0.19 *On-access scanning disabled* (Outdated)
FW: Norton Internet Security *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
.

2009-08-18 21:58 . 2009-08-18 21:58 -------- d-----w c:\windows\LastGood
2009-08-18 21:20 . 2009-08-18 21:20 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-18 21:19 . 2009-08-18 21:20 -------- d-----w c:\program files\SUPERAntiSpyware
2009-08-18 21:19 . 2009-08-18 21:19 -------- d-----w c:\documents and settings\Andy\Application Data\SUPERAntiSpyware.com
2009-08-18 21:18 . 2009-08-18 21:18 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-08-18 21:16 . 2009-08-18 21:16 190157 ----a-w c:\windows\system32\wisdstr.exe
2009-08-18 19:11 . 2009-08-18 19:11 -------- d-----w c:\program files\CCleaner
2009-08-16 05:41 . 2009-08-16 05:41 -------- d-----w c:\documents and settings\Administrator\Application Data\PC Tools
2009-08-16 02:46 . 2009-08-18 18:52 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-08-16 02:30 . 2009-08-16 03:01 -------- d-----w C:\!KillBox
2009-08-16 02:21 . 2009-02-10 14:13 28560 ----a-w c:\windows\system32\drivers\AVHook.sys
2009-08-16 02:21 . 2009-02-10 14:13 21904 ----a-w c:\windows\system32\drivers\AVRec.sys
2009-08-16 02:21 . 2009-02-10 14:13 21904 ----a-w c:\windows\system32\drivers\AVFilter.sys
2009-08-16 02:21 . 2009-08-18 22:14 -------- d-----w c:\program files\PC Tools AntiVirus
2009-08-16 01:59 . 2009-08-16 16:47 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-08-16 01:59 . 2009-08-18 19:20 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-16 00:22 . 2009-08-16 00:42 -------- d-----w c:\program files\Windows Live Safety Center
2009-08-15 14:26 . 2009-08-15 14:26 -------- d-----w c:\documents and settings\Administrator\Application Data\Sierra Wireless
2009-08-15 14:25 . 2009-08-15 14:25 -------- d-----w c:\documents and settings\Administrator\Application Data\Sprint
2009-08-13 04:37 . 2009-08-15 16:04 -------- d--h--w C:\$AVG8.VAULT$
2009-08-13 04:34 . 2009-08-13 04:34 -------- d-----w c:\program files\AVG
2009-08-13 04:34 . 2009-08-15 22:51 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-08-13 01:38 . 2008-12-11 12:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-08-13 01:38 . 2009-04-03 14:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-08-13 01:38 . 2008-12-18 15:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-13 01:38 . 2009-08-13 01:38 -------- d-----w c:\program files\Common Files\PC Tools
2009-08-13 01:38 . 2008-12-10 15:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-08-13 01:38 . 2009-08-16 02:27 -------- d-----w c:\documents and settings\Andy\Application Data\PC Tools
2009-08-13 01:38 . 2009-08-16 02:27 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-08-13 01:38 . 2009-08-18 19:07 -------- d-----w c:\program files\Spyware Doctor
2009-08-12 14:46 . 2009-08-12 14:46 -------- d-----w c:\documents and settings\Andy\Application Data\AVG8
2009-08-11 23:59 . 2009-08-11 23:59 12507 ----a-w c:\documents and settings\All Users\Application Data\hates.bin
2009-08-08 23:02 . 2009-08-08 23:02 26624 ----a-w c:\windows\system32\WZSZXocdcxguyfnkmnuqvdrsdognapvnfxnod.dll
2009-08-08 22:32 . 2009-08-08 23:02 343040 ----a-w c:\windows\system32\WZSZXvtlgpbkjbcjfpnouegfpxedbjbqllicb.dll
2009-08-08 22:32 . 2009-08-08 23:02 54272 ----a-w c:\windows\system32\WZSZXfmxyfdbtbjijmgnvvybqujybhijjkyjh.dll
2009-08-08 22:32 . 2009-08-08 22:32 32768 ----a-w c:\windows\system32\WZSZXebirkdtyrmoytgksbaxjmogmjfuhadvg.dll
2009-08-08 22:32 . 2009-08-08 22:32 44032 ----a-w C:\phheq.exe
2009-08-08 22:30 . 2009-08-08 22:30 19456 ----a-w C:\niawndos.exe
2009-08-06 12:51 . 2009-08-06 12:51 -------- d-----w c:\documents and settings\Andy\Application Data\Snapfish
2009-07-31 19:38 . 2009-08-16 01:39 -------- d-----w c:\program files\Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 23:45 . 2009-06-30 18:29 -------- d-----w c:\program files\Microsoft Silverlight
2009-08-01 18:16 . 2007-12-04 22:51 434 ----a-w c:\documents and settings\Andy\Application Data\wklnhst.dat
2009-07-06 16:08 . 2007-12-05 22:40 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-07-02 03:54 . 2007-11-29 10:38 -------- d-----w c:\program files\Microsoft Works
2009-06-26 15:59 . 2004-08-10 18:51 668160 ----a-w c:\windows\system32\wininet.dll
2009-06-26 15:59 . 2004-08-10 18:51 81920 ----a-w c:\windows\system32\ieencode.dll
2009-06-16 14:55 . 2004-08-10 18:51 119808 ----a-w c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2004-08-10 18:51 82432 ----a-w c:\windows\system32\fontsub.dll
2009-06-03 19:27 . 2004-08-10 18:51 1290752 ----a-w c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-06-30 2836376]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\c1cc9316-f32e-43cf-b477-1dd93595186f.exe" [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 851968]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-29 1862144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-01-14 771704]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-14 188416]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2008-10-15 17664]
"PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2009-02-19 1374096]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-04-24 303104]

c:\documents and settings\Andy\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-1-22 147456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-11-29 7168]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-29 50688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe rundll32.exe tapi.nfo beforeglav"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Sprint\\Sprint SmartView\\SwiApiMux.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [11/29/2007 6:09 AM 3456]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/12/2009 9:38 PM 130936]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/12/2009 9:38 PM 348752]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2f9cd69-8794-11de-b512-00a0d5ffff85}]
\Shell\AutoRun\command - setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-07-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-08-04 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Andy.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 09:09]
.
- - - - ORPHANS REMOVED - - - -

BHO-{BD56A320-23F2-42AD-F4E4-00AAC39CAA53} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-PEVSystemStart


.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-08-18 18:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BD56A320-23F2-42AD-F4E4-00AAC39CAA53}\InProcServer32]
@Class="REG_SZ"
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\hs7f3uhduhfukde.dll"
"ThreadingModel"="Apartment"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1176)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(1232)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'Explorer.exe'(592)
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\windows\system32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2009-08-18 18:18
ComboFix-quarantined-files.txt 2009-08-18 22:18

Pre-Run: 105,426,702,336 bytes free
Post-Run: 105,429,233,664 bytes free

195 --- E O F --- 2009-08-01 07:00
Posted 8/19/2009 1:02 AM
#76170
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Hello VTXRider02,


Those two scans took care of some tough malware. Let's make other corrections now and scan after.


First follow the steps here to disable SpyBot's TeaTimer, as it will interfere with the repairs. Be sure to do all the steps, including the required reboot. If you have any difficulties accomplishing those then please go ahead and uninstall SpyBot - TeaTimer has been causing too many problems in repairs to make it worth any extra effort while we do them. You can always reinstall it after if you choose to.

And to keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.



Make a copy of the following list, then close Internet Explorer and all running programs and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis.

F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe tapi.nfo beforeglav

--------------------

Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it:

[code]KillAll::
File::
c:\windows\system32\wisdstr.exe
c:\documents and settings\All Users\Application Data\hates.bin
c:\windows\system32\WZSZXocdcxguyfnkmnuqvdrsdognapvnfxnod.dll
c:\windows\system32\WZSZXvtlgpbkjbcjfpnouegfpxedbjbqllicb.dll
c:\windows\system32\WZSZXfmxyfdbtbjijmgnvvybqujybhijjkyjh.dll
c:\windows\system32\WZSZXebirkdtyrmoytgksbaxjmogmjfuhadvg.dll
C:\phheq.exe
C:\niawndos.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BD56A320-23F2-42AD-F4E4-00AAC39CAA53}\InProcServer32][/code]
Save this to your desktop as CFScript.txt


You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

-------------

Download Malwarebytes' Anti-Malware from Here or Here.

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

-------------

Post the new C:\ComboFix.txt log and the Malwarebytes log please.
Posted 8/19/2009 3:28 AM
#76180
User avatar

VTXRider02 Valued member

Date Joined Nov 2016
Total Posts: 18
Here is the new Combofix log:

ComboFix 09-05-11.09 - Andy 08/18/2009 23:15.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.894.528 [GMT -4:00]
Running from: c:\documents and settings\Andy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Andy\Desktop\CFScript.txt
AV: PC Tools AntiVirus 6.0.0.19 *On-access scanning disabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
c:\documents and settings\All Users\Application Data\hates.bin
C:\niawndos.exe
C:\phheq.exe
c:\windows\system32\wisdstr.exe
c:\windows\system32\WZSZXebirkdtyrmoytgksbaxjmogmjfuhadvg.dll
c:\windows\system32\WZSZXfmxyfdbtbjijmgnvvybqujybhijjkyjh.dll
c:\windows\system32\WZSZXocdcxguyfnkmnuqvdrsdognapvnfxnod.dll
c:\windows\system32\WZSZXvtlgpbkjbcjfpnouegfpxedbjbqllicb.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\hates.bin
C:\niawndos.exe
C:\phheq.exe
c:\windows\system32\wisdstr.exe
c:\windows\system32\WZSZXebirkdtyrmoytgksbaxjmogmjfuhadvg.dll
c:\windows\system32\WZSZXfmxyfdbtbjijmgnvvybqujybhijjkyjh.dll
c:\windows\system32\WZSZXocdcxguyfnkmnuqvdrsdognapvnfxnod.dll
c:\windows\system32\WZSZXvtlgpbkjbcjfpnouegfpxedbjbqllicb.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-19 to 2009-08-19 )))))))))))))))))))))))))))))))
.

2009-08-18 22:23 . 2009-08-19 03:06 -------- d-----w C:\HJT
2009-08-18 21:20 . 2009-08-18 21:20 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-18 21:19 . 2009-08-18 21:20 -------- d-----w c:\program files\SUPERAntiSpyware
2009-08-18 21:19 . 2009-08-18 21:19 -------- d-----w c:\documents and settings\Andy\Application Data\SUPERAntiSpyware.com
2009-08-18 21:18 . 2009-08-18 21:18 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-08-18 19:11 . 2009-08-18 19:11 -------- d-----w c:\program files\CCleaner
2009-08-16 05:41 . 2009-08-16 05:41 -------- d-----w c:\documents and settings\Administrator\Application Data\PC Tools
2009-08-16 02:46 . 2009-08-18 18:52 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-08-16 02:30 . 2009-08-16 03:01 -------- d-----w C:\!KillBox
2009-08-16 02:21 . 2009-02-10 14:13 28560 ----a-w c:\windows\system32\drivers\AVHook.sys
2009-08-16 02:21 . 2009-02-10 14:13 21904 ----a-w c:\windows\system32\drivers\AVRec.sys
2009-08-16 02:21 . 2009-02-10 14:13 21904 ----a-w c:\windows\system32\drivers\AVFilter.sys
2009-08-16 02:21 . 2009-08-19 03:17 -------- d-----w c:\program files\PC Tools AntiVirus
2009-08-16 01:59 . 2009-08-16 16:47 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-08-16 01:59 . 2009-08-19 02:21 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-16 00:22 . 2009-08-16 00:42 -------- d-----w c:\program files\Windows Live Safety Center
2009-08-15 14:26 . 2009-08-15 14:26 -------- d-----w c:\documents and settings\Administrator\Application Data\Sierra Wireless
2009-08-15 14:25 . 2009-08-15 14:25 -------- d-----w c:\documents and settings\Administrator\Application Data\Sprint
2009-08-13 04:37 . 2009-08-15 16:04 -------- d--h--w C:\$AVG8.VAULT$
2009-08-13 04:34 . 2009-08-13 04:34 -------- d-----w c:\program files\AVG
2009-08-13 04:34 . 2009-08-15 22:51 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-08-13 01:38 . 2008-12-11 12:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-08-13 01:38 . 2009-04-03 14:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-08-13 01:38 . 2008-12-18 15:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-13 01:38 . 2009-08-13 01:38 -------- d-----w c:\program files\Common Files\PC Tools
2009-08-13 01:38 . 2008-12-10 15:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-08-13 01:38 . 2009-08-16 02:27 -------- d-----w c:\documents and settings\Andy\Application Data\PC Tools
2009-08-13 01:38 . 2009-08-16 02:27 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-08-13 01:38 . 2009-08-18 19:07 -------- d-----w c:\program files\Spyware Doctor
2009-08-12 14:46 . 2009-08-12 14:46 -------- d-----w c:\documents and settings\Andy\Application Data\AVG8
2009-08-06 12:51 . 2009-08-06 12:51 -------- d-----w c:\documents and settings\Andy\Application Data\Snapfish
2009-07-31 19:38 . 2009-08-16 01:39 -------- d-----w c:\program files\Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 02:59 . 2007-12-05 22:40 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-08-19 02:54 . 2007-12-05 22:41 -------- d-----w c:\program files\Symantec
2009-08-03 23:45 . 2009-06-30 18:29 -------- d-----w c:\program files\Microsoft Silverlight
2009-08-01 18:16 . 2007-12-04 22:51 434 ----a-w c:\documents and settings\Andy\Application Data\wklnhst.dat
2009-07-02 03:54 . 2007-11-29 10:38 -------- d-----w c:\program files\Microsoft Works
2009-06-26 15:59 . 2004-08-10 18:51 668160 ----a-w c:\windows\system32\wininet.dll
2009-06-26 15:59 . 2004-08-10 18:51 81920 ----a-w c:\windows\system32\ieencode.dll
2009-06-16 14:55 . 2004-08-10 18:51 119808 ----a-w c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2004-08-10 18:51 82432 ----a-w c:\windows\system32\fontsub.dll
2009-06-03 19:27 . 2004-08-10 18:51 1290752 ----a-w c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-18_22.17.53 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-06-30 2836376]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\c1cc9316-f32e-43cf-b477-1dd93595186f.exe" [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 851968]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-29 1862144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-14 188416]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2008-10-15 17664]
"PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2009-02-19 1374096]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-04-24 303104]

c:\documents and settings\Andy\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-1-22 147456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-11-29 7168]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-29 50688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Sprint\\Sprint SmartView\\SwiApiMux.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [11/29/2007 6:09 AM 3456]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/12/2009 9:38 PM 130936]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/12/2009 9:38 PM 348752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2f9cd69-8794-11de-b512-00a0d5ffff85}]
\Shell\AutoRun\command - setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-07-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-08-18 23:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BD56A320-23F2-42AD-F4E4-00AAC39CAA53}\InProcServer32]
@Class="REG_SZ"
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\hs7f3uhduhfukde.dll"
"ThreadingModel"="Apartment"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(768)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(2636)
c:\windows\system32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\PC Tools AntiVirus\PCTAVSvc.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\windows\system32\sndvol32.exe
.
**************************************************************************
.
Completion time: 2009-08-19 23:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-19 03:20
ComboFix2.txt 2009-08-18 22:18

Pre-Run: 106,108,870,656 bytes free
Post-Run: 106,112,200,704 bytes free

215 --- E O F --- 2009-08-01 07:00


Wow, it appears to be fixed. I thank you so very much. I will download the remaining programs you have instructed. I will let you know how it finishes out. Thanks again.
Posted 8/19/2009 3:44 AM
#76181
User avatar

VTXRider02 Valued member

Date Joined Nov 2016
Total Posts: 18
Here is the first Malwarebytes Anti-Mlware log:

Malwarebytes' Anti-Malware 1.40
Database version: 2651
Windows 5.1.2600 Service Pack 2

8/18/2009 11:36:09 PM
mbam-log-2009-08-18 (23-36-09).txt

Scan type: Quick Scan
Objects scanned: 93289
Time elapsed: 3 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{bd56a320-23f2-42ad-f4e4-00aac39caa53} (Trojan.Ertfor) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I will run Combofix and Malwarebytes again and then post the logs.
Posted 8/19/2009 3:59 AM
#76182
User avatar

VTXRider02 Valued member

Date Joined Nov 2016
Total Posts: 18
This is the latest Combofix log:

ComboFix 09-08-10.06 - Andy 08/18/2009 23:49.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.894.477 [GMT -4:00]
Running from: c:\documents and settings\Andy\Desktop\ComboFix.exe
AV: PC Tools AntiVirus 6.0.0.19 *On-access scanning disabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Tools AntiVirus.lnk
c:\documents and settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Tools AntiVirus.lnk
c:\windows\Installer\c5d60.msi


.
((((((((((((((((((((((((( Files Created from 2009-07-19 to 2009-08-19 )))))))))))))))))))))))))))))))
.

2009-08-19 03:30 . 2009-08-19 03:30 -------- d-----w- c:\documents and settings\Andy\Application Data\Malwarebytes
2009-08-19 03:30 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-19 03:30 . 2009-08-19 03:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-19 03:30 . 2009-08-19 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-19 03:30 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-18 22:23 . 2009-08-19 03:06 -------- d-----w- C:\HJT
2009-08-18 21:21 . 2009-08-19 03:39 117760 ----a-w- c:\documents and settings\Andy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-18 21:20 . 2009-08-18 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-18 21:19 . 2009-08-18 21:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-18 21:19 . 2009-08-18 21:19 -------- d-----w- c:\documents and settings\Andy\Application Data\SUPERAntiSpyware.com
2009-08-18 21:18 . 2009-08-18 21:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-18 19:11 . 2009-08-18 19:11 -------- d-----w- c:\program files\CCleaner
2009-08-16 05:41 . 2009-08-16 05:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2009-08-16 02:46 . 2009-08-18 18:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-16 02:30 . 2009-08-16 03:01 -------- d-----w- C:\!KillBox
2009-08-16 02:21 . 2009-02-10 14:13 21904 ----a-w- c:\windows\system32\drivers\AVRec.sys
2009-08-16 02:21 . 2009-02-10 14:13 28560 ----a-w- c:\windows\system32\drivers\AVHook.sys
2009-08-16 02:21 . 2009-02-10 14:13 21904 ----a-w- c:\windows\system32\drivers\AVFilter.sys
2009-08-16 02:21 . 2009-08-19 03:38 -------- d-----w- c:\program files\PC Tools AntiVirus
2009-08-16 01:59 . 2009-08-19 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-16 01:59 . 2009-08-16 16:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-16 00:22 . 2009-08-16 00:42 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-15 14:26 . 2009-08-15 14:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sierra Wireless
2009-08-15 14:25 . 2009-08-15 14:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sprint
2009-08-13 04:37 . 2009-08-15 16:04 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-13 04:34 . 2009-08-15 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-13 04:34 . 2009-08-13 04:34 -------- d-----w- c:\program files\AVG
2009-08-13 01:38 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-13 01:38 . 2009-04-03 14:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-13 01:38 . 2008-12-18 15:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-13 01:38 . 2009-08-13 01:38 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-13 01:38 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-13 01:38 . 2009-08-18 19:07 -------- d-----w- c:\program files\Spyware Doctor
2009-08-13 01:38 . 2009-08-16 02:27 -------- d-----w- c:\documents and settings\Andy\Application Data\PC Tools
2009-08-13 01:38 . 2009-08-16 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-08-12 14:46 . 2009-08-12 14:46 -------- d-----w- c:\documents and settings\Andy\Application Data\AVG8
2009-08-06 12:51 . 2009-08-06 12:51 -------- d-----w- c:\documents and settings\Andy\Application Data\Snapfish
2009-07-31 19:38 . 2009-08-16 01:39 -------- d-----w- c:\program files\Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 03:49 . 2007-11-29 10:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-19 03:39 . 2008-01-29 03:19 -------- d-----w- c:\documents and settings\Andy\Application Data\LimeWire
2009-08-19 02:59 . 2007-12-05 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-19 02:59 . 2007-12-05 22:40 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-19 02:54 . 2007-12-05 22:41 -------- d-----w- c:\program files\Symantec
2009-08-03 23:45 . 2009-06-30 18:29 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-01 18:16 . 2007-12-04 22:51 434 ----a-w- c:\documents and settings\Andy\Application Data\wklnhst.dat
2009-07-18 18:46 . 2008-05-21 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-02 03:54 . 2007-11-29 10:38 -------- d-----w- c:\program files\Microsoft Works
2009-06-26 15:59 . 2004-08-10 18:51 668160 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 15:59 . 2004-08-10 18:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-16 14:55 . 2004-08-10 18:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2004-08-10 18:51 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:27 . 2004-08-10 18:51 1290752 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-18_22.17.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-30 18:29 . 2009-06-30 18:29 51712 c:\windows\Installer\d6fe5.msi
+ 2008-05-21 00:44 . 2008-05-21 00:44 48128 c:\windows\Installer\81994.msi
+ 2007-11-29 10:31 . 2007-11-29 10:31 458240 c:\windows\Installer\98d2.msi
+ 2007-11-29 10:30 . 2007-11-29 10:30 965632 c:\windows\Installer\98c4.msi
+ 2007-11-29 10:30 . 2007-11-29 10:30 331264 c:\windows\Installer\98bf.msi
+ 2007-11-29 10:27 . 2007-11-29 10:27 221184 c:\windows\Installer\98ba.msi
+ 2009-07-30 15:52 . 2009-07-30 15:52 248832 c:\windows\Installer\868d3cb.msi
+ 2008-05-21 00:56 . 2008-05-21 00:56 465408 c:\windows\Installer\819f6.msi
+ 2008-05-21 00:47 . 2008-05-21 00:47 501248 c:\windows\Installer\819c3.msi
+ 2008-05-21 00:46 . 2008-05-21 00:46 501248 c:\windows\Installer\819af.msi
+ 2008-05-21 00:46 . 2008-05-21 00:46 506880 c:\windows\Installer\819aa.msi
+ 2008-05-21 00:45 . 2008-05-21 00:45 516608 c:\windows\Installer\819a4.msi
+ 2008-05-21 00:45 . 2008-05-21 00:45 513024 c:\windows\Installer\8199e.msi
+ 2008-05-21 00:43 . 2008-05-21 00:43 501248 c:\windows\Installer\8197d.msi
+ 2004-08-10 19:08 . 2004-08-10 19:08 264704 c:\windows\Installer\7506.msi
+ 2008-12-30 03:13 . 2008-12-30 03:13 972800 c:\windows\Installer\5efd4d.msi
+ 2008-12-30 03:12 . 2008-12-30 03:12 432640 c:\windows\Installer\5efd47.msi
+ 2007-11-29 10:36 . 2007-11-29 10:36 420352 c:\windows\Installer\1aec1.msi
+ 2007-12-04 23:06 . 2007-12-04 23:06 431104 c:\windows\Installer\10d886.msi
+ 2008-05-21 00:55 . 2008-05-21 00:55 957440 c:\windows\Downloaded Installations\{C5C8A6C7-2409-415C-9106-972E6302A1D6}\HP Driver Diagnostics.msi
+ 2004-08-10 18:51 . 2004-08-04 11:00 1326080 c:\windows\system32\webfldrs.msi
+ 2007-05-25 17:08 . 2007-05-25 17:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2009-01-15 07:35 . 2009-01-15 07:35 4830720 c:\windows\Installer\d6feb.msp
+ 2009-08-18 21:19 . 2009-08-18 21:19 1516544 c:\windows\Installer\874f6a.msi
+ 2008-05-21 00:47 . 2008-05-21 00:47 1652736 c:\windows\Installer\819be.msi
+ 2008-05-21 00:46 . 2008-05-21 00:46 1652736 c:\windows\Installer\819b9.msi
+ 2008-05-21 00:46 . 2008-05-21 00:46 1652736 c:\windows\Installer\819b4.msi
+ 2008-05-21 00:44 . 2008-05-21 00:44 2319872 c:\windows\Installer\81999.msi
+ 2008-05-21 00:44 . 2008-05-21 00:44 1640960 c:\windows\Installer\8198c.msi
+ 2008-05-21 00:44 . 2008-05-21 00:44 2022912 c:\windows\Installer\81987.msi
+ 2008-05-21 00:43 . 2008-05-21 00:43 1713152 c:\windows\Installer\81982.msi
+ 2008-05-21 00:43 . 2008-05-21 00:43 2397184 c:\windows\Installer\81978.msi
+ 2007-12-06 23:07 . 2007-12-06 23:07 1049088 c:\windows\Installer\6382d.msi
+ 2004-08-10 19:09 . 2004-08-10 19:10 3443712 c:\windows\Installer\50c4.msi
+ 2008-12-30 02:43 . 2008-12-30 02:43 3762688 c:\windows\Installer\420ab4.msi
+ 2008-12-30 02:42 . 2008-12-30 02:42 1652224 c:\windows\Installer\420ab0.msi
+ 2008-12-30 02:42 . 2008-12-30 02:42 8989696 c:\windows\Installer\420aab.msi
+ 2008-12-30 02:41 . 2008-12-30 02:41 1549312 c:\windows\Installer\420aa6.msi
+ 2008-12-30 02:41 . 2008-12-30 02:41 3152384 c:\windows\Installer\420aa1.msi
+ 2009-02-24 21:50 . 2009-02-24 21:50 6894592 c:\windows\Installer\362a9.msi
+ 2009-07-02 20:23 . 2009-07-02 20:23 5027328 c:\windows\Installer\1bcdbf.msp
+ 2007-11-29 10:38 . 2007-11-29 10:38 4537344 c:\windows\Installer\1aed4.msi
+ 2007-11-29 10:38 . 2007-11-29 10:38 1072128 c:\windows\Installer\1aed0.msi
+ 2007-11-29 10:37 . 2007-11-29 10:37 3555328 c:\windows\Installer\1aecb.msi
+ 2007-11-29 10:36 . 2007-11-29 10:36 1415168 c:\windows\Installer\1aebd.msi
+ 2009-04-22 19:14 . 2009-04-22 19:14 4869632 c:\windows\Installer\12fa3cf.msp
+ 2009-02-25 23:08 . 2009-02-25 23:08 8311808 c:\windows\Installer\12fa3b6.msp
+ 2009-05-07 13:17 . 2009-05-07 13:17 5026816 c:\windows\Installer\12fa3a3.msp
+ 2007-11-29 10:30 . 2007-11-29 10:30 5862400 c:\windows\Downloaded Installations\BMP\{44C774BE-1389-4E84-B5DE-54D9FB4A2253}\BACS.msi
+ 2008-05-21 00:56 . 2008-05-21 00:56 1055232 c:\windows\Downloaded Installations\{89DD9D99-C785-48B4-9F24-ABDE432AD12A}\HP Driver Diagnostics.msi
+ 2007-12-04 22:03 . 2007-11-29 10:27 12127744 c:\windows\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\J2SE Runtime Environment 5.0 Update 6.msi
+ 2007-11-29 10:31 . 2007-11-29 10:31 12686336 c:\windows\Installer\98cd.msi
+ 2008-05-21 00:54 . 2008-05-21 00:54 15830016 c:\windows\Installer\819dd.msi
+ 2009-08-01 07:00 . 2009-08-01 07:00 15705600 c:\windows\Installer\78a70e5.msp
+ 2004-08-10 19:10 . 2004-08-10 19:10 19204096 c:\windows\Installer\1599f.msp
+ 2009-07-22 12:51 . 2009-07-22 12:51 15706112 c:\windows\Installer\13b6d5.msp
+ 2007-12-04 23:07 . 2007-12-04 23:07 15256576 c:\windows\Installer\10d89c.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-06-30 2836376]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\c1cc9316-f32e-43cf-b477-1dd93595186f.exe" [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 851968]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-29 1862144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-14 188416]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2008-10-15 17664]
"PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2009-02-19 1374096]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-04-24 303104]

c:\documents and settings\Andy\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-1-22 147456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-11-29 7168]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-29 50688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Sprint\\Sprint SmartView\\SwiApiMux.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [11/29/2007 6:09 AM 3456]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/12/2009 9:38 PM 130936]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/12/2009 9:38 PM 348752]
.
Contents of the 'Scheduled Tasks' folder

2009-07-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-08-18 23:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BD56A320-23F2-42AD-F4E4-00AAC39CAA53}\InProcServer32]
@Class="REG_SZ"
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\hs7f3uhduhfukde.dll"
"ThreadingModel"="Apartment"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(764)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2009-08-19 23:54
ComboFix-quarantined-files.txt 2009-08-19 03:54
ComboFix2.txt 2009-08-19 03:20
ComboFix3.txt 2009-08-18 22:18

Pre-Run: 106,076,180,480 bytes free
Post-Run: 106,048,987,136 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

247 --- E O F --- 2009-08-01 07:00

I will follow with a new Malwarebytes log. Thank you so much.
Posted 8/19/2009 4:16 AM
#76183
User avatar

VTXRider02 Valued member

Date Joined Nov 2016
Total Posts: 18
The latest Malwarebytes scan showe the following file was not removed:

HKEY_CLASSES_ROOT\CLSID{bd56a20-23f2-42a-f4e4-00aac39caa53}

I think this is Trojan.Ertfor

It said the file would be "deleted on reboot" but I think this is the same file it said would be "deleted on reboot" the first time I ran Malewarebytes scan. I did reboot after that scan. What should I do about this?

Here is the latest Malwarebyte log:

Malwarebytes' Anti-Malware 1.40
Database version: 2651
Windows 5.1.2600 Service Pack 2

8/19/2009 12:04:52 AM
mbam-log-2009-08-19 (00-04-52).txt

Scan type: Quick Scan
Objects scanned: 93098
Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{bd56a320-23f2-42ad-f4e4-00aac39caa53} (Trojan.Ertfor) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Posted 8/19/2009 4:21 AM
#76184
User avatar

VTXRider02 Valued member

Date Joined Nov 2016
Total Posts: 18
One more thing I noticed on this laptop that looks a little strange.

On startup "Dell Network Assistant" starts running. When I stop it, a small red oval with a white X, similar to the symbol associated with PC Antispyware 2010, appears in the system tray. Is this a normal symbol for Dell Network Assistant?

Thanks so much.
Posted 8/19/2009 4:42 AM
#76186
User avatar

VTXRider02 Valued member

Date Joined Nov 2016
Total Posts: 18
One more question, if you don't mind.

I now have the following programs installe on this laptop:

Registry Mechanic (free), Spyware Doctor (purchased), Spybot Search and Destroy (free), PC AntiVirus (free until I upgrade), CCleaner (free), SuperAntipyware (free), Malwarebytes' Anti-Malware (free), and ComboFix (free), not to mention Windows Firewall and Automatic Updates enabled. I thought I had Windows Defender as well, but I do not see it on here.

Which of these programs do you recomend I keep and run, and which do you recomend I either disable or uninstall, or an/should they all be run together?

Thanks again.
Posted 8/19/2009 4:47 AM
#76187
User avatar

VTXRider02 Valued member

Date Joined Nov 2016
Total Posts: 18
Okay, I hope I am not pressing my luck here, but I am now hearing a sound like a camera taking a picture coming from the speakers on this laptop. Do you have any idea hat this sound is being cause by? Thanks.
Posted 8/19/2009 7:55 AM
#76189
User avatar

dreamsburnred Valued member

Date Joined Nov 2016
Total Posts: 10
[s]First uninstall pc tools antivirus..its free but it does not do a very good job at all.

Install AVG: Link removed (if able)

Second do a web scan of the a squared anti-malware. Link removed you can install the free version it does not scan on demand, but it will delete all manually found threats.

Post a log here of both to help the other users.

Registry Mechanic (free), Spyware Doctor (purchased), Spybot Search and Destroy (free), PC AntiVirus (free until I upgrade)

Reg mechanic can go as CCleaner has a reg cleaner built in. Spyware doctor is up to you, but since its on demand either disable it, or uninstall it to reduce program conflicts with AVG/other virus scanners. Spybot again is up to you but in my opinion it is getting old for its age. and pc antivirus is to be removed for avg.[/s]
[s][/s]

[s][/s]
Posted 8/19/2009 8:33 AM
#76191
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
VTXRider02 DO NOT take notice of dreamsburnred post. I am sure that Jintan are capable to guide you to clean computer.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/19/2009 2:41 PM
#76208
User avatar

VTXRider02 Valued member

Date Joined Nov 2016
Total Posts: 18
Okay, thank you very much. Jintan has done an exemplary job so far and I have total confidence in Jintan.
Posted 8/19/2009 4:48 PM
#76215
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
I tend to place faith in Jintan as well - I have to, since he drives my truck each day. :smile:

Although we can surely discuss all questions you might have, it is tough when you run them one after the other, so remind me if I miss any. The item Malwarebytes keeps showing is a permissions locked registry key, so we will need to address that differently. Your security software choices are fine, as long as that PC Tools antivirus provides active protection without requiring any purchasing. If it does, and you prefer not to make the payment we can discuss other options. The Dell Assistant is Dell's own networking software, and not needed unless you actually use it for networking help. Since Windows already has most of that built-in see if you can open that Dell software through Start - Programs, then locate a place to disable it from running at startup.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here. Also disconnect from net access anytime you run ComboFix, reconnecting after it has completed it's scan.


Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it:

[code]KillAll::
Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BD56A320-23F2-42AD-F4E4-00AAC39CAA53}\InProcServer32]
Registry::
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BD56A320-23F2-42AD-F4E4-00AAC39CAA53}\InProcServer32][/code]
Save this to your desktop as CFScript.txt


You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

-----------

Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:

Remove found threats
Scan unwanted applications


Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please.


If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.

Post back that Eset log and the C:\ComboFix.txt log please.
Posted 8/19/2009 6:03 PM
#76217
User avatar

VTXRider02 Valued member

Date Joined Nov 2016
Total Posts: 18
Here is the ComboFix log after running th script:

ComboFix 09-08-10.06 - Andy 08/19/2009 13:53.4.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.894.518 [GMT -4:00]
Running from: c:\documents and settings\Andy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Andy\Desktop\CFScript.txt
AV: PC Tools AntiVirus 6.0.0.19 *On-access scanning disabled* (Outdated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-07-19 to 2009-08-19 )))))))))))))))))))))))))))))))
.

2009-08-19 16:06 . 2009-08-19 16:06 -------- d-----w- c:\windows\ServicePackFiles
2009-08-19 16:05 . 2009-08-19 17:46 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-08-19 03:30 . 2009-08-19 03:30 -------- d-----w- c:\documents and settings\Andy\Application Data\Malwarebytes
2009-08-19 03:30 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-19 03:30 . 2009-08-19 03:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-19 03:30 . 2009-08-19 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-19 03:30 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-18 22:23 . 2009-08-19 03:06 -------- d-----w- C:\HJT
2009-08-18 21:58 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-08-18 21:21 . 2009-08-19 17:56 117760 ----a-w- c:\documents and settings\Andy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-18 21:20 . 2009-08-18 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-18 21:19 . 2009-08-18 21:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-18 21:19 . 2009-08-18 21:19 -------- d-----w- c:\documents and settings\Andy\Application Data\SUPERAntiSpyware.com
2009-08-18 21:18 . 2009-08-18 21:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-18 19:11 . 2009-08-18 19:11 -------- d-----w- c:\program files\CCleaner
2009-08-16 05:41 . 2009-08-16 05:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2009-08-16 02:46 . 2009-08-18 18:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-16 02:30 . 2009-08-16 03:01 -------- d-----w- C:\!KillBox
2009-08-16 02:21 . 2009-02-10 14:13 21904 ----a-w- c:\windows\system32\drivers\AVRec.sys
2009-08-16 02:21 . 2009-02-10 14:13 28560 ----a-w- c:\windows\system32\drivers\AVHook.sys
2009-08-16 02:21 . 2009-02-10 14:13 21904 ----a-w- c:\windows\system32\drivers\AVFilter.sys
2009-08-16 02:21 . 2009-08-19 17:56 -------- d-----w- c:\program files\PC Tools AntiVirus
2009-08-16 01:59 . 2009-08-19 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-16 01:59 . 2009-08-16 16:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-16 00:22 . 2009-08-16 00:42 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-15 14:26 . 2009-08-15 14:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sierra Wireless
2009-08-15 14:25 . 2009-08-15 14:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sprint
2009-08-13 04:37 . 2009-08-15 16:04 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-13 04:34 . 2009-08-15 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-13 04:34 . 2009-08-13 04:34 -------- d-----w- c:\program files\AVG
2009-08-13 01:38 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-13 01:38 . 2009-04-03 14:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-13 01:38 . 2008-12-18 15:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-13 01:38 . 2009-08-13 01:38 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-13 01:38 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-13 01:38 . 2009-08-18 19:07 -------- d-----w- c:\program files\Spyware Doctor
2009-08-13 01:38 . 2009-08-16 02:27 -------- d-----w- c:\documents and settings\Andy\Application Data\PC Tools
2009-08-13 01:38 . 2009-08-16 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-08-12 14:46 . 2009-08-12 14:46 -------- d-----w- c:\documents and settings\Andy\Application Data\AVG8
2009-08-06 12:51 . 2009-08-06 12:51 -------- d-----w- c:\documents and settings\Andy\Application Data\Snapfish
2009-08-05 09:11 . 2009-08-05 09:11 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-31 19:38 . 2009-08-16 01:39 -------- d-----w- c:\program files\Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 17:57 . 2008-01-29 03:19 -------- d-----w- c:\documents and settings\Andy\Application Data\LimeWire
2009-08-19 17:56 . 2007-11-29 10:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-19 16:10 . 2008-05-21 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-19 02:59 . 2007-12-05 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-19 02:59 . 2007-12-05 22:40 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-19 02:54 . 2007-12-05 22:41 -------- d-----w- c:\program files\Symantec
2009-08-05 09:11 . 2004-08-10 18:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 23:45 . 2009-06-30 18:29 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-01 18:16 . 2007-12-04 22:51 434 ----a-w- c:\documents and settings\Andy\Application Data\wklnhst.dat
2009-07-17 18:55 . 2004-08-10 18:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-10 18:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-02 03:54 . 2007-11-29 10:38 -------- d-----w- c:\program files\Microsoft Works
2009-06-26 15:59 . 2004-08-10 18:51 668160 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 15:59 . 2004-08-10 18:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 08:17 . 2009-06-25 08:17 59392 ----a-w- c:\windows\system32\SET16.tmp
2009-06-25 08:17 . 2009-06-25 08:17 56320 ----a-w- c:\windows\system32\SET17.tmp
2009-06-25 08:17 . 2009-06-25 08:17 301568 ----a-w- c:\windows\system32\SET1B.tmp
2009-06-25 08:17 . 2009-06-25 08:17 168448 ----a-w- c:\windows\system32\SET18.tmp
2009-06-25 08:17 . 2009-06-25 08:17 136192 ----a-w- c:\windows\system32\SET1A.tmp
2009-06-25 08:17 . 2004-08-10 18:51 729600 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-22 11:35 . 2004-08-10 18:51 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:55 . 2004-08-10 18:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2004-08-10 18:51 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 11:50 . 2004-08-10 18:51 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2004-08-10 18:50 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2004-08-10 18:51 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2004-08-10 19:01 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2004-08-10 18:51 1290752 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-08-19_03.52.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-29 10:35 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2007-11-29 10:35 . 2007-07-27 14:41 26488 c:\windows\system32\spupdsvc.exe
+ 2008-01-25 20:07 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2008-01-25 20:07 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2009-06-25 08:17 . 2009-06-25 08:17 59392 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-12 11:50 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-02-03 20:08 . 2009-06-25 08:17 56320 c:\windows\system32\dllcache\secur32.dll
+ 2009-06-22 11:35 . 2009-06-22 11:35 92544 c:\windows\system32\dllcache\ksecdd.sys
+ 2009-06-10 14:21 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 18:55 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll
+ 2008-05-21 00:54 . 2009-08-19 16:10 35088 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-21 00:54 . 2009-07-18 18:45 35088 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-05-21 00:54 . 2009-08-19 16:10 18704 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-05-21 00:54 . 2009-07-18 18:45 18704 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-21 00:54 . 2009-08-19 16:10 20240 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-21 00:54 . 2009-07-18 18:45 20240 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-07-14 03:43 . 2009-07-14 03:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2007-11-29 10:22 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll
- 2007-11-29 10:22 . 2006-08-17 12:28 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2007-11-29 10:25 . 2009-06-25 08:17 168448 c:\windows\system32\dllcache\schannel.dll
+ 2009-02-06 18:46 . 2009-02-06 18:46 408064 c:\windows\system32\dllcache\netlogon.dll
+ 2009-06-25 08:17 . 2009-06-25 08:17 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2007-11-29 10:22 . 2009-06-25 08:17 729600 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:17 . 2009-06-25 08:17 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2008-05-21 00:54 . 2009-08-19 16:10 888080 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-21 00:54 . 2009-07-18 18:45 888080 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-05-21 00:54 . 2009-08-19 16:10 272648 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-05-21 00:54 . 2009-07-18 18:45 272648 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-05-21 00:54 . 2009-07-18 18:45 922384 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-05-21 00:54 . 2009-08-19 16:10 922384 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2008-05-21 00:54 . 2009-07-18 18:45 845584 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-05-21 00:54 . 2009-08-19 16:10 845584 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2008-05-21 00:54 . 2009-07-18 18:45 217864 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2008-05-21 00:54 . 2009-08-19 16:10 217864 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-21 00:54 . 2009-07-18 18:45 159504 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-05-21 00:54 . 2009-08-19 16:10 159504 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2007-11-29 10:25 . 2009-07-10 13:42 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2009-07-27 08:32 . 2009-07-27 08:32 5028352 c:\windows\Installer\2851b2a.msp
- 2008-05-21 00:54 . 2009-07-18 18:45 1172240 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-05-21 00:54 . 2009-08-19 16:10 1172240 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-05-21 00:54 . 2009-08-19 16:10 1165584 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2008-05-21 00:54 . 2009-07-18 18:45 1165584 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2004-08-10 18:51 . 2009-07-14 03:43 10841088 c:\windows\system32\wmp.dll
+ 2008-01-10 04:00 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe
+ 2009-07-14 03:43 . 2009-07-14 03:43 10841088 c:\windows\system32\dllcache\wmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-06-30 2836376]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\c1cc9316-f32e-43cf-b477-1dd93595186f.exe" [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 851968]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-29 1862144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-14 188416]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2008-10-15 17664]
"PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2009-02-19 1374096]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-04-24 303104]

c:\documents and settings\Andy\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-1-22 147456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-11-29 7168]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-29 50688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Sprint\\Sprint SmartView\\SwiApiMux.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [11/29/2007 6:09 AM 3456]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/12/2009 9:38 PM 130936]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/12/2009 9:38 PM 348752]
.
Contents of the 'Scheduled Tasks' folder

2009-07-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-08-19 13:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(768)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3244)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\PC Tools AntiVirus\PCTAVSvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Completion time: 2009-08-19 13:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-19 17:58
ComboFix2.txt 2009-08-19 03:54
ComboFix3.txt 2009-08-19 03:20
ComboFix4.txt 2009-08-18 22:18

Pre-Run: 105,466,232,832 bytes free
Post-Run: 105,846,239,232 bytes free

257 --- E O F --- 2009-08-19 16:11
Posted 8/19/2009 6:33 PM
#76219
User avatar

VTXRider02 Valued member

Date Joined Nov 2016
Total Posts: 18
Here is the ESET scan log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6048
# api_version=3.0.2
# EOSSerial=1d10387f8ae1b44c8d1c1c4c6401b21d
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-08-19 06:29:13
# local_time=2009-08-19 02:29:13 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=2561 37 100 83 19832031250
# scanned=42710
# found=0
# cleaned=0
# scan_time=940

Wow, this is great. Thanks!!! I am anxious to hear your next response.
Posted 8/20/2009 12:26 AM
#76225
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Looks good, and Eset didn't locate any malware files remaining. You have done well. Let's check what is installed there to start some last cleaning up steps now.


Open Hijackthis.
Click Config - Misc Tools - Open Uninstall Manager.
A list of the entries in Add/Remove programs will appear.
Click on Save List...
The list will be saved as 'Uninstall_list.txt'
Copy & Paste the contents back here for review.
Posted 8/20/2009 12:52 AM
#76228
User avatar

VTXRider02 Valued member

Date Joined Nov 2016
Total Posts: 18
Here is the HJT uninstall log:

Adobe Flash Player ActiveX
Adobe Reader 8.1.0
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
Bonjour
Broadcom Management Programs
Browser Address Error Redirector
CCleaner (remove only)
Conexant HDA D330 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Network Assistant
Dell Touchpad
Dell Wireless WLAN Card
DellSupport
Digital Line Detect
ESET Online Scanner v3
Google Desktop
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
hp deskjet 3320 series (Remove only)
HP Driver Diagnostics
iTunes
J2SE Runtime Environment 5.0 Update 6
LimeWire 4.16.3
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Modem Diagnostic Tool
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
NetWaiting
PC Tools AntiVirus 6.0
PowerDVD
QuickSet
QuickTime
Registry Mechanic 8.0
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Sprint SmartView
Spybot - Search & Destroy
Spyware Doctor 6.1
SUPERAntiSpyware Free Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Outlook 2007 Junk Email Filter (kb972691)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859

I truly can't tell you how much I appreciate all your assistance!!! Thank you so much!!!
Posted 8/20/2009 2:20 AM
#76238
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Always is a good thing to be helpful, so I also thank you for allowing me to do that. :smile:

The installs aren't too bad.


Go to Start – Settings – Control Panel. Click on Add/Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on Remove. Then close the Control Panel.

SearchAssist - search redirector (hijacker) installed by the computer maker

I also do not recommend using things like "reg cleaners/reg optimizers", so if it is not a paid version you may want to consider removing Registry Mechanic. The log also shows LimeWire installed. Torrent downloading accounts for probably 90% - 95% of all the infected systems we help with, and here is another very good reason to uninstall and not use that type software.

----------------

You have older and more vulnerable Java version(s) installed there, so need to remove those and update to the latest version of that.


Go here and download the latest version of Sun Java Java Runtime Environment (JRE) JRE 6 Update 16. The current file name for that is jre-6u16-windows-i586-p.exe. I recommend you choose to download the "Windows Offline Installation" by clicking on that file to download it.

When you have done that, Go to Add/Remove Programs in Control Panel and uninstall all versions Java/JRE (Sun Java Runtime Environment/J2SE Runtime Environment) showing below, and reboot after.

J2SE Runtime Environment 5.0 Update 6

Then be sure to disable all security software, and click that downloaded jre-6u16-windows-i586-p.exe to install the latest Java version there.

----------------

And the logs show you have some Norton remnants still there, so go [url=https://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2001092114452606&nsf=nav.nsf&view=docid&dtype=∏=&ver=&osv=&osv_lvl=]here[/url] and download the Norton Removal Tool that is appropriate for your version. Then close all open windows and disable all protective software, and click the downloaded file to completely remove Norton from your system. If the removal does not cause a reboot reboot after the tool has completed the removal. Be sure to save all registration keys before running the tool if you plan to reinstall Norton later.

If you do not recall the version that is okay - the same tool is used for most versions.

----------------------

And while we are working together here, why not go ahead and do the update to Service Pack 3. The easiest way I found to complete that is to download the independent installer from here (disregard the verbage - that is the normal installer for SP3). That way you are not dependent on MS updates to complete the job. This can also be downloaded at a different location and transferred, if other download locations are faster there.

Once that has downloaded temp disable all security software, to include disabling it from starting at reboot if you can, and click that downloaded file to start the upgrade process. It will take a good long time to complete. Then reboot after, and post back how things are running at that time please.
Posted 8/20/2009 3:42 AM
#76241
User avatar

VTXRider02 Valued member

Date Joined Nov 2016
Total Posts: 18
I have performed all of the uninstalls and installs you recomended. I am currently downloading SP-3 and saving to my desktop. I will follow your instructions to install it.

Thank you so much for all of your help!! Everything is working great. After I install SP-3 I will post back here how things are going. Again, many, many thanks!!

:smile:
Posted 8/20/2009 4:03 PM
#76270
User avatar

VTXRider02 Valued member

Date Joined Nov 2016
Total Posts: 18
Hi Jintan,

Windows SP-3 is installed and everything seems to be running fine. I really appreciate so much all of your kind and patient assistance. I will tell my friends, co-workers and especially my tech friends about how wonderful your assistance was.

On a final note (you would not expect me to close without another question would you?) does it apear to you hat this laptop is adequately protected? Do you have any suggestions for improving its security?

I am also interested in the Bullguard security software. If this level of service is provided for a free user, I am sure the software and service must be great. What would you recomend I obtain from Bullguard to have the total security package?

Thanks so much, and have a great day!!!

VTXRider02
Posted 8/20/2009 4:49 PM
#76272
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
BullGuard provides a direct contact live support here, and offers a 60 day trial version from this download location. The security software that is best for you is what works best for you, so you should consider that as you consider changes. A good antivirus software, kept updated and used correctly, and then supplemented by a good anti-malware program, are the two essentials of good security.


And good all the changes worked well, so just need to clean up what our work added there to finish now.


Installed softwares like Eset and Malwarebytes, if you don't plan to use them again, uninstall through Add/Remove Programs. Though you may opt to keep Malwarebytes for periodic updated scans there.


You can also at this time delete the files/folders of the tools we used. To assist with some of that download OTM.exe by OldTimer to your desktop. This will help by automatically removing some of the tools we used.


Click OTM.exe to run it and click on Cleanup. You'll be asked if you want to begin cleanup process? Select Yes.

OTM will search for and delete/uninstall many of the tools that we have used to fix your problems and all their backup folders and then delete itself when you next reboot. At the end of the run you will receive a prompt to reboot, but save that for the next step resetting Restore.

---------

Then reset the System Restore. To do this, right-click My Computer and select Properties. Click the System Restore tab in the window that appears, and check the box that says "Turn off System Restore on all drives" and click Apply.

You will be asked if you are sure, click Yes. This will delete the restore points. Then click OK in the Properties window and reboot your computer.

When your desktop appears, right-click My Computer and select Properties once more. Uncheck the "Turn off System Restore..." box and click Apply. OK.


In addition, I like to recommend reviewing the information Here to make sure you stay malware free.
Posted 8/20/2009 6:17 PM
#76277
User avatar

VTXRider02 Valued member

Date Joined Nov 2016
Total Posts: 18
Jintan,

I have done the things you suggested in your last post. I plan to keep Malwarebytes on here for now and run it periodically. Everything is working great. I told my son about all the work and assistance you provided and how well his laptop is running and he is absolutely thrilled, as am I.

I really can't express how much we appreciate all your work and assistance. If there is anything we can do in return please let us know. Thanks so much for everything. Have a very wonderful day.

VTXRider02
Posted 8/20/2009 8:46 PM
#76284
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
I was glad to have been helpful VTXRider02. :smile:
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Tuesday, August 3, 2021, 6:28 AM (GMT +2)
There are a total of 61,906 posts in 13,673 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,635 registered members. Please welcome our newest member, Gursa.
125 Guest(s), 0 Registered Member(s) are currently online.
×

Just a minute

Privacy has never been so important.

Nearly 50% of online users are now using a VPN to protect their privacy.

Find out why

…and if it grabs you bag yourself a VPN bargain.