After trojan is removed(RESOLVED)

**Neal** · 22-11-2007

Combofix is working again, so...

1. Download this file - COMBOFIX
to your Desktop.

2. Double click combofix.exe & follow the prompts.

3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

If you are useing Firefox, you may have to right click COMBOFIX and
click on "Open Link in new window"

Post a new hijackthis log also please.

**theoldandgrey** · 23-11-2007

Here is the Combofix log

ComboFix 07-11-19.3 - V L 2007-11-23 9:12:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.74 [GMT 0:00]
Running from: C:\Documents and Settings\V L\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\FunWebProducts
C:\Program Files\internet explorer\msimg32.dll
C:\RECYCLER\desktopA.sys

.
((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 )))))))))))))))))))))))))))))))
.

2007-11-20 22:26 <DIR> d-------- C:\Deckard
2007-11-20 15:40 <DIR> d-------- C:\Documents and Settings\V L\Application Data\Jasc Software Inc
2007-11-19 20:56 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-19 18:30 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-19 18:30 <DIR> d-------- C:\Documents and Settings\V L\Application Data\SUPERAntiSpyware.com
2007-11-19 18:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2007-11-18 08:56 <DIR> d-------- C:\Documents and Settings\V L\DoctorWeb
2007-11-17 16:54 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-16 16:25 585,216 --a------ C:\WINDOWS\system32\GX1142R.DLL
2007-11-16 16:06 <DIR> d-------- C:\Documents and Settings\V L\Application Data\Serif
2007-11-16 16:02 <DIR> d-------- C:\Documents and Settings\V L\Application Data\TrojanHunter
2007-11-16 14:04 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-11-14 12:05 1,277 --a------ C:\WINDOWS\mozver.dat
2007-11-12 18:41 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-11-12 17:15 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-12 16:26 4,245,008 --a------ C:\WINDOWS\system32\qtp-mt334.dll
2007-11-12 16:26 247,824 --a------ C:\WINDOWS\system32\prgiso.dll
2007-11-12 16:26 131,456 --a------ C:\WINDOWS\system32\drivers\Uim_IM.sys
2007-11-12 16:26 32,352 --a------ C:\WINDOWS\system32\drivers\UimBus.sys
2007-11-12 16:26 11,840 --a------ C:\WINDOWS\system32\drivers\UimFIO.sys
2007-11-12 14:08 <DIR> d-------- C:\Documents and Settings\V L\Application Data\Talkback
2007-11-12 14:06 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2007-11-12 14:06 <DIR> d-------- C:\Documents and Settings\V L\Application Data\Thunderbird
2007-11-12 12:36 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-11 18:58 <DIR> d-------- C:\Documents and Settings\V L\Application Data\Lavasoft
2007-11-06 14:38 <DIR> d-------- C:\WINDOWS\PrimoPDF
2007-11-06 14:38 <DIR> d-------- C:\Program Files\activePDF
2007-11-06 14:38 176,235 --a------ C:\WINDOWS\system32\Primomonnt.dll
2007-11-05 16:35 <DIR> d-------- C:\Documents and Settings\V L\Application Data\MailWasher
2007-11-05 15:05 <DIR> d-------- C:\Documents and Settings\Tisbus\Application Data\Jasc Software Inc
2007-11-05 14:56 <DIR> d-------- C:\Documents and Settings\Tisbus\Application Data\AVG7
2007-11-04 17:02 <DIR> d-------- C:\Documents and Settings\V L\Application Data\Sony Corporation
2007-11-04 16:49 118,520 --a------ C:\WINDOWS\system32\PxInsI64.exe
2007-11-04 16:49 115,960 --a------ C:\WINDOWS\system32\PxCpyI64.exe
2007-11-04 16:49 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2007-11-04 16:37 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-11-04 16:37 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-11-04 16:32 <DIR> d-------- C:\Documents and Settings\V L\Contacts
2007-11-04 16:30 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-04 16:05 <DIR> d-------- C:\Documents and Settings\V L\Application Data\EPSON
2007-11-04 16:05 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-11-04 16:05 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-11-04 15:52 <DIR> d-------- C:\My PageManager
2007-11-04 15:51 <DIR> d-------- C:\WINDOWS\system32\COLOR
2007-11-04 15:51 <DIR> d-------- C:\Documents and Settings\V L\WINDOWS
2007-11-04 15:51 299,008 --a------ C:\WINDOWS\uninst.exe
2007-11-04 15:51 11,776 --a------ C:\WINDOWS\system32\pmsbfn32.dll
2007-11-04 15:19 237,568 --a------ C:\WINDOWS\system32\PretzlUp.dll
2007-11-04 15:19 184,320 --a------ C:\WINDOWS\system32\PretzlDn.dll
2007-11-04 15:16 262,656 --a------ C:\WINDOWS\system32\LTDIS11n.dll
2007-11-04 15:16 118,784 --a------ C:\WINDOWS\system32\ltfil11n.DLL
2007-11-04 15:16 114,176 --a------ C:\WINDOWS\system32\SSCE4132.DLL
2007-11-04 15:16 81,920 --------- C:\WINDOWS\system32\CONNMGR.OCX
2007-11-04 15:16 53,248 --a------ C:\WINDOWS\system32\PretzelSpellCheck.dll
2007-11-04 15:16 29,184 --------- C:\WINDOWS\system32\Popup.ocx
2007-11-04 14:55 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-11-04 14:48 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
2007-11-04 14:41 129,078 --a------ C:\WINDOWS\system32\TZLog.log
2007-11-04 14:41 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-11-04 14:41 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-11-04 14:41 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-11-04 14:30 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-11-04 14:27 256,512 -----c--- C:\WINDOWS\system32\dllcache\agentsvr.exe
2007-11-04 14:27 57,344 --a--c--- C:\WINDOWS\system32\dllcache\agentdpv.dll
2007-11-04 14:27 42,496 -----c--- C:\WINDOWS\system32\dllcache\agentdp2.dll
2007-11-04 14:25 1,033,216 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-11-04 14:24 148,480 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2007-11-04 14:24 8,192 -----c--- C:\WINDOWS\system32\dllcache\rasadhlp.dll
2007-11-04 11:16 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-04 11:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SBT
2007-11-04 11:04 <DIR> d-------- C:\WINDOWS\ShellNew
2007-11-04 11:04 <DIR> d-------- C:\Documents and Settings\V L\Application Data\Microsoft Web Folders
2007-11-04 10:53 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-11-04 09:12 <DIR> d-------- C:\Documents and Settings\V L\Application Data\AVG7
2007-11-04 09:12 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\AVG7
2007-11-04 09:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-11-04 09:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2007-11-04 09:08 <DIR> d--hs---- C:\Documents and Settings\V L\UserData
2007-11-04 08:43 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-11-04 08:32 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-11-04 08:26 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-11-04 08:26 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-11-04 08:26 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-11-04 08:25 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-11-04 08:25 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-11-04 08:25 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-11-04 08:25 353,245 --a------ C:\WINDOWS\system32\vsconfig.xml
2007-11-03 18:09 <DIR> d-------- C:\Documents and Settings\V Longland\Application Data\Lavasoft
2007-11-03 14:00 <DIR> d-------- C:\Documents and Settings\V Longland\Application Data\Microsoft Web Folders
2007-11-02 11:34 <DIR> d-------- C:\Documents and Settings\V Longland\Application Data\PC Tools
2007-11-01 08:34 <DIR> d-------- C:\Documents and Settings\V Longland\Application Data\Apple Computer
2007-10-28 09:27 <DIR> d-------- C:\Documents and Settings\V Longland\Application Data\iScreensaver
2007-10-25 17:06 <DIR> d-------- C:\Documents and Settings\V Longland\Application Data\Serif

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-11-23 09:20 46,829,600 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-23 09:18 550,856 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-20 15:21 --------- d-----w C:\Program Files\Common Files\SWF Studio
2007-11-19 18:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-19 14:17 --------- d-----w C:\Program Files\Java
2007-11-18 08:39 --------- d-----w C:\Program Files\MSN Messenger
2007-11-12 16:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-12 16:25 --------- d-----w C:\Program Files\Paragon Software
2007-11-05 16:33 --------- d-----w C:\Program Files\BFG
2007-11-04 16:27 --------- d-----w C:\Program Files\Broderbund
2007-11-04 15:21 --------- d-----w C:\Program Files\Web Publish
2007-11-04 15:12 --------- d-----w C:\Program Files\hp deskjet 840c series
2007-11-04 14:03 --------- d-----w C:\Program Files\PC Inspector File Recovery
2007-11-04 11:19 --------- d-----w C:\Program Files\Freecom Backup Software
2007-11-04 11:12 --------- d-----w C:\Program Files\Snapshot Viewer
2007-11-04 11:10 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-04 09:12 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-11-04 09:12 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-11-03 20:58 --------- d-----w C:\Program Files\Realtek AC97
2007-11-03 20:58 --------- d-----w C:\Program Files\AvRack
2007-11-03 18:46 --------- d-----w C:\Documents and Settings\V Longland\Application Data\AVG7
2007-11-03 11:00 --------- d-----w C:\Program Files\Spyware Doctor
2007-11-03 10:40 --------- d-----w C:\Program Files\QuickTime
2007-11-02 17:14 --------- d-----w C:\Program Files\Google
2007-10-25 17:05 --------- d-----w C:\Program Files\Serif
2007-10-25 15:07 --------- d-----w C:\Program Files\Windows Live
2007-10-09 09:42 --------- d-----w C:\Program Files\Ahead
2007-10-09 09:37 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-10-09 09:37 --------- d-----w C:\Documents and Settings\V Longland\Application Data\Intra dead
2007-10-08 17:28 --------- d-----w C:\Documents and Settings\V Longland\Application Data\Leadertech
2007-10-08 13:02 --------- d-----w C:\Documents and Settings\V Longland\Application Data\MailFrontier
2007-10-07 10:35 --------- d-----w C:\Program Files\DFG
2007-10-06 14:59 --------- d-----w C:\Documents and Settings\V Longland\Application Data\Jasc Software Inc
2007-10-06 14:27 --------- d-----w C:\Program Files\Mindscape
2007-10-05 12:00 --------- d-----w C:\Program Files\Recuva
2007-10-04 17:40 --------- d-----w C:\Documents and Settings\V Longland\Application Data\EPSON
2007-10-03 19:10 --------- d-----w C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2007-10-03 17:29 --------- d-----w C:\Program Files\NVIDIA Corporation
2007-10-03 17:02 --------- d-----w C:\Documents and Settings\V Longland\Application Data\MSN6
2007-10-03 16:06 --------- d-----w C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2007-10-03 07:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2007-09-29 15:32 --------- d-----w C:\Program Files\Sierra On-Line
2007-09-29 14:31 --------- d-----w C:\Program Files\Common Files\MGI Shared
2007-09-27 10:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\Smilebox
2007-09-27 10:26 --------- d-----w C:\Program Files\Epson
2007-09-27 10:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\EPSON
2007-09-27 09:42 --------- d-----w C:\Program Files\NewSoft
2007-09-25 16:06 --------- d-----w C:\Program Files\42 Bit Scanner
2007-09-24 15:16 --------- d-----w C:\Program Files\Zinio
2007-09-24 15:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\ContentGuard
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"nTrayFw"="C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTray Fw.exe" [2005-07-29 17:25]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 08:42 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-10-10 13:49 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-25 08:46]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb04.exe" [2001-11-15 17:00]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31]
"SDFix"="C:\DOCUME~1\VL0177~1\Desktop\NEWFOL~1\SDF ix\RunThis.bat /second" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 08:46]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56]
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-07-09 13:10:10]

C:\Documents and Settings\V L\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-07-09 13:10:10]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-15 13:44:33]
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMremind.exe [2007-05-23 08:44:20]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56]

[hklm\software\microsoft\windows\currentversion\exp lorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotc ore3.sys
R1 Uim_IM;UIM Drive Backup Image Plugin;C:\WINDOWS\system32\Drivers\Uim_IM.sys
R1 UimBus;Universal Image Mounter Controller;C:\WINDOWS\system32\DRIVERS\UimBus.sys
S3 FXDRV;FXDRV;\??\E:\Fxdrv.sys

.
************************************************** ************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 09:20:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-11-23 9

56 - machine was rebooted
.
--- E O F ---

Here is Hijackthis log

ComboFix 07-11-19.3 - V L 2007-11-23 9:12:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.74 [GMT 0:00]
Running from: C:\Documents and Settings\V L\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\FunWebProducts
C:\Program Files\internet explorer\msimg32.dll
C:\RECYCLER\desktopA.sys

.
((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 )))))))))))))))))))))))))))))))
.

2007-11-20 22:26 <DIR> d-------- C:\Deckard
2007-11-20 15:40 <DIR> d-------- C:\Documents and Settings\V L\Application Data\Jasc Software Inc
2007-11-19 20:56 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-19 18:30 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-19 18:30 <DIR> d-------- C:\Documents and Settings\V L\Application Data\SUPERAntiSpyware.com
2007-11-19 18:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2007-11-18 08:56 <DIR> d-------- C:\Documents and Settings\V L\DoctorWeb
2007-11-17 16:54 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-16 16:25 585,216 --a------ C:\WINDOWS\system32\GX1142R.DLL
2007-11-16 16:06 <DIR> d-------- C:\Documents and Settings\V L\Application Data\Serif
2007-11-16 16:02 <DIR> d-------- C:\Documents and Settings\V L\Application Data\TrojanHunter
2007-11-16 14:04 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-11-14 12:05 1,277 --a------ C:\WINDOWS\mozver.dat
2007-11-12 18:41 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-11-12 17:15 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-12 16:26 4,245,008 --a------ C:\WINDOWS\system32\qtp-mt334.dll
2007-11-12 16:26 247,824 --a------ C:\WINDOWS\system32\prgiso.dll
2007-11-12 16:26 131,456 --a------ C:\WINDOWS\system32\drivers\Uim_IM.sys
2007-11-12 16:26 32,352 --a------ C:\WINDOWS\system32\drivers\UimBus.sys
2007-11-12 16:26 11,840 --a------ C:\WINDOWS\system32\drivers\UimFIO.sys
2007-11-12 14:08 <DIR> d-------- C:\Documents and Settings\V L\Application Data\Talkback
2007-11-12 14:06 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2007-11-12 14:06 <DIR> d-------- C:\Documents and Settings\V L\Application Data\Thunderbird
2007-11-12 12:36 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-11 18:58 <DIR> d-------- C:\Documents and Settings\V L\Application Data\Lavasoft
2007-11-06 14:38 <DIR> d-------- C:\WINDOWS\PrimoPDF
2007-11-06 14:38 <DIR> d-------- C:\Program Files\activePDF
2007-11-06 14:38 176,235 --a------ C:\WINDOWS\system32\Primomonnt.dll
2007-11-05 16:35 <DIR> d-------- C:\Documents and Settings\V L\Application Data\MailWasher
2007-11-05 15:05 <DIR> d-------- C:\Documents and Settings\Tisbus\Application Data\Jasc Software Inc
2007-11-05 14:56 <DIR> d-------- C:\Documents and Settings\Tisbus\Application Data\AVG7
2007-11-04 17:02 <DIR> d-------- C:\Documents and Settings\V L\Application Data\Sony Corporation
2007-11-04 16:49 118,520 --a------ C:\WINDOWS\system32\PxInsI64.exe
2007-11-04 16:49 115,960 --a------ C:\WINDOWS\system32\PxCpyI64.exe
2007-11-04 16:49 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2007-11-04 16:37 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-11-04 16:37 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-11-04 16:32 <DIR> d-------- C:\Documents and Settings\V L\Contacts
2007-11-04 16:30 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-04 16:05 <DIR> d-------- C:\Documents and Settings\V L\Application Data\EPSON
2007-11-04 16:05 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-11-04 16:05 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-11-04 15:52 <DIR> d-------- C:\My PageManager
2007-11-04 15:51 <DIR> d-------- C:\WINDOWS\system32\COLOR
2007-11-04 15:51 <DIR> d-------- C:\Documents and Settings\V L\WINDOWS
2007-11-04 15:51 299,008 --a------ C:\WINDOWS\uninst.exe
2007-11-04 15:51 11,776 --a------ C:\WINDOWS\system32\pmsbfn32.dll
2007-11-04 15:19 237,568 --a------ C:\WINDOWS\system32\PretzlUp.dll
2007-11-04 15:19 184,320 --a------ C:\WINDOWS\system32\PretzlDn.dll
2007-11-04 15:16 262,656 --a------ C:\WINDOWS\system32\LTDIS11n.dll
2007-11-04 15:16 118,784 --a------ C:\WINDOWS\system32\ltfil11n.DLL
2007-11-04 15:16 114,176 --a------ C:\WINDOWS\system32\SSCE4132.DLL
2007-11-04 15:16 81,920 --------- C:\WINDOWS\system32\CONNMGR.OCX
2007-11-04 15:16 53,248 --a------ C:\WINDOWS\system32\PretzelSpellCheck.dll
2007-11-04 15:16 29,184 --------- C:\WINDOWS\system32\Popup.ocx
2007-11-04 14:55 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-11-04 14:48 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
2007-11-04 14:41 129,078 --a------ C:\WINDOWS\system32\TZLog.log
2007-11-04 14:41 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-11-04 14:41 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-11-04 14:41 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-11-04 14:30 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-11-04 14:27 256,512 -----c--- C:\WINDOWS\system32\dllcache\agentsvr.exe
2007-11-04 14:27 57,344 --a--c--- C:\WINDOWS\system32\dllcache\agentdpv.dll
2007-11-04 14:27 42,496 -----c--- C:\WINDOWS\system32\dllcache\agentdp2.dll
2007-11-04 14:25 1,033,216 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-11-04 14:24 148,480 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2007-11-04 14:24 8,192 -----c--- C:\WINDOWS\system32\dllcache\rasadhlp.dll
2007-11-04 11:16 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-04 11:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SBT
2007-11-04 11:04 <DIR> d-------- C:\WINDOWS\ShellNew
2007-11-04 11:04 <DIR> d-------- C:\Documents and Settings\V L\Application Data\Microsoft Web Folders
2007-11-04 10:53 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-11-04 09:12 <DIR> d-------- C:\Documents and Settings\V L\Application Data\AVG7
2007-11-04 09:12 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\AVG7
2007-11-04 09:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-11-04 09:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2007-11-04 09:08 <DIR> d--hs---- C:\Documents and Settings\V L\UserData
2007-11-04 08:43 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-11-04 08:32 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-11-04 08:26 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-11-04 08:26 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-11-04 08:26 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-11-04 08:25 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-11-04 08:25 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-11-04 08:25 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-11-04 08:25 353,245 --a------ C:\WINDOWS\system32\vsconfig.xml
2007-11-03 18:09 <DIR> d-------- C:\Documents and Settings\V Longland\Application Data\Lavasoft
2007-11-03 14:00 <DIR> d-------- C:\Documents and Settings\V Longland\Application Data\Microsoft Web Folders
2007-11-02 11:34 <DIR> d-------- C:\Documents and Settings\V Longland\Application Data\PC Tools
2007-11-01 08:34 <DIR> d-------- C:\Documents and Settings\V Longland\Application Data\Apple Computer
2007-10-28 09:27 <DIR> d-------- C:\Documents and Settings\V Longland\Application Data\iScreensaver
2007-10-25 17:06 <DIR> d-------- C:\Documents and Settings\V Longland\Application Data\Serif

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-11-23 09:20 46,829,600 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-23 09:18 550,856 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-20 15:21 --------- d-----w C:\Program Files\Common Files\SWF Studio
2007-11-19 18:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-19 14:17 --------- d-----w C:\Program Files\Java
2007-11-18 08:39 --------- d-----w C:\Program Files\MSN Messenger
2007-11-12 16:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-12 16:25 --------- d-----w C:\Program Files\Paragon Software
2007-11-05 16:33 --------- d-----w C:\Program Files\BFG
2007-11-04 16:27 --------- d-----w C:\Program Files\Broderbund
2007-11-04 15:21 --------- d-----w C:\Program Files\Web Publish
2007-11-04 15:12 --------- d-----w C:\Program Files\hp deskjet 840c series
2007-11-04 14:03 --------- d-----w C:\Program Files\PC Inspector File Recovery
2007-11-04 11:19 --------- d-----w C:\Program Files\Freecom Backup Software
2007-11-04 11:12 --------- d-----w C:\Program Files\Snapshot Viewer
2007-11-04 11:10 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-04 09:12 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-11-04 09:12 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-11-03 20:58 --------- d-----w C:\Program Files\Realtek AC97
2007-11-03 20:58 --------- d-----w C:\Program Files\AvRack
2007-11-03 18:46 --------- d-----w C:\Documents and Settings\V Longland\Application Data\AVG7
2007-11-03 11:00 --------- d-----w C:\Program Files\Spyware Doctor
2007-11-03 10:40 --------- d-----w C:\Program Files\QuickTime
2007-11-02 17:14 --------- d-----w C:\Program Files\Google
2007-10-25 17:05 --------- d-----w C:\Program Files\Serif
2007-10-25 15:07 --------- d-----w C:\Program Files\Windows Live
2007-10-09 09:42 --------- d-----w C:\Program Files\Ahead
2007-10-09 09:37 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-10-09 09:37 --------- d-----w C:\Documents and Settings\V Longland\Application Data\Intra dead
2007-10-08 17:28 --------- d-----w C:\Documents and Settings\V Longland\Application Data\Leadertech
2007-10-08 13:02 --------- d-----w C:\Documents and Settings\V Longland\Application Data\MailFrontier
2007-10-07 10:35 --------- d-----w C:\Program Files\DFG
2007-10-06 14:59 --------- d-----w C:\Documents and Settings\V Longland\Application Data\Jasc Software Inc
2007-10-06 14:27 --------- d-----w C:\Program Files\Mindscape
2007-10-05 12:00 --------- d-----w C:\Program Files\Recuva
2007-10-04 17:40 --------- d-----w C:\Documents and Settings\V Longland\Application Data\EPSON
2007-10-03 19:10 --------- d-----w C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2007-10-03 17:29 --------- d-----w C:\Program Files\NVIDIA Corporation
2007-10-03 17:02 --------- d-----w C:\Documents and Settings\V Longland\Application Data\MSN6
2007-10-03 16:06 --------- d-----w C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2007-10-03 07:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2007-09-29 15:32 --------- d-----w C:\Program Files\Sierra On-Line
2007-09-29 14:31 --------- d-----w C:\Program Files\Common Files\MGI Shared
2007-09-27 10:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\Smilebox
2007-09-27 10:26 --------- d-----w C:\Program Files\Epson
2007-09-27 10:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\EPSON
2007-09-27 09:42 --------- d-----w C:\Program Files\NewSoft
2007-09-25 16:06 --------- d-----w C:\Program Files\42 Bit Scanner
2007-09-24 15:16 --------- d-----w C:\Program Files\Zinio
2007-09-24 15:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\ContentGuard
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"nTrayFw"="C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTray Fw.exe" [2005-07-29 17:25]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 08:42 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-10-10 13:49 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-25 08:46]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb04.exe" [2001-11-15 17:00]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31]
"SDFix"="C:\DOCUME~1\VL0177~1\Desktop\NEWFOL~1\SDF ix\RunThis.bat /second" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 08:46]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56]
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-07-09 13:10:10]

C:\Documents and Settings\V L\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-07-09 13:10:10]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-15 13:44:33]
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMremind.exe [2007-05-23 08:44:20]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56]

[hklm\software\microsoft\windows\currentversion\exp lorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotc ore3.sys
R1 Uim_IM;UIM Drive Backup Image Plugin;C:\WINDOWS\system32\Drivers\Uim_IM.sys
R1 UimBus;Universal Image Mounter Controller;C:\WINDOWS\system32\DRIVERS\UimBus.sys
S3 FXDRV;FXDRV;\??\E:\Fxdrv.sys

.
************************************************** ************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 09:20:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-11-23 9

56 - machine was rebooted
.
--- E O F ---
Thanks

**Neal** · 24-11-2007

what is happening now?

**theoldandgrey** · 24-11-2007

Hallo Neal

Well I posted the Combofix and Hijackthis log as requested in your post of 22/11. Have you looked at these? My only concern if those are clear is that three items are still in the AVG virus vault as unhealable: Trojan Horse Generic_c.EQ;
TH SHeur.BID and TH SHeur.BID again. also should I do any more regarding the removal of MyWebSearch as it is still in the Add/Remove despite following your instructions.
Many thanks - maybe I've missed a further post somewhere so we are on slightly different wavelengths.

**Neal** · 24-11-2007

As long as they are in the vault they are harmless, try deleteing from the vault or uninstalling AVG and re-installing AVG.

Did you delete the folder earlier?

Try this for mywebsearch

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

Click on:

Mywebsearch

Click on Delete this entry

Reboot your computer.

Let me know how things are doing now.

**theoldandgrey** · 25-11-2007

Hallo Nea I re-installed AVG nothing in the virus vault. Scanned the computer and it is free of viruses. Deleted MyWebSearch as advised, nothing now showing and I have done what I hope will be the last Hijackthis log which I am posting. Do you feel it is safe now to purchase on line or would you still be wary?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:33, on 25/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [nTrayFw] C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [SDFix] C:\DOCUME~1\VL0177~1\Desktop\NEWFOL~1\SDFix\RunThi s.bat /second
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZNfox000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1195038612520
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6805 bytes

Many thanks

**theoldandgrey** · 26-11-2007

Neal

Does any of what has gone on before cause problems with IE7. I cannot click on a link in an e-mail and get the appropriate page up - all I get is a blank window with Connecting - and it never does?

**theoldandgrey** · 26-11-2007

OK Neal - solved the last problem I think! It seems ok nowand I can click on the link and get the window up at least I managed to sort that for myself!!!!

**Neal** · 26-11-2007

Run hijackthis and click on "scan system only" button and put checks next to these:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [SDFix] C:\DOCUME~1\VL0177~1\Desktop\NEWFOL~1\SDFix\RunThi s.bat /second

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZNfox000

Everything closed out but hijackthis and click on "fix checked"

Reboot your PC

Log should be clean now.

Try running SDFix again, following previous instructions please.

**theoldandgrey** · 27-11-2007

Neal

What a day- I have done as suggested and removed tje items as suggested but then the problems started. I just cannot run SDFix. I cannot find RunThis.bat, there is Catchme.exe, RunThis.cmd and SDFix read me. If I run RunThis cmd I do not get a Report as I first go into RunThis.cmd I get a note FindSTR:Cannot open then a load of unintelligible scruip which disappears so quickly I cannot copy. I have done this so many times that I am sure there is something odd! I attache the latest Hijackthis log, in case you want it. Sorry about this I seem to be living up to my "oldandgrey" name

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:43:48, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTrayFw.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Philips\Philips PhotoFrame\PhotoManager.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [nTrayFw] C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Auto Run Software for Photo Frame] "C:\Program Files\Philips\Philips PhotoFrame\PhotoManager.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1195038612520
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6499 bytes

After trojan is removed(RESOLVED)

Re: After trojan is removed

Similar Threads

it seems I have a trojan(RESOLVED)

[RESOLVED] Trojan Problem.

[RESOLVED] trojan-please help

Trojan j.exe (RESOLVED)

Trojan help (RESOLVED)