MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: 123messenger Please help again
May 27, 2019, 02:13:55 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
May 27, 2019, 02:13:55 AM

Login with username, password and session length
 
News
New  Got pics of your modded PC or want to show off your cool desktop, visit our new Show & Tell forum!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: 123messenger Please help again  (Read 2205 times)
stiefmaier
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 28


Bookmark and Share

View Profile
« on: March 29, 2008, 09:31:40 PM »

here is my HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:15 PM, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\run\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\run\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\PV92Tray.exe
C:\willi\util\virus stuff\firewalls\zone alarm\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\run\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\palmOnevisor\HOTSYNC.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\run\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\run\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\willi\util\VERSIO~1\cs-rcs\System\csrcssrv.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\Daddy\LOCALS~1\Temp\bblattes.exe
C:\WINDOWS\system32\sbwltbxa.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\LD319.tmp
C:\DOCUME~1\Daddy\LOCALS~1\Temp\syswcc32.exe
C:\Program Files\Bat\X_Bat.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\willi\util\virus stuff\firewalls\zone alarm\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\run\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOnevisor\HOTSYNC.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Add to Library - {ECDCA4E5-DE44-4b94-8F46-CD0D5B4895FC} - C:\WILLI\UTIL\DRAWING PRGS\AMICUS50\Research\GetTags.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.3.8.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138482238968
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.27/ttinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O20 - Winlogon Notify: !SASWinLogon - C:\willi\util\virus stuff\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\willi\util\webserver\appache\bin\httpd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\run\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\run\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\run\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\run\ashWebSv.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Security Service (VVCV) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 14031 bytes
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: March 29, 2008, 11:08:10 PM »

Ummmmmm....a bit of a mess.


Please download SDFix from here and save it to your desktop

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.

=================================


Ok.We  need to download ComboFix.exe. This will  give a better view to the files running and also hidden on your computer.

Please visit this webpage for download links, and instructions for running the tool


When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new HijackThis log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a security analyst.

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
Logged

An Australian Member of

EDDY
stiefmaier
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 28


Bookmark and Share

View Profile
« Reply #2 on: March 30, 2008, 12:50:25 AM »

Sorry it took so long here is the sd fix log

SDFix: Version 1.164

Run by Daddy on Sat 03/29/2008 at 08:09 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name:
VVCV

Path:
C:\WINDOWS\system32\svcd\svchost.exe

VVCV - Deleted

Killing PID 804 'sbwltbxa.exe'
Killing PID 804 'sbwltbxa.exe'
Killing PID 804 'sbwltbxa.exe'


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting


Checking Files :

Trojan Files Found:

C:\Program Files\Common Files\Yazzle1552OinAdmin.exe - Deleted
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe - Deleted
C:\WINDOWS\default.htm  - Deleted
C:\WINDOWS\system32\bpk.dat  - Deleted
C:\WINDOWS\system32\CID  - Deleted
C:\WINDOWS\system32\regsvr.exe  - Deleted
C:\WINDOWS\system32\sbwltbxa.exe  - Deleted
C:\WINDOWS\system32\update32.exe.tmp  - Deleted
C:\WINDOWS\system32\upds.log  - Deleted
C:\WINDOWS\system32\url1  - Deleted
C:\WINDOWS\system32\url2  - Deleted
C:\WINDOWS\system32\url3  - Deleted
C:\WINDOWS\system32\web.dat  - Deleted
C:\WINDOWS\system32\winfrun32.bin  - Deleted
C:\WINDOWS\system32\wscmp.dll.tmp  - Deleted





Removing Temp Files

ADS Check :
 


                                 Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 20:27:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\aim\\aim.exe"="C:\\Program Files\\aim\\aim.exe:*:Enabled:AOL Instant Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files\\aim\\aim.exe"="C:\\Program Files\\aim\\aim.exe:*:Enabled:AOL Instant Messenger"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 15 Oct 1996        12,800 ...H. --- "C:\peem\ersatzteile\~WRL0002.tmp"
Mon 14 Oct 1996        12,800 ...H. --- "C:\peem\ersatzteile\~WRL0003.tmp"
Tue 15 Oct 1996        17,920 ...H. --- "C:\peem\ersatzteile\~WRL0004.tmp"
Mon 21 Oct 1996        19,456 ...H. --- "C:\peem\ersatzteile\~WRL0870.tmp"
Fri 18 Oct 1996        12,288 ...H. --- "C:\peem\ersatzteile\~WRL0895.tmp"
Mon 21 Oct 1996        14,848 ...H. --- "C:\peem\ersatzteile\~WRL3525.tmp"
Mon 21 Oct 1996        13,824 ...H. --- "C:\peem\ersatzteile\~WRL3674.tmp"
Tue 27 Dec 2005            56 A.SHR --- "C:\WINDOWS\system32\5BCB92A0DC.sys"
Thu 29 Dec 2005         4,182 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sun 19 Sep 2004         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 19 Sep 2004           401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv12.bak"
Fri  8 Jul 2005           400 A.SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Fri  8 Jul 2005            48 A.SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Fri  8 Jul 2005           400 A.SH. --- "C:\Documents and Settings\All Users\DRM\v3ks.bla.bak"
Tue  2 Sep 2003       143,360 ...H. --- "C:\Documents and Settings\Melissa\My Documents\~WRL0001.tmp"
Wed 19 May 2004        84,480 ...H. --- "C:\Documents and Settings\Melissa\My Documents\~WRL1174.tmp"
Thu 20 May 2004     1,070,080 ...H. --- "C:\Documents and Settings\Melissa\My Documents\~WRL2107.tmp"
Fri 21 Nov 2003       798,720 ...H. --- "C:\Documents and Settings\Melissa\My Documents\~WRL2678.tmp"
Thu 20 May 2004        81,408 ...H. --- "C:\Documents and Settings\Melissa\My Documents\~WRL2800.tmp"
Mon 23 May 2005       141,824 ...H. --- "C:\Documents and Settings\Melissa\My Documents\~WRL3366.tmp"
Tue 12 Sep 2000       203,264 ...H. --- "C:\peem\doku\berichte\~WRL3476.tmp"
Fri  6 Sep 1996        85,504 ...H. --- "C:\peem\doku\vorlagen\~WRL0881.tmp"
Fri  6 Sep 1996        88,064 ...H. --- "C:\peem\doku\vorlagen\~WRL1353.tmp"
Fri  6 Sep 1996        85,504 ...H. --- "C:\peem\doku\vorlagen\~WRL1402.tmp"
Mon 17 Apr 2000       154,112 ...H. --- "C:\peem\doku\vorlagen\~WRL4092.tmp"
Thu 15 Jan 1998        13,824 ...H. --- "C:\peem\ersatzteile\werkzeugkisten\~WRL3515.tmp"
Thu  5 Jul 2007       146,432 ..SHR --- "C:\Program Files\Verizon Wireless\V CAST Music Manager\Setup.exe"
Mon  7 May 2007        53,248 A.SHR --- "C:\Program Files\Verizon Wireless\V CAST Music Manager\_Setupx.dll"
Thu 22 Nov 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 16 Sep 2004       397,824 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Notations all Issues Volume 2\~WRL0003.tmp"
Mon  7 Feb 2005       352,256 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Notations all Issues Volume 2\~WRL0005.tmp"
Thu 18 Nov 2004     1,107,968 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Notations all Issues Volume 2\~WRL1926.tmp"
Thu 19 Feb 2004        29,184 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Notations all issues volume 1\~WRL0565.tmp"
Mon  6 Oct 2003       200,869 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Notations all issues volume 1\~WRL0809.tmp"
Fri  9 Apr 2004        46,080 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Notations articles sent to me Volume 1\~WRL3858.tmp"
Sat  8 Jan 2005       200,192 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Notations articles sent to me Volume 2\~WRL0002.tmp"
Mon 21 Mar 2005        95,744 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Notations articles sent to me Volume 2\~WRL0004.tmp"
Sat  8 Jan 2005       207,360 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Notations articles sent to me Volume 2\~WRL0026.tmp"
Fri  4 Feb 2005        28,160 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Notations articles sent to me Volume 2\~WRL0601.tmp"
Sat  8 Jan 2005       208,384 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Notations articles sent to me Volume 2\~WRL1293.tmp"
Sat  8 Jan 2005       201,728 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Notations articles sent to me Volume 2\~WRL2511.tmp"
Sat  8 Jan 2005       208,896 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Notations articles sent to me Volume 2\~WRL2573.tmp"
Sat  8 Jan 2005       201,216 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Notations articles sent to me Volume 2\~WRL3690.tmp"
Mon 21 Mar 2005       157,184 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Notations articles sent to me Volume 2\~WRL4032.tmp"
Tue 11 Jul 1995        32,256 ...H. --- "C:\old PC\old C drive\Program Files\Accessories\mspcx32.dll"
Tue 11 Jul 1995        22,016 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\CCDIALER.EXE"
Tue 11 Jul 1995        13,312 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\CCEI.DLL"
Tue 11 Jul 1995        13,824 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\CCPSH.DLL"
Tue 11 Jul 1995        23,552 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\CONFAPI.DLL"
Tue 11 Jul 1995        12,800 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\DATAEDCL.DLL"
Tue 11 Jul 1995         3,584 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\DNR.EXE"
Sun 31 Dec 1995        72,704 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\ENGCT.EXE"
Tue 11 Jul 1995        10,752 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\FINDSTUB.DLL"
Sun 31 Dec 1995       116,224 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\GUIDE.EXE"
Tue 11 Jul 1995        58,368 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\HOMEBASE.DLL"
Tue 11 Jul 1995        53,248 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\MMVDIB12.DLL"
Tue 11 Jul 1995        24,576 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\MOSAF.DLL"
Tue 11 Jul 1995       149,504 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\MOSCOMP.DLL"
Tue 11 Jul 1995        69,632 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\MOSCP.EXE"
Tue 11 Jul 1995        25,600 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\MOSFIND.DLL"
Tue 11 Jul 1995       182,784 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\MOSSHELL.DLL"
Tue 11 Jul 1995         7,680 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\MOSSTUB.DLL"
Tue 11 Jul 1995        55,296 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\MOSVIEW.EXE"
Sun 31 Dec 1995        88,064 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\MPCCL.DLL"
Tue 11 Jul 1995        25,600 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\MSNDUI.DLL"
Tue 11 Jul 1995        52,224 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\MSNFIND.EXE"
Tue 11 Jul 1995       112,128 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\MVCL14N.DLL"
Tue 11 Jul 1995        51,712 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\MVPR14N.DLL"
Tue 11 Jul 1995        77,312 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\MVTTL14C.DLL"
Tue 11 Jul 1995        10,240 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\MVUT14N.DLL"
Tue 11 Jul 1995        29,184 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\SACLIENT.DLL"
Tue 11 Jul 1995        15,360 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\SECURCL.DLL"
Tue 11 Jul 1995        53,248 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\TEXTCHAT.EXE"
Tue 11 Jul 1995        17,408 ...H. --- "C:\old PC\old C drive\Program Files\The Microsoft Network\TREEEDCL.DLL"
Tue 15 Oct 1996        12,800 ...H. --- "C:\old PC\old E drive\peem\ersatzteile\~WRL0002.tmp"
Mon 14 Oct 1996        12,800 ...H. --- "C:\old PC\old E drive\peem\ersatzteile\~WRL0003.tmp"
Tue 15 Oct 1996        17,920 ...H. --- "C:\old PC\old E drive\peem\ersatzteile\~WRL0004.tmp"
Mon 21 Oct 1996        19,456 ...H. --- "C:\old PC\old E drive\peem\ersatzteile\~WRL0870.tmp"
Fri 18 Oct 1996        12,288 ...H. --- "C:\old PC\old E drive\peem\ersatzteile\~WRL0895.tmp"
Mon 21 Oct 1996        14,848 ...H. --- "C:\old PC\old E drive\peem\ersatzteile\~WRL3525.tmp"
Mon 21 Oct 1996        13,824 ...H. --- "C:\old PC\old E drive\peem\ersatzteile\~WRL3674.tmp"
Sun  1 Nov 1998        13,312 ...H. --- "C:\old PC\old E drive\willi\resumes & sonstiges\~WRL0002.tmp"
Tue 20 Feb 2001        23,040 ...H. --- "C:\peem\doku\berichte\arberichte\~WRL0798.tmp"
Mon 13 Nov 2006       319,456 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll"
Sun 22 Aug 2004         1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
Sun 22 Aug 2004        12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"
Thu 23 Sep 2004         4,438 A..H. --- "C:\Program Files\Microsoft Office\Office\Shortcut Bar\Acc131.tmp"
Sun 19 Dec 2004         4,438 A..H. --- "C:\Program Files\Microsoft Office\Office\Shortcut Bar\Acc64.tmp"
Sun 19 Dec 2004         4,438 A..H. --- "C:\Program Files\Microsoft Office\Office\Shortcut Bar\Fav66.tmp"
Wed 18 Jul 2007         9,718 A..H. --- "C:\Program Files\Microsoft Office\Office\Shortcut Bar\Off147.tmp"
Sun 19 Nov 2006         9,718 A..H. --- "C:\Program Files\Microsoft Office\Office\Shortcut Bar\Off3.tmp"
Sun  2 Oct 2005         9,718 A..H. --- "C:\Program Files\Microsoft Office\Office\Shortcut Bar\OffB4.tmp"
Sat 16 Oct 2004         8,246 A..H. --- "C:\Program Files\Microsoft Office\Office\Shortcut Bar\OffB4h.tmp"
Sat 16 Oct 2004         8,246 A..H. --- "C:\Program Files\Microsoft Office\Office\Shortcut Bar\OffB4s.tmp"
Sat 22 Mar 2008         9,718 A..H. --- "C:\Program Files\Microsoft Office\Office\Shortcut Bar\OffFD.tmp"
Sat 16 Oct 2004         8,246 A..H. --- "C:\Program Files\Microsoft Office\Office\Shortcut Bar\Officeh.tmp"
Sat 16 Oct 2004         8,246 A..H. --- "C:\Program Files\Microsoft Office\Office\Shortcut Bar\Offices.tmp"
Sun 19 Dec 2004        22,198 A..H. --- "C:\Program Files\Microsoft Office\Office\Shortcut Bar\Pro67.tmp"
Sun 19 Dec 2004         3,958 A..H. --- "C:\Program Files\Microsoft Office\Office\Shortcut Bar\Qui68.tmp"
Sun 19 Sep 2004         4,348 ...H. --- "C:\Documents and Settings\Caitlin\My Documents\My Music\License Backup\drmv1key.bak"
Fri  3 Nov 2006           401 A..H. --- "C:\Documents and Settings\Caitlin\My Documents\My Music\License Backup\drmv1lic.bak"
Wed 31 May 2006           488 A.SH. --- "C:\Documents and Settings\Caitlin\My Documents\My Music\License Backup\drmv2key.bak"
Sun 19 Sep 2004         4,348 ...H. --- "C:\Documents and Settings\Daddy\My Documents\My Music\License Backup\drmv1key.bak"
Sat 27 Aug 2005           401 ...H. --- "C:\Documents and Settings\Daddy\My Documents\My Music\License Backup\drmv1lic.bak"
Fri  8 Jul 2005           400 ...H. --- "C:\Documents and Settings\Daddy\My Documents\My Music\License Backup\drmv2key.bak"
Sat 27 Aug 2005         1,536 ...H. --- "C:\Documents and Settings\Daddy\My Documents\My Music\License Backup\drmv2lic.bak"
Sat  8 Jan 2005       200,192 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Notations all Issues Volume 2\Notations articles sent to me Volume 2\~WRL0002.tmp"
Mon 21 Mar 2005        95,744 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Notations all Issues Volume 2\Notations articles sent to me Volume 2\~WRL0004.tmp"
Sat  8 Jan 2005       207,360 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Notations all Issues Volume 2\Notations articles sent to me Volume 2\~WRL0026.tmp"
Fri  4 Feb 2005        28,160 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Notations all Issues Volume 2\Notations articles sent to me Volume 2\~WRL0601.tmp"
Sat  8 Jan 2005       208,384 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Notations all Issues Volume 2\Notations articles sent to me Volume 2\~WRL1293.tmp"
Sat  8 Jan 2005       201,728 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Notations all Issues Volume 2\Notations articles sent to me Volume 2\~WRL2511.tmp"
Sat  8 Jan 2005       208,896 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Notations all Issues Volume 2\Notations articles sent to me Volume 2\~WRL2573.tmp"
Sat  8 Jan 2005       201,216 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Notations all Issues Volume 2\Notations articles sent to me Volume 2\~WRL3690.tmp"
Mon 21 Mar 2005       157,184 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Notations all Issues Volume 2\Notations articles sent to me Volume 2\~WRL4032.tmp"
Logged

 
stiefmaier
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 28


Bookmark and Share

View Profile
« Reply #3 on: March 30, 2008, 12:50:41 AM »

Fri  9 Apr 2004        46,080 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Notations all Issues Volume 2\Notations articles sent to me Volume 1\~WRL3858.tmp"
Tue 12 Sep 2000       203,264 ...H. --- "C:\old PC\old E drive\peem\doku\berichte\~WRL3476.tmp"
Fri  6 Sep 1996        85,504 ...H. --- "C:\old PC\old E drive\peem\doku\vorlagen\~WRL0881.tmp"
Fri  6 Sep 1996        88,064 ...H. --- "C:\old PC\old E drive\peem\doku\vorlagen\~WRL1353.tmp"
Fri  6 Sep 1996        85,504 ...H. --- "C:\old PC\old E drive\peem\doku\vorlagen\~WRL1402.tmp"
Mon 17 Apr 2000       154,112 ...H. --- "C:\old PC\old E drive\peem\doku\vorlagen\~WRL4092.tmp"
Thu 15 Jan 1998        13,824 ...H. --- "C:\old PC\old E drive\peem\ersatzteile\werkzeugkisten\~WRL3515.tmp"
Thu  3 Aug 2000       214,016 ...H. --- "C:\peem\baustellen\hanin\2048 shipping\podest\~WRL1002.tmp"
Thu  3 Aug 2000       214,016 ...H. --- "C:\peem\baustellen\hanin\2048 shipping\podest\~WRL1457.tmp"
Thu  3 Aug 2000       214,016 ...H. --- "C:\peem\baustellen\hanin\2048 shipping\podest\~WRL4022.tmp"
Thu 18 Jan 2001       207,360 ...H. --- "C:\peem\doku\berichte\berichte 2001\jan feb\~WRL0004.tmp"
Mon 11 Sep 2000       203,776 ...H. --- "C:\peem\doku\berichte\berichte 2000\apr-sept 2000\~WRL0003.tmp"
Sun 18 Jun 2000       213,504 ...H. --- "C:\peem\doku\berichte\berichte 2000\apr-sept 2000\~WRL3330.tmp"
Wed 27 Oct 1999       221,696 ...H. --- "C:\peem\doku\berichte\berichte 1999\rest year 99\~WRL0004.tmp"
Mon 21 Jun 1999       204,288 ...H. --- "C:\peem\doku\berichte\berichte 1999\rest year 99\~WRL2695.tmp"
Fri 15 Aug 2003       111,824 A..H. --- "C:\Program Files\Common Files\aolshare\shell\us\shellext.dll"
Wed 12 Dec 2001       102,400 A..H. --- "C:\Program Files\Common Files\csshare\shell\us\shellext.dll"
Tue  7 Jun 2005        25,600 ...H. --- "C:\willi\hdl stuff\ec\doku\parts\~WRL1554.tmp"
Sun 23 Jan 2005         2,090 ..SH. --- "C:\Documents and Settings\Melissa\Application Data\Roxio\Dragon\DiscInfoCache\JLMS_____XJ-HD166S________DTS5_300_DICV018_DRGV20100BC.TMP"
Tue 20 Feb 2001        23,040 ...H. --- "C:\old PC\old E drive\peem\doku\berichte\arberichte\~WRL0798.tmp"
Thu  3 Aug 2000       214,016 ...H. --- "C:\old PC\old E drive\peem\baustellen\hanin\2048 shipping\podest\~WRL1002.tmp"
Thu  3 Aug 2000       214,016 ...H. --- "C:\old PC\old E drive\peem\baustellen\hanin\2048 shipping\podest\~WRL1457.tmp"
Thu  3 Aug 2000       214,016 ...H. --- "C:\old PC\old E drive\peem\baustellen\hanin\2048 shipping\podest\~WRL4022.tmp"
Thu 18 Jan 2001       207,360 ...H. --- "C:\old PC\old E drive\peem\doku\berichte\berichte 2001\jan feb\~WRL0004.tmp"
Mon 11 Sep 2000       203,776 ...H. --- "C:\old PC\old E drive\peem\doku\berichte\berichte 2000\apr-sept 2000\~WRL0003.tmp"
Sun 18 Jun 2000       213,504 ...H. --- "C:\old PC\old E drive\peem\doku\berichte\berichte 2000\apr-sept 2000\~WRL3330.tmp"
Wed 27 Oct 1999       221,696 ...H. --- "C:\old PC\old E drive\peem\doku\berichte\berichte 1999\rest year 99\~WRL0004.tmp"
Mon 21 Jun 1999       204,288 ...H. --- "C:\old PC\old E drive\peem\doku\berichte\berichte 1999\rest year 99\~WRL2695.tmp"
Fri 30 May 2003        21,504 ...H. --- "C:\peem\baustellen\blockbuster\spare part infos\infos fr hdl\SCHAEFER Spare parts\2003\~WRL0003.tmp"
Fri 30 May 2003        22,528 ...H. --- "C:\peem\baustellen\blockbuster\spare part infos\infos fr hdl\SCHAEFER Spare parts\2003\~WRL0005.tmp"
Fri 30 May 2003        22,528 ...H. --- "C:\peem\baustellen\blockbuster\spare part infos\infos fr hdl\SCHAEFER Spare parts\2003\~WRL2383.tmp"
Fri 30 May 2003        22,528 ...H. --- "C:\peem\baustellen\blockbuster\spare part infos\infos fr hdl\SCHAEFER Spare parts\2003\~WRL3590.tmp"
Sun 15 Feb 2004        51,712 ..SHR --- "C:\willi\util\programming\javascript\debuggers\interceptor\HTTP Interceptor\Setup.exe"

Finished!

Logged

 
stiefmaier
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 28


Bookmark and Share

View Profile
« Reply #4 on: March 30, 2008, 12:51:28 AM »

Should I run combofix now?
Logged

 
stiefmaier
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 28


Bookmark and Share

View Profile
« Reply #5 on: March 30, 2008, 01:06:00 AM »

Here is the combofix log

ComboFix 08-03-22.1 - Daddy 2008-03-29 20:53:30.5 - NTFSx86
Running from: C:\Documents and Settings\Daddy\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\seekmo
C:\Program Files\seekmo\seekmohook.dll
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\opnnlmkh.dll
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll

.
(((((((((((((((((((((((((   Files Created from 2008-02-28 to 2008-03-30  )))))))))))))))))))))))))))))))
.

2008-03-29 19:38 . 2008-03-29 19:38   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-03-29 19:27 . 2008-03-29 19:27   55,296   --a------   C:\WINDOWS\system32\L88A1.tmp
2008-03-29 19:27 . 2008-03-29 19:27   9,296   --a------   C:\WINDOWS\system32\L914C.tmp
2008-03-29 19:23 . 2008-03-29 20:45   <DIR>   d--------   C:\SDFix
2008-03-29 19:12 . 2008-03-29 19:12   12,288   --a------   C:\WINDOWS\123messenger.per
2008-03-29 19:10 . 2008-03-29 19:10   <DIR>   d--------   C:\Program Files\zango
2008-03-29 19:08 . 2008-03-29 19:08   <DIR>   d--------   C:\Program Files\180solutions
2008-03-29 19:08 . 2008-03-29 19:08   <DIR>   d--------   C:\Program Files\180searchassistant
2008-03-29 19:08 . 2008-03-29 19:08   <DIR>   d--------   C:\Program Files\180search assistant
2008-03-29 16:55 . 2008-03-29 16:55   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-29 16:45 . 2008-03-29 16:45   <DIR>   d--------   C:\Program Files\Sysmnt
2008-03-29 16:45 . 2008-03-29 16:45   <DIR>   d--------   C:\Program Files\stc
2008-03-29 16:14 . 2008-03-29 17:03   <DIR>   d--------   C:\Program Files\Bat
2008-03-29 16:13 . 2008-03-29 16:13   229,527   --a------   C:\WINDOWS\system32\LD3F4.tmp
2008-03-29 16:13 . 2008-03-29 16:13   55,296   ---------   C:\WINDOWS\system32\LD319.tmp
2008-03-29 16:13 . 2008-03-29 16:13   23,040   --a------   C:\WINDOWS\system32\LF45D.tmp
2008-03-29 16:12 . 2008-03-29 16:12   229,527   --a------   C:\WINDOWS\system32\L19BC.tmp
2008-03-29 16:12 . 2008-03-29 16:12   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-03-29 16:12 . 2008-03-29 16:12   23,040   --a------   C:\WINDOWS\system32\L2594.tmp
2008-03-29 16:12 . 2008-03-29 16:12   1,409   --a------   C:\WINDOWS\QTFont.for
2008-03-23 08:10 . 2008-03-23 08:10   <DIR>   d--------   C:\WINDOWS\system32\Kaspersky Lab
2008-03-23 08:10 . 2008-03-23 08:10   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-23 02:16 . 2008-03-23 02:18   <DIR>   d--------   C:\ComboFix2
2008-03-22 20:38 . 2008-03-22 20:38   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-15 20:35 . 2008-03-15 20:35   <DIR>   d--------   C:\Program Files\Audible
2008-03-15 20:35 . 2008-03-15 20:35   417,792   --a------   C:\WINDOWS\system32\awrdscdc.ax
2008-03-15 20:31 . 1999-11-17 13:00   25,088   ---------   C:\WINDOWS\system32\CTSVCCTL.EXE
2008-03-15 20:30 . 2008-03-15 20:32   <DIR>   d--h-----   C:\Program Files\Creative Installation Information
2008-03-15 20:30 . 2008-03-15 20:30   <DIR>   d--------   C:\Program Files\Common Files\Creative
2008-03-13 21:06 . 2008-03-13 21:06   <DIR>   d--------   C:\Program Files\Common Files\Motorola Shared
2008-03-13 21:06 . 2008-03-13 21:11   1,609,728   --a------   C:\WINDOWS\MEDB.mdb
2008-03-13 21:06 . 2007-05-01 18:23   528,384   ---------   C:\WINDOWS\system32\VZWDownManager.exe
2008-03-13 21:06 . 2007-05-01 18:23   49,152   ---------   C:\WINDOWS\system32\VZWDLManager.dll
2008-03-13 21:06 . 2007-05-02 04:34   375   ---------   C:\WINDOWS\system32\VZWDLManager.inf
2008-03-13 21:05 . 2008-03-13 21:05   <DIR>   d--------   C:\Program Files\Verizon Wireless
2008-03-12 03:03 . 2008-03-12 03:03   118   --a------   C:\WINDOWS\system32\MRT.INI
2008-02-26 23:00 . 2008-02-26 23:00   <DIR>   d--------   C:\Documents and Settings\Daddy\Application Data\TaxCut
2008-02-26 22:59 . 2008-02-26 22:59   <DIR>   d--------   C:\Program Files\PDF995
2008-02-26 22:57 . 2008-02-26 22:57   <DIR>   d--hs----   C:\WINDOWS\ftpcache
2008-02-26 22:57 . 2008-02-26 22:57   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\TaxCut
2008-02-13 00:56 . 2008-02-13 01:03   <DIR>   d--------   C:\Program Files\MTV Virtual World
2008-02-06 19:55 . 2008-02-10 23:04   <DIR>   d--------   C:\Documents and Settings\Daddy\Application Data\Move Networks

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 12:31   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Retrospect
2008-03-23 11:49   ---------   d-----w   C:\Program Files\QuickTime
2008-03-23 11:49   ---------   d-----w   C:\Program Files\MSN Messenger
2008-03-23 11:49   ---------   d-----w   C:\Program Files\Microsoft Works
2008-03-23 11:49   ---------   d-----w   C:\Program Files\Lexmark X5100 Series
2008-03-23 11:49   ---------   d-----w   C:\Program Files\aim
2008-03-23 11:49   ---------   d-----w   C:\Program Files\2Wire
2008-03-16 22:30   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-03-16 02:20   20,689,659   ----a-w   C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_03_13_21_11_41_full.dmp.zip
2008-03-16 00:40   ---------   d-----w   C:\Documents and Settings\Daddy\Application Data\Creative
2008-03-16 00:30   ---------   d-----w   C:\Program Files\Creative
2008-03-16 00:27   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Creative
2008-03-15 02:23   ---------   d-----w   C:\Program Files\Google
2008-03-07 14:21   ---------   d-----w   C:\Program Files\games
2008-03-07 13:26   48,102,136   ----a-w   C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-01 17:12   ---------   d-----w   C:\Program Files\palmOnevisor
2008-01-30 21:25   ---------   d-----w   C:\Program Files\AOD
2008-01-29 02:38   ---------   d-----w   C:\Program Files\AIM6
2008-01-29 02:37   ---------   d-----w   C:\Program Files\Common Files\AOL
2008-01-29 02:28   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL
2008-01-28 04:06   ---------   d-----w   C:\Program Files\Microsoft.NET
2008-01-28 04:01   ---------   d-----w   C:\Program Files\Microsoft SQL Server
2008-01-15 23:38   15,360   ----a-w   C:\WINDOWS\system32\ctfmon.exe
2008-01-10 08:10   1,428,992   ----a-w   C:\WINDOWS\Internet Logs\xDB1A.tmp
2007-12-12 08:10   2,633,728   ----a-w   C:\WINDOWS\Internet Logs\xDB19.tmp
2007-12-07 02:21   824,832   ----a-w   C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38   550,912   ----a-w   C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04   837,496   ----a-w   C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54   95,608   ----a-w   C:\WINDOWS\system32\AVASTSS.scr
2007-08-15 07:13   2,621,440   ----a-w   C:\WINDOWS\Internet Logs\xDB18.tmp
2007-04-04 15:11   6,072   ----a-w   C:\Documents and Settings\All Users\Application Data\ypinfo.bin
2006-08-27 00:18   55,025   ----a-w   C:\WINDOWS\Internet Logs\zlclient_2nd_2006_08_26_13_27_47_small.dmp.zip
2006-08-27 00:18   50,314   ----a-w   C:\WINDOWS\Internet Logs\zlclient_2nd_2006_08_26_13_29_29_small.dmp.zip
2006-04-26 02:20   82,432   ----a-w   C:\WINDOWS\Internet Logs\xDB17.tmp
2006-04-21 14:04   34,419   ----a-w   C:\WINDOWS\Internet Logs\vsmon_2nd_2006_04_21_10_01_48_small.dmp.zip
2006-04-21 14:01   13,312   ----a-w   C:\WINDOWS\Internet Logs\xDB16.tmp
2006-04-21 13:40   4,167,168   ----a-w   C:\WINDOWS\Internet Logs\xDB15.tmp
2006-04-21 13:40   15,872   ----a-w   C:\WINDOWS\Internet Logs\xDB14.tmp
2006-04-21 13:33   1,101,824   ----a-w   C:\WINDOWS\Internet Logs\xDB13.tmp
2006-03-14 01:25   2,621,440   ----a-w   C:\WINDOWS\Internet Logs\xDB12.tmp
2005-12-20 01:38   774,144   ----a-w   C:\Program Files\RngInterstitial.dll
2005-12-01 23:01   12,439,622   ----a-w   C:\WINDOWS\Internet Logs\zlclient_2nd_2005_12_01_17_38_44.dmp.zip
2005-10-15 19:34   3,100,160   ----a-w   C:\WINDOWS\Internet Logs\xDB10.tmp
2005-10-15 19:34   3,018,752   ----a-w   C:\WINDOWS\Internet Logs\xDBF.tmp
2005-10-03 02:55   3,091,456   ----a-w   C:\WINDOWS\Internet Logs\xDBD.tmp
2005-10-03 02:55   2,455,040   ----a-w   C:\WINDOWS\Internet Logs\xDB11.tmp
2005-09-24 00:11   2,703,872   ----a-w   C:\WINDOWS\Internet Logs\xDBE.tmp
2005-09-24 00:06   2,966,016   ----a-w   C:\WINDOWS\Internet Logs\xDBC.tmp
2005-06-13 01:23   2,727,424   ----a-w   C:\WINDOWS\Internet Logs\xDBA.tmp
2005-05-29 19:19   2,696,704   ----a-w   C:\WINDOWS\Internet Logs\xDBB.tmp
2005-05-29 19:17   2,650,624   ----a-w   C:\WINDOWS\Internet Logs\xDB9.tmp
2005-04-18 01:52   2,610,176   ----a-w   C:\WINDOWS\Internet Logs\xDB8.tmp
2005-04-18 01:52   2,003,456   ----a-w   C:\WINDOWS\Internet Logs\xDB7.tmp
2005-04-02 19:33   2,649,088   ----a-w   C:\WINDOWS\Internet Logs\xDB6.tmp
2005-04-02 19:33   1,889,792   ----a-w   C:\WINDOWS\Internet Logs\xDB5.tmp
2005-02-12 16:41   19,968   ----a-w   C:\WINDOWS\Internet Logs\xDB4.tmp
2005-02-12 16:41   1,382,400   ----a-w   C:\WINDOWS\Internet Logs\xDB3.tmp
2005-02-12 16:33   2,747,392   ----a-w   C:\WINDOWS\Internet Logs\xDB2.tmp
2005-02-12 16:31   1,638,912   ----a-w   C:\WINDOWS\Internet Logs\xDB1.tmp
2005-02-03 15:14   21   ------w   C:\Documents and Settings\All Users\Application Data\emopts.dat
2005-01-16 18:42   14,682   ------w   C:\WINDOWS\Fonts\nightmare.zip
2005-01-16 18:39   37,852   ------w   C:\WINDOWS\Fonts\skellingtonbats.zip
2004-12-19 12:58   1,042   ----a-w   C:\Program Files\i_view32.ini
2004-09-05 23:02   19,129   ---ha-w   C:\Program Files\i_view32.GID
2004-09-03 18:39   794   ----a-w   C:\Program Files\i_languages.txt
2004-09-03 18:39   7,182   ----a-w   C:\Program Files\i_options.txt
2004-09-03 18:39   661   ----a-w   C:\Program Files\i_view32.exe.manifest
2004-09-03 18:39   48,348   ----a-w   C:\Program Files\i_changes.txt
2004-09-03 18:39   441,856   ----a-w   C:\Program Files\i_view32.exe
2004-09-03 18:39   4,811   ----a-w   C:\Program Files\i_plugins.txt
2004-09-03 18:39   31,744   ----a-w   C:\Program Files\iv_uninstall.exe
2004-09-03 18:39   3,929   ----a-w   C:\Program Files\i_view32.cnt
2004-09-03 18:39   209,922   ----a-w   C:\Program Files\i_view32.hlp
2004-09-03 18:39   2,101   ----a-w   C:\Program Files\i_about.txt
2005-12-28 02:35   56   --sha-r   C:\WINDOWS\system32\5BCB92A0DC.sys
2005-12-29 19:12   4,182   --sha-w   C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-03-22_11.24.42.12   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-29 20:45:19   22,784   ----a-w   C:\WINDOWS\apphelp32.dll
+ 2008-03-29 20:45:19   22,016   ----a-w   C:\WINDOWS\asferror32.dll
+ 2008-03-29 20:45:19   14,592   ----a-w   C:\WINDOWS\asycfilt32.dll
+ 2008-03-29 20:45:20   15,104   ----a-w   C:\WINDOWS\athprxy32.dll
+ 2008-03-29 20:45:20   25,344   ----a-w   C:\WINDOWS\ati2dvaa32.dll
+ 2008-03-29 20:45:20   16,384   ----a-w   C:\WINDOWS\ati2dvag32.dll
+ 2008-03-29 20:45:20   9,984   ----a-w   C:\WINDOWS\audiosrv32.dll
+ 2008-03-29 20:45:21   17,664   ----a-w   C:\WINDOWS\autodisc32.dll
+ 2008-03-29 20:45:21   15,872   ----a-w   C:\WINDOWS\avifile32.dll
+ 2008-03-29 20:45:21   24,576   ----a-w   C:\WINDOWS\avisynthex32.dll
+ 2008-03-29 20:45:21   22,528   ----a-w   C:\WINDOWS\aviwrap32.dll
+ 2008-03-29 20:45:22   22,272   ----a-w   C:\WINDOWS\browserad.dll
+ 2008-03-29 20:45:19   28,672   ----a-w   C:\WINDOWS\changeurl_30.dll
+ 2008-03-30 00:58:19   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-03-29 23:54:45   14,643,200   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-03-29 23:54:45   458,752   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-03-30 00:58:19   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-03-29 23:38:20   14,643,200   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-03-29 23:38:20   458,752   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2008-03-22 19:45:57   20,224   ----a-w   C:\WINDOWS\FLEOK\180ax.exe
+ 2008-03-29 20:45:27   10,752   ----a-w   C:\WINDOWS\FLEOK\180ax.exe
+ 2008-03-29 20:45:25   9,984   ----a-w   C:\WINDOWS\msa64chk.dll
+ 2008-03-29 20:45:25   25,088   ----a-w   C:\WINDOWS\msapasrc.dll
+ 2008-03-29 20:45:23   19,456   ----a-w   C:\WINDOWS\ntnut.exe
+ 2008-03-29 20:45:23   10,496   ----a-w   C:\WINDOWS\shdocpe.dll
+ 2008-03-29 20:45:23   20,736   ----a-w   C:\WINDOWS\shdocpl.dll
- 2004-08-04 07:56:48   15,360   -c--a-w   C:\WINDOWS\system32\dllcache\ctfmon.exe
+ 2008-01-15 23:38:10   15,360   -c--a-w   C:\WINDOWS\system32\dllcache\ctfmon.exe
+ 2005-05-24 16:27:16   213,048   ----a-w   C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 19:47:20   94,208   ----a-w   C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 19:49:54   950,272   ----a-w   C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-03-29 20:45:26   16,128   ----a-w   C:\WINDOWS\system32\MSNSA32.dll
+ 2008-03-29 20:45:23   15,360   ----a-w   C:\WINDOWS\system32\ntnut32.exe
+ 2008-03-29 20:45:23   19,968   ----a-w   C:\WINDOWS\system32\shdocpe.dll
+ 2008-03-29 20:45:24   25,088   ----a-w   C:\WINDOWS\system32\SIPSPI32.dll
+ 2008-03-30 00:23:52   16,384   ----atw   C:\WINDOWS\temp\Perflib_Perfdata_5ac.dat
+ 2008-03-29 20:45:22   32,000   ----a-w   C:\WINDOWS\winsb.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-27 23:52 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-15 19:38 15360]
"AIM"="C:\Program Files\aim\aim.exe" [2008-01-27 23:51 67112]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 20:09 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2003-05-07 04:32 36864 C:\WINDOWS\system32\VTTimer.exe]
"PCTVOICE"="pctspk.exe" [2003-07-17 15:01 180224 C:\WINDOWS\system32\pctspk.exe]
"PV92TRAY"="PV92Tray.exe" [2003-06-24 18:47 311296 C:\WINDOWS\system32\PV92Tray.exe]
"Zone Labs Client"="C:\willi\util\virus stuff\firewalls\zone alarm\ZoneAlarm\zlclient.exe" [2006-03-16 11:34 755480]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\run\ashDisp.exe" [2008-01-15 22:50 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-15 19:37 282624]

C:\Documents and Settings\Daddy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
HotSync Manager.lnk - C:\Program Files\palmOnevisor\HOTSYNC.EXE [2007-08-04 21:33:06 299008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-07-11 01:00:00 122880]
Microsoft Office Shortcut Bar.lnk - C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE [1997-07-11 01:00:00 344064]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11 01:00:00 61440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\willi\util\virus stuff\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\willi\util\virus stuff\SASWINLO.dll 2007-04-19 14:41 294912 C:\willi\util\virus stuff\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2002-02-15 11:51 24638 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask  .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--------- 2003-02-10 03:59 47104 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\aim\\aim.exe"=

R2 portD;ABS PortIO Service;C:\WINDOWS\system32\DRIVERS\portd2k.sys [2003-03-19 09:28]
S3 Apache2.2;Apache2.2;"C:\willi\util\webserver\appache\bin\httpd.exe" -k runservice []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 21:00:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath"="\"C:\mysql\bin\mysqld-nt\" --defaults-file=\"C:\mysql\my.ini\" MySQL"
.
Completion time: 2008-03-29 21:02:53
ComboFix-quarantined-files.txt  2008-03-30 01:02:36
ComboFix2.txt  2008-03-23 12:06:10
ComboFix3.txt  2008-03-22 15:25:08
ComboFix4.txt  2007-11-16 17:25:15
.
2008-03-12 11:32:47   --- E O F --- 
Logged

 
stiefmaier
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 28


Bookmark and Share

View Profile
« Reply #6 on: March 30, 2008, 01:07:12 AM »

here is the new HJT log

Logfile of HijackThis v1.99.1
Scan saved at 9:04:40 PM, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\run\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\run\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\run\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\run\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\PV92Tray.exe
C:\willi\util\virus stuff\firewalls\zone alarm\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\run\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\palmOnevisor\HOTSYNC.EXE
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\willi\util\virus stuff\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\willi\util\virus stuff\firewalls\zone alarm\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\run\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOnevisor\HOTSYNC.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Add to Library - {ECDCA4E5-DE44-4b94-8F46-CD0D5B4895FC} - C:\WILLI\UTIL\DRAWING PRGS\AMICUS50\Research\GetTags.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.3.8.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138482238968
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.27/ttinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\willi\util\virus stuff\SASWINLO.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - C:\willi\util\webserver\appache\bin\httpd.exe" -k runservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\run\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\run\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\run\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\run\ashWebSv.exe" /service (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Logged

 
stiefmaier
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 28


Bookmark and Share

View Profile
« Reply #7 on: March 30, 2008, 01:29:52 AM »

I found this with the 1800 and zango in the program file area does this mean anything to you?

29/03/08 16:15:48  4756   
29/03/08 16:15:48  4756   
29/03/08 16:15:48  4756   === START === C:\Program Files\Bat\Bat.exe
29/03/08 16:15:48  4756   CommandLine="C:\Program Files\Bat\Bat.exe" /DELAY=120
29/03/08 16:15:48  4756   DoRunStubWin() --- Start
29/03/08 16:15:48  4756   X_ExeIsRunning=FALSE
29/03/08 16:15:48  4756   ThisIs_Plain_AutoUpdate_Exe=TRUE
29/03/08 16:15:48  4756   ThisIs_X_AutoUpdate_Exe=FALSE
29/03/08 16:15:48  4756   CreateAndRun_X_Exe() --- Start
29/03/08 16:15:48  4756   Wait 0 SEC
29/03/08 16:15:48  4756   Create X_ File
29/03/08 16:15:48  4756   WinExec: C:\Program Files\Bat\X_Bat.exe /SleepX=120
29/03/08 16:15:48 10144 X
29/03/08 16:15:48 10144 X
29/03/08 16:15:48 10144 X === START === C:\Program Files\Bat\X_Bat.exe
29/03/08 16:15:48 10144 X CommandLine="C:\Program Files\Bat\X_Bat.exe" /SleepX=120
29/03/08 16:15:48 10144 X DoRunStubWin() --- Start
29/03/08 16:15:48 10144 X X_ExeIsRunning=FALSE
29/03/08 16:15:48 10144 X ThisIs_Plain_AutoUpdate_Exe=FALSE
29/03/08 16:15:48 10144 X ThisIs_X_AutoUpdate_Exe=TRUE
29/03/08 16:15:48 10144 X CheckTestMode
29/03/08 16:15:48 10144 X WinMain
29/03/08 16:15:48  4756   CreateAndRun_X_Exe() --- End
29/03/08 16:15:48  4756   HandleParamOK() --- Start
29/03/08 16:15:48  4756   HandleParamOK() --- End
29/03/08 16:15:48  4756   DoRunStubWin() --- End
29/03/08 16:15:48  4756   === EXIT === C:\Program Files\Bat\Bat.exe
29/03/08 16:15:48  4756   
29/03/08 16:17:49 10144 X TestMode=FALSE
29/03/08 16:17:49 10144 X Download START: http://ezcoolpages.com/software/3D46D445-565E-4F8C-B341-B27241516E8D/updates\Bat.info
29/03/08 16:18:30 10144 X Download END:   http://ezcoolpages.com/software/3D46D445-565E-4F8C-B341-B27241516E8D/updates/Bat.info
29/03/08 16:18:30 10144 X GetOkToPerformAU = 0
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #8 on: March 30, 2008, 02:07:07 AM »

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Quote

Killall::

File::
  C:\WINDOWS\system32\L88A1.tmp
C:\WINDOWS\system32\L914C.tmp
  C:\WINDOWS\system32\LD3F4.tmp
 C:\WINDOWS\system32\LD319.tmp
 C:\WINDOWS\system32\LF45D.tmp
 C:\WINDOWS\system32\L19BC.tmp
C:\WINDOWS\system32\L2594.tmp


Folder::
 C:\Program Files\zango
 C:\Program Files\180solutions
 C:\Program Files\180searchassistant
 C:\Program Files\180search assistant
C:\WINDOWS\Internet Logs
C:\Program Files\Bat



 

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply  please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

« Last Edit: March 30, 2008, 02:11:35 AM by Pancake » Logged

An Australian Member of

EDDY
stiefmaier
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 28


Bookmark and Share

View Profile
« Reply #9 on: March 30, 2008, 02:41:02 AM »

OK here ya go!

ComboFix 08-03-22.1 - Daddy 2008-03-29 22:19:07.6 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.429 [GMT -4:00]
Running from: C:\Documents and Settings\Daddy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Daddy\Desktop\CFScript.txt.txt
 * Created a new restore point

FILE ::
C:\WINDOWS\system32\L19BC.tmp
C:\WINDOWS\system32\L2594.tmp
C:\WINDOWS\system32\L88A1.tmp
C:\WINDOWS\system32\L914C.tmp
C:\WINDOWS\system32\LD319.tmp
C:\WINDOWS\system32\LD3F4.tmp
C:\WINDOWS\system32\LF45D.tmp
.
TimedOut: Windir.dat
TimedOut: progfile.dat

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Internet Logs\BACKUP(2).RDB
C:\WINDOWS\Internet Logs\BACKUP.RDB
C:\WINDOWS\Internet Logs\dumpIndex
C:\WINDOWS\Internet Logs\fwdbglog.txt
C:\WINDOWS\Internet Logs\fwpktlog.txt
C:\WINDOWS\Internet Logs\IAMDB(2).RDB
C:\WINDOWS\Internet Logs\lspconflict.txt
C:\WINDOWS\Internet Logs\MAINHOMEPC.ldb
C:\WINDOWS\Internet Logs\tvDebug.log
C:\WINDOWS\Internet Logs\tvDebug.zip
C:\WINDOWS\Internet Logs\vsmon_2nd_2006_04_21_10_01_48_small.dmp.zip
C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_03_13_21_11_41_full.dmp.zip
C:\WINDOWS\Internet Logs\xDB1.tmp
C:\WINDOWS\Internet Logs\xDB10.tmp
C:\WINDOWS\Internet Logs\xDB11.tmp
C:\WINDOWS\Internet Logs\xDB12.tmp
C:\WINDOWS\Internet Logs\xDB13.tmp
C:\WINDOWS\Internet Logs\xDB14.tmp
C:\WINDOWS\Internet Logs\xDB15.tmp
C:\WINDOWS\Internet Logs\xDB16.tmp
C:\WINDOWS\Internet Logs\xDB17.tmp
C:\WINDOWS\Internet Logs\xDB18.tmp
C:\WINDOWS\Internet Logs\xDB19.tmp
C:\WINDOWS\Internet Logs\xDB1A.tmp
C:\WINDOWS\Internet Logs\xDB2.tmp
C:\WINDOWS\Internet Logs\xDB3.tmp
C:\WINDOWS\Internet Logs\xDB4.tmp
C:\WINDOWS\Internet Logs\xDB5.tmp
C:\WINDOWS\Internet Logs\xDB6.tmp
C:\WINDOWS\Internet Logs\xDB7.tmp
C:\WINDOWS\Internet Logs\xDB8.tmp
C:\WINDOWS\Internet Logs\xDB9.tmp
C:\WINDOWS\Internet Logs\xDBA.tmp
C:\WINDOWS\Internet Logs\xDBB.tmp
C:\WINDOWS\Internet Logs\xDBC.tmp
C:\WINDOWS\Internet Logs\xDBD.tmp
C:\WINDOWS\Internet Logs\xDBE.tmp
C:\WINDOWS\Internet Logs\xDBF.tmp
C:\WINDOWS\Internet Logs\zlclient_2nd_2005_12_01_17_38_44.dmp.zip
C:\WINDOWS\Internet Logs\zlclient_2nd_2006_08_26_13_27_47_small.dmp.zip
C:\WINDOWS\Internet Logs\zlclient_2nd_2006_08_26_13_29_29_small.dmp.zip
C:\WINDOWS\system32\L19BC.tmp
C:\WINDOWS\system32\L2594.tmp
C:\WINDOWS\system32\L88A1.tmp
C:\WINDOWS\system32\L914C.tmp
C:\WINDOWS\system32\LD319.tmp
C:\WINDOWS\system32\LD3F4.tmp
C:\WINDOWS\system32\LF45D.tmp
C:\WINDOWS\Internet Logs . . . . failed to delete
C:\WINDOWS\Internet Logs\IAMDB.RDB . . . . failed to delete

.
(((((((((((((((((((((((((   Files Created from 2008-02-28 to 2008-03-30  )))))))))))))))))))))))))))))))
.

2008-03-29 19:38 . 2008-03-29 19:38   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-03-29 19:23 . 2008-03-29 20:45   <DIR>   d--------   C:\SDFix
2008-03-29 16:45 . 2008-03-29 16:45   <DIR>   d--------   C:\Program Files\Sysmnt
2008-03-29 16:45 . 2008-03-29 16:45   <DIR>   d--------   C:\Program Files\stc
2008-03-29 16:45 . 2008-03-29 16:45   32,000   --a------   C:\WINDOWS\winsb.dll
2008-03-29 16:45 . 2008-03-29 16:45   25,088   --a------   C:\WINDOWS\system32\SIPSPI32.dll
2008-03-29 16:45 . 2008-03-29 16:45   20,736   --a------   C:\WINDOWS\shdocpl.dll
2008-03-29 16:45 . 2008-03-29 16:45   19,968   --a------   C:\WINDOWS\system32\shdocpe.dll
2008-03-29 16:45 . 2008-03-29 16:45   16,128   --a------   C:\WINDOWS\system32\MSNSA32.dll
2008-03-29 16:45 . 2008-03-29 16:45   15,360   --a------   C:\WINDOWS\system32\ntnut32.exe
2008-03-29 16:45 . 2008-03-29 16:45   10,496   --a------   C:\WINDOWS\shdocpe.dll
2008-03-29 16:14 . 2008-03-29 17:03   <DIR>   d--------   C:\Program Files\Bat
2008-03-23 08:10 . 2008-03-23 08:10   <DIR>   d--------   C:\WINDOWS\system32\Kaspersky Lab
2008-03-23 08:10 . 2008-03-23 08:10   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-23 02:16 . 2008-03-23 02:18   <DIR>   d--------   C:\ComboFix2
2008-03-22 20:38 . 2008-03-22 20:38   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-15 20:35 . 2008-03-15 20:35   <DIR>   d--------   C:\Program Files\Audible
2008-03-15 20:35 . 2008-03-15 20:35   417,792   --a------   C:\WINDOWS\system32\awrdscdc.ax
2008-03-15 20:31 . 1999-11-17 13:00   25,088   ---------   C:\WINDOWS\system32\CTSVCCTL.EXE
2008-03-15 20:30 . 2008-03-15 20:32   <DIR>   d--h-----   C:\Program Files\Creative Installation Information
2008-03-15 20:30 . 2008-03-15 20:30   <DIR>   d--------   C:\Program Files\Common Files\Creative
2008-03-13 21:06 . 2008-03-13 21:06   <DIR>   d--------   C:\Program Files\Common Files\Motorola Shared
2008-03-13 21:06 . 2008-03-13 21:11   1,609,728   --a------   C:\WINDOWS\MEDB.mdb
2008-03-13 21:06 . 2007-05-01 18:23   528,384   ---------   C:\WINDOWS\system32\VZWDownManager.exe
2008-03-13 21:06 . 2007-05-01 18:23   49,152   ---------   C:\WINDOWS\system32\VZWDLManager.dll
2008-03-13 21:06 . 2007-05-02 04:34   375   ---------   C:\WINDOWS\system32\VZWDLManager.inf
2008-03-13 21:05 . 2008-03-13 21:05   <DIR>   d--------   C:\Program Files\Verizon Wireless
2008-03-12 03:03 . 2008-03-12 03:03   118   --a------   C:\WINDOWS\system32\MRT.INI
2008-02-26 23:00 . 2008-02-26 23:00   <DIR>   d--------   C:\Documents and Settings\Daddy\Application Data\TaxCut
2008-02-26 22:59 . 2008-02-26 22:59   <DIR>   d--------   C:\Program Files\PDF995
2008-02-26 22:57 . 2008-02-26 22:57   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\TaxCut
2008-02-13 00:56 . 2008-02-13 01:03   <DIR>   d--------   C:\Program Files\MTV Virtual World
2008-02-06 19:55 . 2008-02-10 23:04   <DIR>   d--------   C:\Documents and Settings\Daddy\Application Data\Move Networks

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 12:31   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Retrospect
2008-03-23 11:49   ---------   d-----w   C:\Program Files\QuickTime
2008-03-23 11:49   ---------   d-----w   C:\Program Files\MSN Messenger
2008-03-23 11:49   ---------   d-----w   C:\Program Files\Microsoft Works
2008-03-23 11:49   ---------   d-----w   C:\Program Files\Lexmark X5100 Series
2008-03-23 11:49   ---------   d-----w   C:\Program Files\aim
2008-03-23 11:49   ---------   d-----w   C:\Program Files\2Wire
2008-03-16 22:30   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-03-16 00:40   ---------   d-----w   C:\Documents and Settings\Daddy\Application Data\Creative
2008-03-16 00:30   ---------   d-----w   C:\Program Files\Creative
2008-03-16 00:27   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Creative
2008-03-15 02:23   ---------   d-----w   C:\Program Files\Google
2008-03-07 14:21   ---------   d-----w   C:\Program Files\games
2008-02-01 17:12   ---------   d-----w   C:\Program Files\palmOnevisor
2008-01-30 21:25   ---------   d-----w   C:\Program Files\AOD
2008-01-29 02:38   ---------   d-----w   C:\Program Files\AIM6
2008-01-29 02:37   ---------   d-----w   C:\Program Files\Common Files\AOL
2008-01-29 02:28   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL
2008-01-28 04:06   ---------   d-----w   C:\Program Files\Microsoft.NET
2008-01-28 04:01   ---------   d-----w   C:\Program Files\Microsoft SQL Server
2007-04-04 15:11   6,072   ----a-w   C:\Documents and Settings\All Users\Application Data\ypinfo.bin
2005-12-20 01:38   774,144   ----a-w   C:\Program Files\RngInterstitial.dll
2005-02-03 15:14   21   ------w   C:\Documents and Settings\All Users\Application Data\emopts.dat
2005-01-16 18:42   14,682   ------w   C:\WINDOWS\Fonts\nightmare.zip
2005-01-16 18:39   37,852   ------w   C:\WINDOWS\Fonts\skellingtonbats.zip
2004-12-19 12:58   1,042   ----a-w   C:\Program Files\i_view32.ini
2004-09-05 23:02   19,129   ---ha-w   C:\Program Files\i_view32.GID
2004-09-03 18:39   794   ----a-w   C:\Program Files\i_languages.txt
2004-09-03 18:39   7,182   ----a-w   C:\Program Files\i_options.txt
2004-09-03 18:39   661   ----a-w   C:\Program Files\i_view32.exe.manifest
2004-09-03 18:39   48,348   ----a-w   C:\Program Files\i_changes.txt
2004-09-03 18:39   441,856   ----a-w   C:\Program Files\i_view32.exe
2004-09-03 18:39   4,811   ----a-w   C:\Program Files\i_plugins.txt
2004-09-03 18:39   31,744   ----a-w   C:\Program Files\iv_uninstall.exe
2004-09-03 18:39   3,929   ----a-w   C:\Program Files\i_view32.cnt
2004-09-03 18:39   209,922   ----a-w   C:\Program Files\i_view32.hlp
2004-09-03 18:39   2,101   ----a-w   C:\Program Files\i_about.txt
2005-12-28 02:35   56   --sha-r   C:\WINDOWS\system32\5BCB92A0DC.sys
2005-12-29 19:12   4,182   --sha-w   C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((   snapshot_2008-03-29_21.02.20.57   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-30 02:27:38   16,384   ----atw   C:\WINDOWS\temp\Perflib_Perfdata_5b0.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-27 23:52 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-15 19:38 15360]
"AIM"="C:\Program Files\aim\aim.exe" [2008-01-27 23:51 67112]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 20:09 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2003-05-07 04:32 36864 C:\WINDOWS\system32\VTTimer.exe]
"PCTVOICE"="pctspk.exe" [2003-07-17 15:01 180224 C:\WINDOWS\system32\pctspk.exe]
"PV92TRAY"="PV92Tray.exe" [2003-06-24 18:47 311296 C:\WINDOWS\system32\PV92Tray.exe]
"Zone Labs Client"="C:\willi\util\virus stuff\firewalls\zone alarm\ZoneAlarm\zlclient.exe" [2006-03-16 11:34 755480]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\run\ashDisp.exe" [2008-01-15 22:50 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-15 19:37 282624]

C:\Documents and Settings\Daddy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
HotSync Manager.lnk - C:\Program Files\palmOnevisor\HOTSYNC.EXE [2007-08-04 21:33:06 299008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-07-11 01:00:00 122880]
Microsoft Office Shortcut Bar.lnk - C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE [1997-07-11 01:00:00 344064]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11 01:00:00 61440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\willi\util\virus stuff\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\willi\util\virus stuff\SASWINLO.dll 2007-04-19 14:41 294912 C:\willi\util\virus stuff\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2002-02-15 11:51 24638 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask  .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--------- 2003-02-10 03:59 47104 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\aim\\aim.exe"=

R2 portD;ABS PortIO Service;C:\WINDOWS\system32\DRIVERS\portd2k.sys [2003-03-19 09:28]
S3 Apache2.2;Apache2.2;"C:\willi\util\webserver\appache\bin\httpd.exe" -k runservice []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 22:28:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"C:\mysql\bin\mysqld-nt\" --defaults-file=\"C:\mysql\my.ini\" MySQL"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\run\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\run\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\run\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\run\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-03-29 22:36:34 - machine was rebooted
ComboFix-quarantined-files.txt  2008-03-30 02:36:29
ComboFix2.txt  2008-03-30 01:02:54
ComboFix3.txt  2008-03-23 12:06:10
ComboFix4.txt  2008-03-22 15:25:08
ComboFix5.txt  2007-11-16 17:25:15
.
2008-03-12 11:32:47   --- E O F --- 
Logged

 
stiefmaier
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 28


Bookmark and Share

View Profile
« Reply #10 on: March 30, 2008, 02:55:39 AM »

I'm still running slow, actually slower thatn before Angry. Here is my HJT lof

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:50 PM, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\run\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\run\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\run\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\run\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\PV92Tray.exe
C:\willi\util\virus stuff\firewalls\zone alarm\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\run\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\palmOnevisor\HOTSYNC.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\willi\util\VERSIO~1\cs-rcs\System\csrcssrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\willi\util\virus stuff\firewalls\zone alarm\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\run\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOnevisor\HOTSYNC.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Add to Library - {ECDCA4E5-DE44-4b94-8F46-CD0D5B4895FC} - C:\WILLI\UTIL\DRAWING PRGS\AMICUS50\Research\GetTags.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.3.8.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138482238968
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.27/ttinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O20 - Winlogon Notify: !SASWinLogon - C:\willi\util\virus stuff\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\willi\util\webserver\appache\bin\httpd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\run\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\run\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\run\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\run\ashWebSv.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11395 bytes
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #11 on: March 30, 2008, 03:03:07 AM »

I dont see any malware in you log now.Its all cleared.


This will clear away any of the files and folders that were created by ComboFix.

Go to :
Start > Run then copy and paste the following highlighted text below  and click OK.

Quote

ComboFix /u




Now that you are clean,and If you wish to do so, here are a few things that you can do that will help keep your computer a bit more clean and secure..they can be done at your leisure.

Download and scan with CCleaner from http://www.ccleaner.com/downloadbuilds.asp

1. Starting with v1.27.260, http://www.ccleaner.com/downloadbuilds.asp installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free Basic or Slim versions instead of the Standard Build.

2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
Logged

An Australian Member of

EDDY
stiefmaier
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 28


Bookmark and Share

View Profile
« Reply #12 on: March 30, 2008, 03:08:03 AM »

I'm not sure if anyone has ever told you that you rock!!!!!! Grin Both times that I have ever needed  help you were on the spot.   I will most definatly dontate to you.
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #13 on: March 30, 2008, 03:27:07 AM »

Your welcome.Glad to help and thank you for donating.  Grin
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page May 07, 2019, 05:53:03 PM