|
|
|
Help...trojan/virus/dialer??
|
|
|
yathino
Newbie
|
6. September 2008 @ 07:36 |
Link to this message
|
anyone able to help? I have a problem with browser, when i search and then click on link, it brings me somewhere else altogether. I get something in the address bar like "go-google....." then a long string of text. It happens in firefox and IE. Also can't defrag or error check either. Must be a trojan of some sort, AVG found some and deleted also tried Adaware for Malware/spyware but still have the problem. Doesn't affect guest a/c or limited a/c only admin a/c
|
|
Advertisement
|
 |
|
|
Senior Member
|
6. September 2008 @ 09:32 |
Link to this message
|
Hi yathino
First, please boot into safe mode (repeatedly press F8 after you press the power button) and run an AVG scan. Post a log here.
Next, please download the HijackThis zip file. Save it onto a convenient place in your computer, and then unzip the file.
Rename HijackThis(.exe) to scanner(.exe).
Next, run scanner(.exe). A window will pop up.
? Click on the button which says Main Menu, then Do a system scan and save a logfile.
? Please wait for the scan to be completed.
? After the scan has completed, a text window will pop up. Please post the contents of this window here.
This will also be located at hijackthis(.txt) in the same folder that HijackThis was originally saved.
NOTE:: Do not fix anything using HijackThis, as this may also damage legitimate components of your computer.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
yathino
Newbie
|
15. September 2008 @ 19:02 |
Link to this message
|
Hi again,
This is the AVG log run in 'safe mode'
AVG 8.0 Anti-Virus command line scanner
Copyright (c) 1992 - 2008 AVG Technologies
Program version 8.0.145, engine 8.0.0
Virus Database: Version 270.6.21/1673 2008-09-15
HKLM\SOFTWARE\Classes\ADM25.ADM25 Found Adware.Altnet
HKLM\SOFTWARE\Classes\ADM4.ADM4 Found Adware.Altnet
HKLM\SOFTWARE\Classes\AppID\adm.EXE Found Adware.Altnet
C:\35fef008455d220da28b48071324\msxml4-KB927978-enu.log Locked file. Not tested.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Administrator\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\Administrator\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Pat\ Locked file. Not tested.
C:\found.000\dir0000.chk\Petz 5.exe.mdmp Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\Program Files\InstallShield Installation Information\{89ACA875-BDB9-443C-B7C7-D74D3BDE8FE2}\setup.ilg Locked file. Not tested.
C:\Program Files\KService\data\thumbnails\Thumbs.db Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\WINDOWS\system32\CatRoot2\edb.log Locked file. Not tested.
C:\WINDOWS\system32\CatRoot2\tmp.edb Locked file. Not tested.
C:\WINDOWS\system32\config\default Locked file. Not tested.
C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SAM Locked file. Not tested.
C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\software Locked file. Not tested.
C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\system Locked file. Not tested.
C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.
------------------------------------------------------------
Objects scanned : 518927
Found infections : 0
Found PUPs : 0
Healed infections : 0
Healed PUPs : 0
Warnings : 3
------------------------------------------------------------
|
|
yathino
Newbie
|
15. September 2008 @ 19:28 |
Link to this message
|
and heres the HIJACKTHID LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:23:16, on 16/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Pat\Desktop\HiJackThis\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...html?p=ZJman000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.download.com
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 9510 bytes
|
|
yathino
Newbie
|
15. September 2008 @ 19:31 |
Link to this message
|
|
Hope you can help cdavfrew and Thank You!
|
Senior Member
|
16. September 2008 @ 10:11 |
Link to this message
|
Hey yathino
Now, please download Combofix.
With Combofix, at the download window, please rename it to Combo-fix(.exe) before downloading it.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.
? Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
? Wait for the scan to be completed.
? If it requires a reboot, please do it.
? After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Do not click on the Comobofix window, as it may cause it to stall.
After that, post a new HIjackThis log, and tell me how's your computer doing.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
yathino
Newbie
|
16. September 2008 @ 18:03 |
Link to this message
|
ComboFix 08-09-15.02 - Pat 2008-09-16 22:36:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1002 [GMT 1:00]
Running from: C:\Documents and Settings\Pat\Desktop\Combo-Fix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Lauren\Cookies\lauren@cubics[1].txt
C:\Documents and Settings\Lauren\Cookies\lauren@peach.bskyb[3].txt
C:\Program Files\Need2Find
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\tdssservers.dat
.
((((((((((((((((((((((((( Files Created from 2008-08-16 to 2008-09-16 )))))))))))))))))))))))))))))))
.
2008-09-16 22:34 . 2008-09-16 22:34 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-11 21:28 . 2008-09-11 21:28 <DIR> d--hs---- C:\Documents and Settings\Lauren\PrivacIE
2008-09-11 19:11 . 2008-09-11 19:11 <DIR> d-------- C:\Documents and Settings\Lauren\Application Data\AVGTOOLBAR
2008-09-10 22:59 . 2008-09-10 22:59 <DIR> d--hs---- C:\Documents and Settings\Pat\PrivacIE
2008-09-10 22:41 . 2008-09-10 22:42 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-09-10 22:00 . 2008-09-10 22:00 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\AVGTOOLBAR
2008-09-10 21:59 . 2008-09-16 21:43 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-10 21:59 . 2008-09-10 21:59 <DIR> d-------- C:\Program Files\AVG
2008-09-10 21:59 . 2008-09-14 23:02 <DIR> d-------- C:\Documents and Settings\Pat\Application Data\AVGTOOLBAR
2008-09-10 21:59 . 2008-09-10 23:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-10 21:59 . 2008-09-10 21:59 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-10 21:59 . 2008-09-10 21:59 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-09 23:27 . 2008-09-10 22:43 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-09-07 22:51 . 2008-09-13 22:52 <DIR> d-------- C:\Documents and Settings\Lauren\Application Data\FreeCall
2008-09-07 14:08 . 2008-09-11 21:16 <DIR> d-------- C:\Documents and Settings\Lauren\Application Data\skypePM
2008-09-07 00:26 . 2008-09-07 00:26 <DIR> d-------- C:\Documents and Settings\Lauren\Application Data\SUPERAntiSpyware.com
2008-09-06 15:05 . 2008-09-06 15:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-06 15:04 . 2008-09-16 00:15 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-06 15:04 . 2008-09-16 00:15 <DIR> d-------- C:\Documents and Settings\Pat\Application Data\SUPERAntiSpyware.com
2008-09-05 17:11 . 2008-09-05 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-05 17:04 . 2008-09-05 22:29 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-04 00:09 . 2005-05-24 11:29 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-09-04 00:09 . 2005-05-24 11:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2008-09-04 00:09 . 2005-05-24 11:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-09-04 00:09 . 2005-05-24 11:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-09-04 00:09 . 2008-09-10 21:59 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-03 21:00 . 2008-09-03 21:00 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\HPAppData
2008-09-03 20:50 . 2008-09-03 20:50 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData
2008-08-29 22:52 . 2008-08-29 22:52 <DIR> d-------- C:\Program Files\CardRecovery
2008-08-28 23:05 . 2008-05-16 06:10 25,272 --a------ C:\WINDOWS\system32\drivers\purendis.sys
2008-08-28 23:05 . 2008-05-16 06:10 23,992 --a------ C:\WINDOWS\system32\drivers\pnarp.sys
2008-08-22 04:08 . 2007-03-08 05:20 282,624 -ra------ C:\WINDOWS\system32\HPZc3212.dll
2008-08-22 03:16 . 2008-08-22 03:16 637,984 -----c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-22 03:15 . 2008-08-22 03:15 1,216,512 --------- C:\WINDOWS\system32\ieframe.dll.mui
2008-08-22 03:14 . 2008-08-22 03:14 10,240 --------- C:\WINDOWS\system32\advpack.dll.mui
2008-08-22 03:08 . 2008-08-22 03:08 1,415,680 -----c--- C:\WINDOWS\system32\dllcache\inetcpl.cpl
2008-08-22 03:08 . 2008-08-22 03:08 236,544 -----c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2008-08-22 03:08 . 2008-08-22 03:08 43,008 -----c--- C:\WINDOWS\system32\dllcache\licmgr10.dll
2008-08-22 03:07 . 2008-08-22 03:07 116,224 -----c--- C:\WINDOWS\system32\dllcache\occache.dll
2008-08-22 03:07 . 2008-08-22 03:07 105,984 -----c--- C:\WINDOWS\system32\dllcache\url.dll
2008-08-22 03:07 . 2008-08-22 03:07 18,944 -----c--- C:\WINDOWS\system32\dllcache\corpol.dll
2008-08-22 03:06 . 2008-08-22 03:06 385,024 -----c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2008-08-22 03:06 . 2008-08-22 03:06 228,864 -----c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2008-08-22 03:06 . 2008-08-22 03:06 163,840 -----c--- C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-22 03:06 . 2008-08-22 03:06 162,304 -----c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-22 03:06 . 2008-08-22 03:06 128,512 -----c--- C:\WINDOWS\system32\dllcache\advpack.dll
2008-08-22 03:06 . 2008-08-22 03:06 124,928 -----c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2008-08-22 03:06 . 2008-08-22 03:06 72,704 -----c--- C:\WINDOWS\system32\dllcache\admparse.dll
2008-08-22 03:06 . 2008-08-22 03:06 71,680 -----c--- C:\WINDOWS\system32\dllcache\iesetup.dll
2008-08-22 03:06 . 2008-08-22 03:06 55,808 -----c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2008-08-22 03:05 . 2008-08-22 03:05 48,640 --------- C:\WINDOWS\system32\PrivacIE.dll
2008-08-22 03:05 . 2008-08-22 03:05 48,128 -----c--- C:\WINDOWS\system32\dllcache\mshtmler.dll
2008-08-22 03:05 . 2008-08-22 03:05 35,840 -----c--- C:\WINDOWS\system32\dllcache\imgutil.dll
2008-08-22 03:04 . 2008-08-22 03:04 1,659,392 -----c--- C:\WINDOWS\system32\dllcache\mshtml.tlb
2008-08-22 03:04 . 2008-08-22 03:04 66,560 -----c--- C:\WINDOWS\system32\dllcache\tdc.ocx
2008-08-22 03:04 . 2008-08-22 03:04 45,568 -----c--- C:\WINDOWS\system32\dllcache\mshta.exe
2008-08-22 03:00 . 2008-08-22 03:00 68,608 -----c--- C:\WINDOWS\system32\dllcache\hmmapi.dll
2008-08-22 02:57 . 2008-08-22 02:57 156,160 -----c--- C:\WINDOWS\system32\dllcache\msls31.dll
2008-08-22 02:20 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-08-22 02:20 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 21:17 --------- d-----w C:\Documents and Settings\Pat\Application Data\Skype
2008-09-16 20:44 --------- d-----w C:\Documents and Settings\Pat\Application Data\skypePM
2008-09-11 21:15 --------- d-----w C:\Documents and Settings\Lauren\Application Data\Skype
2008-09-11 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-05 21:27 --------- d-----w C:\Program Files\HP
2008-09-05 21:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-09-05 21:24 --------- d-----w C:\Program Files\VideoLAN
2008-09-05 21:22 --------- d--h--w C:\Documents and Settings\Pat\Application Data\Move Networks
2008-08-28 22:05 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2008-08-22 02:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-22 02:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-08-22 02:07 18,944 ----a-w C:\WINDOWS\system32\corpol.dll
2008-08-22 02:06 72,704 ----a-w C:\WINDOWS\system32\admparse.dll
2008-08-22 02:06 71,680 ----a-w C:\WINDOWS\system32\iesetup.dll
2008-08-22 02:06 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-08-22 02:05 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-08-22 02:05 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
2008-08-22 02:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-08-22 01:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-08-08 14:44 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-07 14:03 --------- d-----w C:\Documents and Settings\Pat\Application Data\HPAppData
2008-08-05 16:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-31 19:28 --------- d-----w C:\Documents and Settings\Lauren\Application Data\HPAppData
2008-07-29 16:22 --------- d-----w C:\Program Files\Sky
2008-07-29 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-07-29 16:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\EdAlive
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 17:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-18 15:37 87,608 ----a-w C:\Documents and Settings\Pat\Application Data\ezpinst.exe
2008-05-18 15:37 47,360 ----a-w C:\Documents and Settings\Pat\Application Data\pcouffin.sys
2008-02-29 20:18 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-08-17 17:02 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-29 53248]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-11 118784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-13 185784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-05 413696]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-10 1235736]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-01-21 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP50"= SP5X_32.DLL
"VIDC.SP51"= SP5X_32.DLL
"VIDC.SP52"= SP5X_32.DLL
"VIDC.SP53"= SP5X_32.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"New.net Startup"=rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21561:TCP"= 21561:TCP:BitComet 21561 TCP
"21561:UDP"= 21561:UDP:BitComet 21561 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-10 97928]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-10 231704]
S2 Ca504av;Mega Camera, WDM Video Capture;C:\WINDOWS\system32\Drivers\Ca504av.sys [ ]
S3 SPC610NC;SPC 610NC Laptop Camera;C:\WINDOWS\system32\DRIVERS\SPC610NC.SYS [2005-09-07 151040]
S3 USBCamera;Mega Camera Still Image Capture, Version 1.00;C:\WINDOWS\system32\Drivers\Bulk504.sys [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f73b5c40-b49d-11dc-a21c-00166f11acc0}]
\Shell\AutoRun\command - E:\wd_windows_tools\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\qwkyov5m.default\
FF -: plugin - C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_01\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_01\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_01\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_01\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_01\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_01\bin\NPJPI150_01.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_01\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 22:41:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\TEMP\831e9412-ec8e-49a8-87e3-d51ed52d1e15.tmp
C:\WINDOWS\TEMP\a131cc09-58cb-4fa8-8b38-5ed6e1d95a8f.tmp
scan completed successfully
hidden files: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv]
"imagepath"="\systemroot\system32\drivers\TDSSserv.sys"
.
Completion time: 2008-09-16 22:42:26
ComboFix-quarantined-files.txt 2008-09-16 21:41:58
Pre-Run: 18,822,385,664 bytes free
Post-Run: 19,554,213,888 bytes free
247 --- E O F --- 2008-09-13 09:04:52
|
|
yathino
Newbie
|
16. September 2008 @ 18:07 |
Link to this message
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:56, on 16/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Documents and Settings\Pat\Desktop\HiJackThis\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...html?p=ZJman000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.download.com
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 9078 bytes
|
|
yathino
Newbie
|
16. September 2008 @ 18:14 |
Link to this message
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:56, on 16/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Documents and Settings\Pat\Desktop\HiJackThis\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...html?p=ZJman000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.download.com
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 9078 bytes
|
Senior Member
|
17. September 2008 @ 05:22 |
Link to this message
|
Hey yathino
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.
Open Notepad and copy/paste the text in the code box below into it:
Folder::
C:\Program Files\NewDotNet
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"New.net Startup"=-
Save this as CFScript.txt in the same folder as ComboFix.
Then drag the CFScript.txt into Combo-Fix.exe.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the ComboFix log here. The log will be located at C:\ComboFix(.txt).
Do not click on the ComoboFix window, as it may cause it to stall.
After that, tell me what problems you still have left.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
yathino
Newbie
|
17. September 2008 @ 17:37 |
Link to this message
|
Hi....Thanks for this... Its running very slow and something is using up resources even though it says nothing is running. heres the log
ComboFix 08-09-15.02 - Pat 2008-09-17 22:24:12.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.972 [GMT 1:00]
Running from: C:\Documents and Settings\Pat\Desktop\combifix\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Pat\Desktop\combifix\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Pat\Cookies\pat@peach.bskyb[2].txt
.
((((((((((((((((((((((((( Files Created from 2008-08-17 to 2008-09-17 )))))))))))))))))))))))))))))))
.
2008-09-16 23:53 . 2008-09-17 22:20 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-16 23:40 . 2008-06-23 17:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-16 23:40 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-09-16 23:40 . 2007-03-08 06:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-09-16 23:40 . 2008-06-23 17:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-09-16 23:40 . 2008-06-23 17:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-09-16 23:40 . 2008-06-23 17:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-09-16 23:40 . 2008-06-23 17:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-09-16 23:40 . 2008-06-23 17:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-09-16 23:40 . 2008-06-23 10:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-09-16 23:39 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-09-16 22:34 . 2008-09-17 00:47 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-11 21:28 . 2008-09-11 21:28 <DIR> d--hs---- C:\Documents and Settings\Lauren\PrivacIE
2008-09-11 19:11 . 2008-09-11 19:11 <DIR> d-------- C:\Documents and Settings\Lauren\Application Data\AVGTOOLBAR
2008-09-10 22:59 . 2008-09-10 22:59 <DIR> d--hs---- C:\Documents and Settings\Pat\PrivacIE
2008-09-10 22:41 . 2007-08-13 18:45 78,336 --a------ C:\WINDOWS\system32\ieencode.dll
2008-09-10 22:00 . 2008-09-10 22:00 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\AVGTOOLBAR
2008-09-10 21:59 . 2008-09-17 13:48 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-10 21:59 . 2008-09-10 21:59 <DIR> d-------- C:\Program Files\AVG
2008-09-10 21:59 . 2008-09-14 23:02 <DIR> d-------- C:\Documents and Settings\Pat\Application Data\AVGTOOLBAR
2008-09-10 21:59 . 2008-09-10 23:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-10 21:59 . 2008-09-10 21:59 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-10 21:59 . 2008-09-10 21:59 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-09 23:27 . 2008-09-17 03:01 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-09-07 22:51 . 2008-09-13 22:52 <DIR> d-------- C:\Documents and Settings\Lauren\Application Data\FreeCall
2008-09-07 14:08 . 2008-09-11 21:16 <DIR> d-------- C:\Documents and Settings\Lauren\Application Data\skypePM
2008-09-07 00:26 . 2008-09-07 00:26 <DIR> d-------- C:\Documents and Settings\Lauren\Application Data\SUPERAntiSpyware.com
2008-09-06 15:05 . 2008-09-06 15:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-06 15:04 . 2008-09-16 00:15 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-06 15:04 . 2008-09-16 00:15 <DIR> d-------- C:\Documents and Settings\Pat\Application Data\SUPERAntiSpyware.com
2008-09-05 17:11 . 2008-09-05 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-05 17:04 . 2008-09-05 22:29 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-04 00:09 . 2005-05-24 11:29 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-09-04 00:09 . 2005-05-24 11:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2008-09-04 00:09 . 2005-05-24 11:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-09-04 00:09 . 2005-05-24 11:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-09-04 00:09 . 2008-09-10 21:59 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-03 21:00 . 2008-09-03 21:00 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\HPAppData
2008-09-03 20:50 . 2008-09-03 20:50 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData
2008-08-29 22:52 . 2008-08-29 22:52 <DIR> d-------- C:\Program Files\CardRecovery
2008-08-28 23:05 . 2008-05-16 06:10 25,272 --a------ C:\WINDOWS\system32\drivers\purendis.sys
2008-08-28 23:05 . 2008-05-16 06:10 23,992 --a------ C:\WINDOWS\system32\drivers\pnarp.sys
2008-08-22 04:08 . 2007-03-08 05:20 282,624 -ra------ C:\WINDOWS\system32\HPZc3212.dll
2008-08-22 02:20 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-08-22 02:20 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 21:17 --------- d-----w C:\Documents and Settings\Pat\Application Data\Skype
2008-09-16 20:44 --------- d-----w C:\Documents and Settings\Pat\Application Data\skypePM
2008-09-11 21:15 --------- d-----w C:\Documents and Settings\Lauren\Application Data\Skype
2008-09-11 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-05 21:27 --------- d-----w C:\Program Files\HP
2008-09-05 21:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-09-05 21:24 --------- d-----w C:\Program Files\VideoLAN
2008-09-05 21:22 --------- d--h--w C:\Documents and Settings\Pat\Application Data\Move Networks
2008-08-28 22:05 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2008-08-08 14:44 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-07 14:03 --------- d-----w C:\Documents and Settings\Pat\Application Data\HPAppData
2008-08-05 16:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-31 19:28 --------- d-----w C:\Documents and Settings\Lauren\Application Data\HPAppData
2008-07-29 16:22 --------- d-----w C:\Program Files\Sky
2008-07-29 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-07-29 16:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\EdAlive
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 17:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-18 15:37 87,608 ----a-w C:\Documents and Settings\Pat\Application Data\ezpinst.exe
2008-05-18 15:37 47,360 ----a-w C:\Documents and Settings\Pat\Application Data\pcouffin.sys
2008-02-29 20:18 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-08-17 17:02 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.
((((((((((((((((((((((((((((( snapshot@2008-09-16_22.41.34.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 12:00:00 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-04 12:00:00 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-04 12:00:00 35,328 -c--a-w C:\WINDOWS\ie7\corpol.dll
+ 2006-06-03 11:40:49 33,792 -c--a-w C:\WINDOWS\ie7\custsat.dll
+ 2008-06-23 15:38:30 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2008-06-23 15:38:30 205,312 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2008-06-23 15:38:30 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-04 12:00:00 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-04 12:00:00 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-04 12:00:00 139,264 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-04 12:00:00 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
+ 2004-08-04 12:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-04 12:00:00 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
+ 2008-06-23 09:49:29 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-04 12:00:00 81,920 -c--a-w C:\WINDOWS\ie7\ieencode.dll
+ 2008-06-23 15:38:31 251,392 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-04 12:00:00 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-04 12:00:00 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-04 12:00:00 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-04 12:00:00 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
+ 2008-06-23 15:38:31 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2007-12-18 14:40:58 450,560 -c--a-w C:\WINDOWS\ie7\jscript.dll
+ 2008-06-23 15:38:31 16,384 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-04 12:00:00 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-04 12:00:00 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
+ 2008-06-23 15:38:33 3,059,712 -c--a-w C:\WINDOWS\ie7\mshtml.dll
+ 2008-06-23 15:38:33 449,024 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-04 12:00:00 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
+ 2004-08-04 12:00:00 146,432 -c--a-w C:\WINDOWS\ie7\msls31.dll
+ 2008-06-23 15:38:33 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
+ 2008-06-23 15:38:33 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-04 12:00:00 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
+ 2008-06-23 15:38:33 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-08-13 17:54:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-13 17:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 16:43:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 16:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-04 12:00:00 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
+ 2008-06-23 15:38:34 615,936 -c--a-w C:\WINDOWS\ie7\urlmon.dll
+ 2007-12-18 14:40:58 417,792 -c--a-w C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-04 12:00:00 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
+ 2008-06-23 15:38:34 659,456 -c--a-w C:\WINDOWS\ie7\wininet.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 17:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
+ 2007-07-12 23:31:54 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-v2-IE7\vgx.dll
+ 2007-08-13 17:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll
+ 2007-08-13 17:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll.000
+ 2007-08-13 17:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll
+ 2007-08-13 17:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll
+ 2007-08-13 17:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll
+ 2007-08-13 17:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll
+ 2007-08-13 17:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe
+ 2007-08-13 17:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe.000
+ 2007-08-13 17:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll
+ 2007-08-13 17:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll.000
+ 2007-08-13 17:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll
+ 2007-08-13 17:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll.000
+ 2007-08-13 16:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll
+ 2007-08-13 16:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll.000
+ 2007-02-12 15:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dat
+ 2007-07-11 11:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll
+ 2007-08-13 17:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll
+ 2007-08-13 17:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll.000
+ 2007-08-13 17:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll
+ 2007-08-13 17:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll
+ 2007-08-13 17:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll.000
+ 2007-08-13 17:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll
+ 2007-08-13 17:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe
+ 2007-08-13 17:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
+ 2007-08-13 17:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe.000
+ 2007-08-13 17:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll
+ 2007-08-13 17:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll
+ 2007-08-13 17:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll
+ 2007-08-13 17:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll
+ 2007-08-13 17:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll
+ 2007-08-13 17:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll
+ 2007-08-13 17:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll
+ 2007-08-13 17:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll
+ 2007-08-13 17:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll.000
+ 2007-08-13 17:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll
+ 2007-08-13 17:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll
+ 2007-08-13 17:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll.000
+ 2007-08-13 17:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll
+ 2007-08-13 17:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll
+ 2007-08-13 17:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll.000
+ 2007-08-13 17:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
+ 2006-06-03 11:40:49 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
- 2008-08-22 02:06:30 72,704 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2007-08-13 17:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2008-08-22 02:06:16 128,512 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-06-23 16:57:27 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-08-22 02:07:08 18,944 ----a-w C:\WINDOWS\system32\corpol.dll
+ 2004-08-04 12:00:00 35,328 ------w C:\WINDOWS\system32\corpol.dll
- 2008-08-22 02:06:30 72,704 -c----w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2007-08-13 17:39:20 71,680 -c----w C:\WINDOWS\system32\dllcache\admparse.dll
- 2008-08-22 02:06:16 128,512 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-06-23 16:57:27 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-08-22 02:07:08 18,944 -c----w C:\WINDOWS\system32\dllcache\corpol.dll
+ 2007-08-13 17:42:54 17,408 -c----w C:\WINDOWS\system32\dllcache\corpol.dll
- 2008-08-22 02:05:16 346,624 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-06-23 16:57:27 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-08-22 02:05:10 217,088 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-06-23 16:57:27 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-06-23 15:38:30 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-06-23 16:57:27 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-08-22 02:00:28 68,608 -c----w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-08-13 17:18:02 60,416 -c----w C:\WINDOWS\system32\dllcache\hmmapi.dll
- 2008-08-22 02:06:24 162,304 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-06-23 09:20:25 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-08-22 02:06:36 124,928 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-06-23 16:57:29 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-08-22 02:06:40 228,864 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-06-23 16:57:29 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-08-22 02:06:24 163,840 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-08-22 02:06:44 385,024 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-06-23 16:57:29 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-06-23 09:49:29 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 17:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 17:45:18 78,336 -c----w C:\WINDOWS\system32\dllcache\ieencode.dll
- 2008-08-22 02:05:24 186,880 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-13 17:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-08-22 02:06:20 55,808 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-06-23 16:57:33 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-08-22 02:06:24 71,680 -c----w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2007-08-13 17:39:12 55,296 -c----w C:\WINDOWS\system32\dllcache\iesetup.dll
- 2008-08-22 02:16:40 637,984 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-06-23 09:20:52 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-08-22 02:05:14 35,840 -c----w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2007-08-13 17:36:06 36,352 -c----w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2008-08-22 02:06:16 94,720 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-13 17:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2008-08-22 02:06:30 552,960 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-08-13 17:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2008-08-22 02:06:58 28,672 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-23 16:57:35 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-08-22 02:08:00 43,008 -c----w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2007-08-13 17:44:18 40,960 -c----w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2008-02-26 11:59:50 294,912 -c----w C:\WINDOWS\system32\dllcache\msctf.dll
- 2008-08-22 02:04:54 45,568 -c----w C:\WINDOWS\system32\dllcache\mshta.exe
+ 2007-08-13 17:32:30 45,568 -c----w C:\WINDOWS\system32\dllcache\mshta.exe
- 2008-08-22 02:09:32 5,699,584 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-06-24 09:57:40 3,592,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-08-22 02:05:08 70,656 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-06-23 16:57:39 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-08-22 02:05:00 48,128 -c----w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2007-08-13 17:01:12 48,128 -c----w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2008-08-22 01:57:56 156,160 -c----w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2007-08-13 17:54:10 156,160 -c----w C:\WINDOWS\system32\dllcache\msls31.dll
- 2008-08-22 02:07:50 193,536 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-06-23 16:57:39 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-08-22 02:05:34 630,272 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-06-23 16:57:40 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-08-22 02:07:50 116,224 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-06-23 16:57:40 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-08-22 02:05:14 45,056 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-06-23 16:57:40 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-08-22 02:07:58 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-06-23 16:57:40 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2008-08-22 02:08:22 1,206,784 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-23 16:57:40 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-08-22 02:06:36 434,176 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-08-13 17:54:10 413,696 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2008-08-22 02:07:20 755,200 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2008-05-27 17:23:58 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2008-08-22 02:08:08 236,544 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-06-23 16:57:41 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-08-22 02:08:06 878,592 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-06-23 16:57:41 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-08-22 02:05:16 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-06-23 16:57:27 347,136 ------w C:\WINDOWS\system32\dxtmsft.dll
- 2008-08-22 02:05:10 217,088 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-06-23 16:57:27 214,528 ------w C:\WINDOWS\system32\dxtrans.dll
- 2008-06-23 15:38:30 55,808 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-06-23 16:57:27 133,120 ------w C:\WINDOWS\system32\extmgr.dll
- 2008-08-22 02:05:20 61,952 ------w C:\WINDOWS\system32\icardie.dll
+ 2008-06-23 16:57:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-08-22 02:06:24 162,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-06-23 09:20:25 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2008-08-22 02:06:36 124,928 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-06-23 16:57:29 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2008-08-22 02:06:40 228,864 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-06-23 16:57:29 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2008-08-22 02:06:24 163,840 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-06-21 05:23:54 161,792 ------w C:\WINDOWS\system32\ieakui.dll
- 2008-07-29 21:58:08 3,670,112 ------w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
- 2008-08-22 01:42:22 443,392 ------w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-06-23 16:57:29 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-08-22 02:06:44 385,024 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-06-23 16:57:29 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2008-08-22 02:10:34 11,985,408 ------w C:\WINDOWS\system32\ieframe.dll
+ 2008-06-23 16:57:33 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-08-22 02:05:24 186,880 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-13 17:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-08-22 02:06:20 55,808 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-06-23 16:57:33 44,544 ------w C:\WINDOWS\system32\iernonce.dll
- 2008-08-22 02:06:02 1,778,688 ------w C:\WINDOWS\system32\iertutil.dll
+ 2008-06-23 16:57:34 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-08-22 02:06:24 71,680 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-13 17:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
- 2008-08-22 02:06:24 36,864 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-08-22 01:58:12 181,760 ------w C:\WINDOWS\system32\ieui.dll
+ 2007-08-13 17:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
- 2008-08-22 02:05:14 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2007-08-13 17:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2008-08-22 02:06:16 94,720 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-13 17:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2008-08-22 02:06:30 552,960 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-08-13 17:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2008-08-22 02:06:58 28,672 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-06-23 16:57:35 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
- 2008-08-22 02:08:00 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-13 17:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
- 2004-08-04 12:00:00 294,400 ------w C:\WINDOWS\system32\MSCTF.dll
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
- 2008-08-22 02:05:48 580,608 ------w C:\WINDOWS\system32\msfeeds.dll
+ 2008-06-23 16:57:36 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-08-22 02:05:22 53,760 ------w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-06-23 16:57:36 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-08-22 02:05:22 13,312 ------w C:\WINDOWS\system32\msfeedssync.exe
+ 2007-08-13 17:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
- 2008-08-22 02:04:54 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2007-08-13 17:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2008-08-22 02:09:32 5,699,584 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-06-24 09:57:40 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-08-22 02:05:08 70,656 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-06-23 16:57:39 477,696 ------w C:\WINDOWS\system32\mshtmled.dll
- 2008-08-22 02:05:00 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-13 17:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2008-08-22 01:57:56 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2007-08-13 17:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2008-08-22 02:07:50 193,536 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-06-23 16:57:39 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2008-08-22 02:05:34 630,272 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-06-23 16:57:40 671,232 ------w C:\WINDOWS\system32\mstime.dll
- 2008-08-22 02:07:50 116,224 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-06-23 16:57:40 102,912 ------w C:\WINDOWS\system32\occache.dll
- 2008-08-22 02:05:14 45,056 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-06-23 16:57:40 44,544 ------w C:\WINDOWS\system32\pngfilt.dll
- 2008-08-22 02:07:58 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-08-22 02:08:22 1,206,784 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-08-22 02:06:36 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-08-13 17:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2004-08-04 12:00:00 49,152 ------w C:\WINDOWS\system32\wdigest.dll
+ 2006-03-24 04:37:50 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
- 2008-08-22 02:08:08 236,544 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-06-23 16:57:41 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-08-22 02:08:22 208,384 ------w C:\WINDOWS\system32\WinFXDocObj.exe
+ 2007-08-13 17:45:16 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-29 53248]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-11 118784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-13 185784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-05 413696]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-10 1235736]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-01-21 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP50"= SP5X_32.DLL
"VIDC.SP51"= SP5X_32.DLL
"VIDC.SP52"= SP5X_32.DLL
"VIDC.SP53"= SP5X_32.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21561:TCP"= 21561:TCP:BitComet 21561 TCP
"21561:UDP"= 21561:UDP:BitComet 21561 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-10 97928]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-10 231704]
S2 Ca504av;Mega Camera, WDM Video Capture;C:\WINDOWS\system32\Drivers\Ca504av.sys [ ]
S3 SPC610NC;SPC 610NC Laptop Camera;C:\WINDOWS\system32\DRIVERS\SPC610NC.SYS [2005-09-07 151040]
S3 USBCamera;Mega Camera Still Image Capture, Version 1.00;C:\WINDOWS\system32\Drivers\Bulk504.sys [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f73b5c40-b49d-11dc-a21c-00166f11acc0}]
\Shell\AutoRun\command - E:\wd_windows_tools\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-17 22:27:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-17 22:28:32
ComboFix-quarantined-files.txt 2008-09-17 21:28:15
ComboFix2.txt 2008-09-16 21:42:28
Pre-Run: 18,427,764,736 bytes free
Post-Run: 18,415,742,976 bytes free
453 --- E O F --- 2008-09-17 12:50:01
|
Senior Member
|
18. September 2008 @ 08:57 |
Link to this message
|
Hmmm... let's see what else we can clean up with a scanner.
Please download Superantispyware Free and install it. Follow the prompts and reboot if required.
Launch Superantispyware Free either by running C:\Program Files\SUPERANTISPYWARE.exe or right-click on the SuperAntispyware icon in your task bar (it looks like a bug) and click on Scan for Spyware, Adware, Malware...
Configuring SuperAntispyware
? Click on Preferences.
? In the tab General and Startup, make sure the box Start SuperAntispyware when Windows starts is unchecked. This will prevent SuperAntispyware from starting everytime, because it may interfere with other fixes that may be run.
? Navigate to the tab Scanning Control.
? Make sure only these boxes are checked:
Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
Scan Alternate Data Streams
Use Kernel Direct File Access (recommended)
Use Kernel Direct Registry Access (recommended)
Use Direct Disk Access (recommended)
? Click on Close.
Updating SuperAntispyware
? At the main window, click on Check for Updates....
? Wait for SuperAntispyware to be fully updated.
Scanning Time
? Boot into safe mode by repeatedly pressing the F8 key after you press the power button. If safe mode does not work, tell me and do the scan in normal mode.
? Launch SuperAntispyware.
? At the main window, click on Scan your Computer....
? Make sure all drives (excluding CD drives) are checked, select Perform Complete Scan, and then click on Next.
? Wait for the scan to complete, and then click on Next>. This will quarantine and remove all detected items.
? Reboot your computer.
Post A Log
? Launch SuperAntispyware
? Click on Preferences
? Navigate to the tab Statistics/Logs.
? Choose the latest scan log, and the click on View Log....
? Copy and paste the contents of the log here in your next post.
After that, post a new HijackThis log here.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
yathino
Newbie
|
18. September 2008 @ 18:17 |
Link to this message
|
|
I did as you said and ran SUPERAntiSpyware in safe mode
when I rebooted there was no log in the Statistics/Logs?
What to do next?
|
|
yathino
Newbie
|
19. September 2008 @ 05:24 |
Link to this message
|
I ran superspyware again in normal mode and here's the report. Also I keep getting trojan virus poping up but AVG is finding it.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/19/2008 at 00:16 AM
Application Version : 4.21.1004
Core Rules Database Version : 3571
Trace Rules Database Version: 1559
Scan type : Complete Scan
Total Scan Time : 00:57:42
Memory items scanned : 431
Memory threats detected : 0
Registry items scanned : 6644
Registry threats detected : 0
File items scanned : 77379
File threats detected : 12
Adware.Tracking Cookie
C:\Documents and Settings\Pat\Cookies\pat@statcounter[2].txt
C:\Documents and Settings\Pat\Cookies\pat@adtech[1].txt
C:\Documents and Settings\Pat\Cookies\pat@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\Pat\Cookies\pat@ie-stat.bmmetrix[1].txt
C:\Documents and Settings\Pat\Cookies\pat@2o7[2].txt
C:\Documents and Settings\Pat\Cookies\pat@microsoftinternetexplorer.112.2o7[1].txt
C:\Documents and Settings\Pat\Cookies\pat@www.googleadservices[1].txt
C:\Documents and Settings\Pat\Cookies\pat@ad.yieldmanager[1].txt
C:\Documents and Settings\Pat\Cookies\pat@ehg-debenhams.hitbox[1].txt
C:\Documents and Settings\Pat\Cookies\pat@doubleclick[1].txt
C:\Documents and Settings\Pat\Cookies\pat@hitbox[2].txt
C:\Documents and Settings\Pat\Cookies\pat@adopt.euroclick[1].txt
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
This is the Hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:44:37, on 19/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Pat\Desktop\HiJackThis\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...html?p=ZJman000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.download.com
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 9709 bytes
|
Senior Member
|
19. September 2008 @ 08:30 |
Link to this message
|
AVG is still detecting trojans? That's bad... How is the trojan being detected? What is the file name?
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
yathino
Newbie
|
19. September 2008 @ 12:22 |
Link to this message
|
|
Thanks again for your help
infection Trojan horse dropper.Bravix.A
C:/System volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP9\A0001050.dll
|
Senior Member
|
20. September 2008 @ 03:59 |
Link to this message
|
Ah hah!
The trojan which AVG detects is part of System Restore, and is harmless to your computer.
Please flush your system restore by turning it off, and then turn it back on.
Any more problems?
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
Advertisement
|
|
|
|
yathino
Newbie
|
20. September 2008 @ 08:40 |
Link to this message
|
|
I did that and am running another scan.
Thanks for all your help.
Will let you know if I have any problems.
:)
|
|
