Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14
  1. #11
    Member
    Join Date
    Jan 2008
    Posts
    10
    Points
    0

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:50:37 AM, on 1/6/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\problems.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tc.columbia.edu/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73} - C:\WINDOWS\system32\jkkhgef.dll
    O2 - BHO: (no name) - {30294042-6A5C-4A5F-8174-7DD32954BB28} - C:\WINDOWS\system32\mllkk.dll (file missing)
    O2 - BHO: (no name) - {4B3520FA-BCB4-4381-975A-302E1B413B31} - C:\WINDOWS\system32\byvts.dll (file missing)
    O2 - BHO: On The Net Search Helper - {4E8F5D76-EF5B-46C8-B35B-C86F8BD6621A} - C:\WINDOWS\system32\memobmkc.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: SpruceBHO - {54DE7259-C729-45B1-BBD8-4BE9B5BD8248} - C:\Program Files\Spruce\Spruce.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: (no name) - {86C510E9-97EF-4749-914F-0280247BE3A6} - (no file)
    O2 - BHO: (no name) - {9B88FADB-881F-437E-8A3E-7FCACE3C6857} - \
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.amazon.ofoto.com/download...1/axofupld.cab
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/c...cab?v=1,0,0,25
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    --
    End of file - 6807 bytes

  2. #12
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    Please do this now ...

    Please download Combofix: http://download.bleepingcomputer.com...a/ComboFix.exe
    and save to the desktop.

    1. Double click on combo.exe & follow the prompts.
    2. When finished, it will produce a logfile located at C:\ComboFix.txt.
    3. Post the contents of that log in your next reply with a new hijackthis log.

    Notes:
    * Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
    * Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  3. #13
    Member
    Join Date
    Jan 2008
    Posts
    10
    Points
    0

    Default

    ComboFix 08-01-07.4 - DebbieSonu 2008-01-06 23:17:51.1 - NTFSx86
    Running from: C:\Documents and Settings\DebbieSonu\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
    C:\Documents and Settings\LocalService\Application Data\NetMon
    C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
    C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
    C:\Program Files\akl
    C:\Program Files\akl\akl.dll
    C:\Program Files\akl\akl.exe
    C:\Program Files\akl\curlog.htm
    C:\Program Files\akl\keylog.txt
    C:\Program Files\akl\readme.txt
    C:\Program Files\akl\uninstall.exe
    C:\Program Files\akl\unsetup.dat
    C:\Program Files\akl\unsetup.exe
    C:\Program Files\amsys
    C:\Program Files\amsys\awmsg.dat
    C:\Program Files\amsys\guid.dat
    C:\Program Files\amsys\ijl15.dll
    C:\Program Files\amsys\mfc42.dll
    C:\Program Files\amsys\msvcrt.dll
    C:\Program Files\amsys\unins000.dat
    C:\Program Files\amsys\unis000.exe
    C:\Program Files\amsys\winam.dat
    C:\Program Files\Common Files\sstem~1
    C:\Program Files\e-zshopper
    C:\Program Files\e-zshopper\BarLcher.dll
    C:\Program Files\p2pnetworks
    C:\Program Files\p2pnetworks\amp2pl.exe
    C:\Program Files\Spruce
    C:\Program Files\Spruce\Spruce.dll
    C:\Program Files\Spruce\Spruce.dll.intermediate.manifest
    C:\Program Files\Spruce\Spruce.exe
    C:\Program Files\Spruce\Spruce.original
    C:\Program Files\Spruce\SpruceRg.dll
    C:\Program Files\Spruce\un_SpruceSetup_17737.exe
    C:\Program Files\Spruce\un_SpruceSetup_17737.txt
    C:\Program Files\Spruce\X_Spruce.exe
    C:\Program Files\Spruce\X_Spruce.log
    C:\Program Files\WinAble
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\temp\tn3
    C:\WINDOWS\7search.dll
    C:\WINDOWS\absolute key logger.lnk
    C:\WINDOWS\aconti.exe
    C:\WINDOWS\aconti.ini
    C:\WINDOWS\aconti.sdb
    C:\WINDOWS\acontidialer.txt
    C:\WINDOWS\adbar.dll
    C:\WINDOWS\b122.exe
    C:\WINDOWS\cbinst$.exe
    C:\WINDOWS\daxtime.dll
    C:\WINDOWS\default.htm
    C:\WINDOWS\dp0.dll
    C:\WINDOWS\eventlowg.dll
    C:\WINDOWS\fhfmm-Uninstaller.exe
    C:\WINDOWS\fhfmm.exe
    C:\WINDOWS\flt.dll
    C:\WINDOWS\Fonts\acrsecB.fon
    C:\WINDOWS\Fonts\acrsecI.fon
    C:\WINDOWS\hcwprn.exe
    C:\WINDOWS\hotporn.exe
    C:\WINDOWS\ie_32.exe
    C:\WINDOWS\jd2002.dll
    C:\WINDOWS\kkcomp$.exe
    C:\WINDOWS\kkcomp.exe
    C:\WINDOWS\kvnab$.exe
    C:\WINDOWS\liqad$.exe
    C:\WINDOWS\liqad.exe
    C:\WINDOWS\liqui-Uninstaller.exe
    C:\WINDOWS\liqui.exe
    C:\WINDOWS\mrofinu1000106.exe
    C:\WINDOWS\mrofinu77.exe
    C:\WINDOWS\ngd.dll
    C:\WINDOWS\settn.dll
    C:\WINDOWS\spredirect.dll
    C:\WINDOWS\system32\ace16win.dll
    C:\WINDOWS\system32\acespy
    C:\WINDOWS\system32\acespy\__acelog.ndx
    C:\WINDOWS\system32\acespy\systune.exe
    C:\WINDOWS\system32\din.ip
    C:\WINDOWS\system32\dpqaqlqx.bin
    C:\WINDOWS\system32\drivers\blank.gif
    C:\WINDOWS\system32\drivers\box_2.gif
    C:\WINDOWS\system32\drivers\button_buynow.gif
    C:\WINDOWS\system32\drivers\button_freescan.gif
    C:\WINDOWS\system32\drivers\cell_bg.gif
    C:\WINDOWS\system32\drivers\cell_footer.gif
    C:\WINDOWS\system32\drivers\cell_header_block.gif
    C:\WINDOWS\system32\drivers\cell_header_remove.gif
    C:\WINDOWS\system32\drivers\cell_header_scan.gif
    C:\WINDOWS\system32\drivers\detect.htm
    C:\WINDOWS\system32\drivers\download_btn.jpg
    C:\WINDOWS\system32\drivers\download_now_btn.gif
    C:\WINDOWS\system32\drivers\fad.sys
    C:\WINDOWS\system32\drivers\footer_back.jpg
    C:\WINDOWS\system32\drivers\header_1.gif
    C:\WINDOWS\system32\drivers\header_2.gif
    C:\WINDOWS\system32\drivers\header_3.gif
    C:\WINDOWS\system32\drivers\header_4.gif
    C:\WINDOWS\system32\drivers\header_red_bg.gif
    C:\WINDOWS\system32\drivers\header_red_free_scan.gif
    C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
    C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
    C:\WINDOWS\system32\drivers\infected.gif
    C:\WINDOWS\system32\drivers\main_back.gif
    C:\WINDOWS\system32\drivers\product_2_header.gif
    C:\WINDOWS\system32\drivers\product_2_name_small.gif
    C:\WINDOWS\system32\drivers\product_features.gif
    C:\WINDOWS\system32\drivers\pt.htm
    C:\WINDOWS\system32\drivers\rating.gif
    C:\WINDOWS\system32\drivers\s_detect.htm
    C:\WINDOWS\system32\drivers\screenshot.jpg
    C:\WINDOWS\system32\drivers\sep_hor.gif
    C:\WINDOWS\system32\drivers\sep_vert.gif
    C:\WINDOWS\system32\drivers\shadow.jpg
    C:\WINDOWS\system32\drivers\shadow_bg.gif
    C:\WINDOWS\system32\drivers\spacer.gif
    C:\WINDOWS\system32\drivers\star.gif
    C:\WINDOWS\system32\drivers\star_gray.gif
    C:\WINDOWS\system32\drivers\star_gray_small.gif
    C:\WINDOWS\system32\drivers\star_small.gif
    C:\WINDOWS\system32\drivers\style.css
    C:\WINDOWS\system32\drivers\v.gif
    C:\WINDOWS\system32\drivers\warning_icon.gif
    C:\WINDOWS\system32\drivers\win_logo.gif
    C:\WINDOWS\system32\drivers\x.gif
    C:\WINDOWS\system32\jkkhgef.dll
    C:\WINDOWS\SYSTEM32\leywcubr.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\SYSTEM32\nscbuhvw.ini
    C:\WINDOWS\system32\p2
    C:\WINDOWS\system32\p2\sukodll22.exe
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\stfv.bin
    C:\WINDOWS\system32\sznf.ascii
    C:\WINDOWS\system32\vxddsk.exe
    C:\WINDOWS\system32\wml.exe
    C:\WINDOWS\system32\z1
    C:\WINDOWS\tmlpcert2005
    C:\WINDOWS\vxddsk.exe
    C:\WINDOWS\wbeInst$.exe
    C:\WINDOWS\wml.exe
    C:\WINDOWS\wnsxs~1
    C:\WINDOWS\wnsxs~1\W?nSxS\
    C:\WINDOWS\xadbrk.exe
    C:\WINDOWS\xadbrk_.exe
    C:\WINDOWS\xxxvideo.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_CORE
    -------\core
    -------\nm


    ((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
    .

    2008-01-06 23:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-05 15:24 . 2008-01-05 15:24 d-------- C:\Program Files\Trend Micro
    2008-01-04 23:14 . 2008-01-05 22:48 d-------- C:\VundoFix Backups
    2008-01-03 16:32 . 2008-01-03 16:32 d-------- C:\Documents and Settings\Administrator.DEBBIE.000\Application Data\SUPERAntiSpyware.com
    2008-01-03 16:24 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
    2008-01-03 16:24 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
    2008-01-03 16:24 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
    2008-01-03 16:24 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
    2008-01-03 16:24 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
    2008-01-03 16:24 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
    2008-01-03 16:23 . 2008-01-03 16:23 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-01-03 16:22 . 2008-01-06 04:49 d-------- C:\Program Files\SUPERAntiSpyware
    2008-01-03 16:22 . 2008-01-03 16:22 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-03 16:22 . 2008-01-03 16:22 d-------- C:\Documents and Settings\DebbieSonu\Application Data\SUPERAntiSpyware.com
    2008-01-03 16:19 . 2008-01-03 16:22 d-------- C:\Program Files\SpywareBlaster
    2008-01-03 06:19 . 2008-01-03 14:29 d-------- C:\Program Files\RogueRemover FREE
    2008-01-03 06:02 . 2008-01-03 14:46 2,192 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
    2008-01-03 01:28 . 2008-01-04 21:37 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-30 01:36 . 2007-02-22 20:50 170,408 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
    2007-12-30 01:36 . 2006-11-30 08:50 72,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
    2007-12-30 01:36 . 2006-11-30 08:50 64,360 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys
    2007-12-30 01:36 . 2006-11-30 08:50 52,136 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfetdik.sys
    2007-12-30 01:36 . 2006-11-30 08:50 34,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
    2007-12-30 01:34 . 2007-12-30 01:34 d-------- C:\Program Files\Common Files\McAfee
    2007-12-30 00:11 . 2008-01-03 15:27 d-------- C:\QUARANTINE
    2007-12-29 23:28 . 2007-12-29 23:28 d-------- C:\Program Files\Common Files\Cisco Systems
    2007-12-29 23:28 . 2007-12-30 01:36 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
    2007-12-29 23:28 . 2006-12-19 15:06 1,495,552 --a------ C:\WINDOWS\SYSTEM32\epoPGPsdk.dll
    2007-12-29 23:28 . 2006-12-19 15:06 280 --a------ C:\WINDOWS\SYSTEM32\epoPGPsdk.dll.sig
    2007-12-29 23:22 . 2007-12-30 01:34 d-------- C:\Program Files\McAfee
    2007-12-29 21:56 . 2007-12-29 21:56 d-------- C:\Program Files\Lavasoft RegHance
    2007-12-29 21:43 . 2007-12-29 21:43 d-------- C:\Program Files\CCleaner
    2007-12-29 21:25 . 2007-12-29 21:25 1,031,139 ---hs---- C:\WINDOWS\SYSTEM32\wxwymgjh.ini
    2007-12-29 20:42 . 2008-01-03 14:54 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
    2007-12-29 20:30 . 2007-12-29 20:30 d-------- C:\Documents and Settings\Administrator.DEBBIE.000\Application Data\Lavasoft
    2007-12-29 20:27 . 2003-12-20 22:29 d--h----- C:\Documents and Settings\Administrator.DEBBIE.000\WLANProfiles
    2007-12-29 20:27 . 2003-12-20 22:39 d-------- C:\Documents and Settings\Administrator.DEBBIE.000\Application Data\Sonic
    2007-12-29 20:27 . 2003-12-20 22:43 d-------- C:\Documents and Settings\Administrator.DEBBIE.000\Application Data\Jasc Software Inc
    2007-12-29 20:20 . 2007-12-29 20:20 4 --a------ C:\WINDOWS\SYSTEM32\jpewocmz.ini
    2007-12-29 20:14 . 2008-01-03 17:05 d--hs---- C:\WINDOWS\RGViYmllU29udQ
    2007-12-29 20:14 . 2007-12-11 13:14 151,552 --a------ C:\WINDOWS\SYSTEM32\rushuthm.exe
    2007-12-29 20:14 . 2007-12-11 13:14 151,552 --a------ C:\WINDOWS\SYSTEM32\bkmoopob.exe
    2007-12-29 20:14 . 2007-12-13 12:25 139,264 --a------ C:\WINDOWS\SYSTEM32\mobjchku.exe
    2007-12-29 20:14 . 2007-12-29 20:14 54,033 --a------ C:\WINDOWS\SYSTEM32\memouint.exe
    2007-12-29 20:13 . 2007-12-29 23:02 d-------- C:\WINDOWS\SYSTEM32\mr9
    2007-12-29 20:13 . 2007-12-30 06:47 d-------- C:\WINDOWS\SYSTEM32\ardCo02
    2007-12-29 20:13 . 2007-12-29 23:02 d-------- C:\WINDOWS\SYSTEM32\aj2
    2007-12-29 20:13 . 2007-12-29 20:13 d-------- C:\Temp\cEeer12
    2007-12-29 20:13 . 2008-01-06 23:26 d-------- C:\Temp
    2007-12-29 20:13 . 2007-12-13 12:13 425,984 --a------ C:\WINDOWS\SYSTEM32\memobmkc.dll
    2007-12-23 20:08 . 2007-12-23 20:08 d-------- C:\Documents and Settings\DebbieSonu\Application Data\Move Networks
    2007-12-20 21:32 . 2007-12-20 21:32 d-------- C:\Program Files\Netflix
    2007-12-19 17:05 . 2007-12-19 17:05 212,992 --a------ C:\WINDOWS\troy44.exe
    2007-12-13 15:07 . 2007-12-13 15:07 3,856 --a------ C:\WINDOWS\crmtemp1.dat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-30 02:56 --------- d-----w C:\Documents and Settings\DebbieSonu\Application Data\Lavasoft
    2007-12-30 02:55 --------- d-----w C:\Program Files\Lavasoft
    2007-12-30 00:55 --------- d-----w C:\Documents and Settings\DebbieSonu\Application Data\EndNote
    2007-12-21 02:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-21 02:42 --------- d-----w C:\Program Files\Common Files\Real
    2007-12-21 02:40 --------- d-----w C:\Program Files\Common Files\AOL
    2007-12-21 02:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
    2007-12-21 02:38 --------- d-----w C:\Program Files\ItsDeductibleEX
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2006-02-24 17:29 29,368 ----a-w C:\Documents and Settings\DebbieSonu\Application Data\GDIPFONTCACHEV1.DAT
    2004-07-26 21:36 784 ----a-w C:\Documents and Settings\DebbieSonu\Application Data\mpauth.dat
    2004-08-25 00:00 10,646 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30294042-6A5C-4A5F-8174-7DD32954BB28}]
    C:\WINDOWS\system32\mllkk.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B3520FA-BCB4-4381-975A-302E1B413B31}]
    C:\WINDOWS\system32\byvts.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E8F5D76-EF5B-46C8-B35B-C86F8BD6621A}]
    2007-12-13 12:13 425984 --a------ C:\WINDOWS\system32\memobmkc.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B88FADB-881F-437E-8A3E-7FCACE3C6857}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 23:05 323584]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48 36975]
    "ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2007-02-22 20:50 112216]
    "McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 11:27 136768]
    "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2003-08-04 19:25 159744]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-26 11:01 4632576]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
    C:\WINDOWS\System32\LgNotify.dll 2003-06-20 08:03 110592 C:\WINDOWS\SYSTEM32\LgNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\986dccf0]
    C:\WINDOWS\system32\hjgmywxw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
    C:\WINDOWS\system32\mwinkldq.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2007-09-05 17:03 267064 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\troy44]
    --a------ 2007-12-19 17:05 212992 C:\WINDOWS\troy44.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
    C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winshow]
    C:\WINDOWS\winshow.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{DC-CC-C5-5F-ZN}]
    c:\windows\system32\kjdsrngr.exe

    S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2004-12-18 20:32]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82d564b1-9a78-11db-aa82-0004239f9826}]
    \Shell\AutoRun\command - D:\LaunchU3.exe -a

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-09-06 07:08:52 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-01-07 04:25:17 C:\WINDOWS\Tasks\McAfee.com Update Check (DEBBIE-DebbieSonu).job"
    - C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    - C:\PROGRA~1\mcafee.com\agent
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-06 23:34:01
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-06 23:38:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-07 04:38:15
    .
    2007-12-12 06:47:52 --- E O F ---

  4. #14
    Member
    Join Date
    Jan 2008
    Posts
    10
    Points
    0

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:52:05 PM, on 1/6/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Trend Micro\HijackThis\problems.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tc.columbia.edu/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {30294042-6A5C-4A5F-8174-7DD32954BB28} - C:\WINDOWS\system32\mllkk.dll (file missing)
    O2 - BHO: (no name) - {4B3520FA-BCB4-4381-975A-302E1B413B31} - C:\WINDOWS\system32\byvts.dll (file missing)
    O2 - BHO: On The Net Search Helper - {4E8F5D76-EF5B-46C8-B35B-C86F8BD6621A} - C:\WINDOWS\system32\memobmkc.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: (no name) - {9B88FADB-881F-437E-8A3E-7FCACE3C6857} - \
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.amazon.ofoto.com/download...1/axofupld.cab
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/c...cab?v=1,0,0,25
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    --
    End of file - 5634 bytes

Page 2 of 2 FirstFirst 12