Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Braidupdate and BrowserAid issues..reoccuring

Started by eric6866 , Nov 17 2007 09:46 PM

  • This topic is locked This topic is locked
No replies to this topic

#1 eric6866

eric6866

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 17 November 2007 - 09:46 PM

Started having very slow clocking and windows error report w/ system log outs few days ago. Have run a variety of scan/repairs incl Ad-Aware, Norton, Vundofix, Combofix, etc.....seems to have resolved multiple problems down to reoccuring Braidupdate and BrowserAid issues....still with system failure error messages and reboots. Below is ...Hijack this....Combofix logs.....Thanks for any help!!!!

Hijackthis log...

Logfile of HijackThis v1.99.1
Scan saved at 9:59:09 PM, on 11/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Eric Mohn\Desktop\alternativ.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Flash Module - {85911752-BC96-4fff-9121-6EB9D8F438E1} - hyperser.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [PTRGMYGK] rundll32.exe ptmg1v.dll,DllRunMain
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [_] c:\windows\system32\drivers\wmq.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AntiSpyware] C:\Program Files\AntiSpywareApp\AntiSpyware.exe -boot
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: C2CMonitor.lnk = C:\Program Files\ClickToConvert\C2CMonitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: HP OfficeJet T Series Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...C_2.3.2.100.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.h...cdetection3.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{25697FDB-B11E-43A9-B296-C5E3C671D0D2}: NameServer = 194.187.192.249
O17 - HKLM\System\CCS\Services\Tcpip\..\{286C1EE3-2CA2-4FA2-A557-D07404A0D1CF}: NameServer = 194.187.192.249
O17 - HKLM\System\CS1\Services\Tcpip\..\{25697FDB-B11E-43A9-B296-C5E3C671D0D2}: NameServer = 194.187.192.249
O17 - HKLM\System\CS2\Services\Tcpip\..\{25697FDB-B11E-43A9-B296-C5E3C671D0D2}: NameServer = 194.187.192.249
O20 - AppInit_DLLs: ?????????? ?????????? ?????????? ?????????? ?????????? skeys.dll svchost.dll statex.dll onksd.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: QVlAlUKVV - {CCFDAF95-6657-053F-81C7-323AB014DA9C} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpoipr07 - Unknown owner - C:\WINDOWS\system32\hpoipr07.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

..................................................................

Combofixlog

ComboFix 07-11-08.3 - Eric Mohn 2007-11-17 21:53:15.5 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\Eric Mohn\Desktop\ComboFix2.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-18 to 2007-11-18 )))))))))))))))))))))))))))))))
.

2007-11-17 20:32 <DIR> d-------- C:\SAV32CLI
2007-11-17 17:55 <DIR> d-------- C:\Program Files\AntiSpywareApp
2007-11-17 17:55 <DIR> d-------- C:\Documents and Settings\Eric Mohn\Application Data\AntiSpyware
2007-11-17 09:55 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-16 18:31 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-16 18:27 <DIR> d-------- C:\Documents and Settings\Eric Mohn\Application Data\AdwareAlert
2007-11-16 09:14 116,224 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwiadr.dll
2007-11-16 09:14 99,865 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xlog.exe
2007-11-16 09:14 27,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxftplt.exe
2007-11-16 09:14 23,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwbtmp.dll
2007-11-16 09:14 17,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxscnui.dll
2007-11-16 09:14 16,970 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xem336n5.sys
2007-11-16 09:14 8,192 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wshirda.dll
2007-11-16 09:14 4,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxflnch.exe
2007-11-16 09:05 98,304 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.dll
2007-11-16 09:05 35,200 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msgame.sys
2007-11-16 09:05 22,016 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msircomm.sys
2007-11-16 09:05 16,128 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\modemcsa.sys
2007-11-16 09:05 12,416 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msriffwv.sys
2007-11-16 09:05 12,160 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mouhid.sys
2007-11-16 09:05 6,528 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\miniqic.sys
2007-11-16 09:05 6,016 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msfsio.sys
2007-11-16 09:05 2,944 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msmpu401.sys
2007-11-16 01:48 66,048 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\s3legacy.dll
2007-11-15 15:10 <DIR> d-------- C:\Documents and Settings\Eric Mohn\Application Data\Grisoft
2007-11-15 15:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-15 15:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-11-15 13:21 <DIR> d-------- C:\VundoFix Backups
2007-11-15 13:15 <DIR> d-------- C:\PollManager
2007-11-15 07:22 22,112 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.sys
2007-11-14 21:45 <DIR> d-------- C:\Documents and Settings\Eric Mohn\Application Data\Symantec
2007-11-14 19:30 <DIR> d-------- C:\Program Files\Norton 360
2007-11-14 19:29 123,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2007-11-14 19:29 60,800 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2007-11-14 19:27 <DIR> d-------- C:\Program Files\Symantec
2007-11-14 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-14 19:20 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-13 18:33 217,088 --ah----- C:\WINDOWS\SYSTEM32\statex.dll
2007-11-13 18:04 <DIR> d-------- C:\Documents and Settings\Administrator.DCSPS341\Application Data\Lavasoft
2007-11-13 18:02 <DIR> d-------- C:\Documents and Settings\Administrator.DCSPS341\Application Data\Sonic
2007-11-13 18:02 <DIR> d-------- C:\Documents and Settings\Administrator.DCSPS341\Application Data\Jasc Software Inc
2007-11-13 17:28 88,816 --a------ C:\WINDOWS\x1.exe
2007-11-13 17:26 28,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wmq.exe
2007-11-13 17:25 4 --a------ C:\WINDOWS\SYSTEM32\ntshmcas.dat
2007-11-13 17:24 12,960 --a------ C:\WINDOWS\SYSTEM32\taskmon.sys
2007-11-13 17:24 334 --a------ C:\WINDOWS\17PHolmes27.exe
2007-11-10 13:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2007-11-05 15:40 <DIR> d-------- C:\Program Files\iTunes
2007-11-05 15:23 <DIR> d----c--- C:\WINDOWS\SYSTEM32\DRVSTORE
2007-11-05 15:23 30,464 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys
2007-11-05 15:22 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-11-05 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 14:56 --------- d-----w C:\Program Files\Java
2007-11-16 07:07 --------- d-----w C:\Program Files\Spyware Doctor
2007-11-16 02:40 4,558 ----a-w C:\WINDOWS\SYSTEM32\tmp.reg
2007-11-16 02:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-15 04:33 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-15 04:33 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-15 00:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-11-14 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 12:59 --------- d-----w C:\Program Files\World of Warcraft
2007-11-05 20:41 --------- d-----w C:\Program Files\iPod
2007-11-05 20:34 --------- d-----w C:\Program Files\QuickTime
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-18 05:16 79,688 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-18 05:16 29,000 ----a-w C:\WINDOWS\system32\drivers\kcom.sys
2007-10-18 05:15 62,280 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-18 05:14 41,288 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-09-18 19:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 19:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 19:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 19:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 19:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 19:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 19:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 19:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 19:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-08-20 10:04 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-08-20 10:04 384,512 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-08-20 10:04 232,960 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-08-20 10:04 230,400 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-08-20 10:04 153,088 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-08-20 10:04 124,928 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-08-20 10:04 105,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-08-20 10:04 102,400 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2006-05-29 13:50 118,411 ---h--w C:\Documents and Settings\Eric Mohn\Application Data\ptads.bin
2006-05-21 00:30 118,411 ---h--w C:\Documents and Settings\Melisa Mohn\Application Data\ptads.bin
2007-06-13 10:23:07 88,816 --sh--r C:\WINDOWS\SYSTEM32\netsbcfu.exe
.

((((((((((((((((((((((((((((( snapshot@2007-11-16_18.42.02.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-04-08 07:07:00 274,168 ------w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2007-11-17 18:02:43 268,600 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
- 2004-01-08 07:12:05 24,670 ------w C:\WINDOWS\SYSTEM32\java.exe
+ 2007-09-25 03:30:28 135,168 ----a-w C:\WINDOWS\SYSTEM32\java.exe
- 2004-01-08 07:12:05 28,768 ------w C:\WINDOWS\SYSTEM32\javaw.exe
+ 2007-09-25 03:30:30 135,168 ----a-w C:\WINDOWS\SYSTEM32\javaw.exe
+ 2007-09-25 04:31:42 139,264 ----a-w C:\WINDOWS\SYSTEM32\javaws.exe
- 2007-11-15 06:28:49 53,436 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2007-11-16 23:44:21 53,436 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2007-11-15 06:28:49 381,692 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2007-11-16 23:44:21 381,692 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85911752-BC96-4fff-9121-6EB9D8F438E1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 02:04]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 02:01]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 11:27]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 20:47]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-01-08 02:25]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 11:05]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 07:44]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-12 08:23]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 15:41]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2004-02-02 03:41]
"PTRGMYGK"="ptmg1v.dll" [2006-02-19 22:27 C:\WINDOWS\SYSTEM32\ptmg1v.dll]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 08:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 08:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 08:36]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"_"="c:\windows\system32\drivers\wmq.exe" [2007-11-13 17:25]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"AntiSpyware"="C:\Program Files\AntiSpywareApp\AntiSpyware.exe" [2007-10-12 13:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-01-28 21:03:59]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-01-08 02:24:15]
C2CMonitor.lnk - C:\Program Files\ClickToConvert\C2CMonitor.exe [2004-11-20 16:07:17]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-01-08 02:21:24]
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMremind.exe [2004-02-28 12:57:40]
HP OfficeJet T Series Startup.lnk - C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe [2005-05-01 10:34:45]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56]
TotalMedia Backup Monitor.lnk - C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2007-07-26 17:41:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=?????????? ?????????? ?????????? ?????????? ?????????? skeys.dll svchost.dll statex.dll onksd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

S2 hpoipr07;hpoipr07;C:\WINDOWS\system32\hpoipr07.exe
S3 EraserUtilDrv10710;EraserUtilDrv10710;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10710.sys
S3 noskrnl.sys;noskrnl.sys;\??\C:\WINDOWS\system32\noskrnl.sys
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 taskmon.sys;taskmon.sys;\??\C:\WINDOWS\system32\taskmon.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\CDStart.Exe
\Shell\Install\Command - D:\Stub.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-11-17 23:14:47 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
"2007-11-18 02:33:30 C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job"
- C:\Program Files\AntiSpywareApp\AntiSpyware.exe
"2007-11-11 17:03:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2004-09-24 23:06:30 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe
"2004-09-24 23:13:49 C:\WINDOWS\Tasks\WebReg 20040924181349.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 21:56:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-17 21:57:34
C:\ComboFix2.txt ... 2007-11-17 16:52
C:\ComboFix3.txt ... 2007-11-17 10:19
.
--- E O F ---

    Advertisements

Register to Remove

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·