WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] please help!

Started by scottydog , Dec 22 2007 12:51 PM

This topic is locked

6 replies to this topic

#1 scottydog

New Member

New Member
3 posts

Posted 22 December 2007 - 12:51 PM

Hello there

I've had a nightmare of a week and found out that someone has got hold of my debit card and spent so much of my money I'm in around £4000 debt

The signs are good that the bank is refunding me but as it stands I cannot buy any decent antispyware at the moment!!!
I run zone labs firewall, avg antivirus and spyware, search and destroy and lavasoft I thought this would be ok but zonelabs gave me a 15 day trial and detected more trojans!! (VXgamet) It was unable to remove it and forced me to click an option to "ignore"!!!!!
I was speechless!!!!
Below is a log from hijack this, please could ANYBODY advise which programmes could be nasty?! Also I don't seem to be able to fully remove a trial version of spysweeper that would only scan my pc...any suggestions?!

ok here goes...

Logfile of HijackThis v1.99.1
Scan saved at 18:33:15, on 22/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DeltTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Fujifilm Card Reader\shwicon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar4.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShowIcon_Fujifilm_Fujifilm Digital Memory Card Reader 7 in 1 DCR-71] "C:\Program Files\Fujifilm Card Reader\shwicon.exe" -t"Fujifilm\Fujifilm Digital Memory Card Reader 7 in 1 DCR-71"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Documents and Settings\Administrator\My Documents\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Documents and Settings\Administrator\My Documents\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Documents and Settings\Administrator\My Documents\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Documents and Settings\Administrator\My Documents\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Documents and Settings\Administrator\My Documents\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Documents and Settings\Administrator\My Documents\ieSpell\iespell.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrad...raderMediaX.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.liv...es/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37800.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by8fd.bay8.ho...ex/HMAtchmt.ocx
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

thanks

Scott.

Advertisements

Register to Remove

#2 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 22 December 2007 - 01:45 PM

Hello and Welcome to the forum.

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Please do not delete anything unless instructed to.

Next:

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Next:

Download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop**
--------------------------------------------------------------------

Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
Please do not re-connect your machine back to the Internet until Combofix has completely finished.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#3 scottydog

New Member

New Member
3 posts

Posted 23 December 2007 - 05:54 AM

Hi there!
Thank you for getting back to me and sorry for the late reply with this

Just for reference when I was running combofix a message came up early on and it said the google had prevented another programme from changing your internet settings. I thought it would be best to pass this on incase it may have a knock on effect to the log posted below?

ran atf cleaner and here is the log from combofix

ComboFix 07-12-21.4 - Administrator 2007-12-23 11:24:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.171 [GMT 0:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\RECYCLER\svwhost.exe.bak

.
((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 )))))))))))))))))))))))))))))))
.

2007-12-22 17:18 . 2007-01-18 12:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-12-22 16:11 . 2007-12-22 16:11 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-12-22 16:11 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-21 17:17 . 2005-05-20 00:58 356,352 --a------ C:\WINDOWS\system32\eSellerateEngine.dll
2007-12-21 17:17 . 2004-02-11 18:27 102,912 --a------ C:\WINDOWS\system32\islzma.dll
2007-12-21 17:17 . 2003-06-06 10:21 81,920 --a------ C:\WINDOWS\system32\eSellerateControl350.dll
2007-12-21 17:17 . 2005-11-18 12:05 78,336 --a------ C:\WINDOWS\system32\drivers\ssi.sys
2007-12-21 16:32 . 2007-12-21 16:32 <DIR> d-------- C:\Program Files\Webroot
2007-12-21 16:32 . 2007-12-21 16:32 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-12-21 16:32 . 2007-12-21 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-12-21 16:32 . 2007-12-21 16:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-12-21 16:32 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2007-12-21 16:32 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-12-21 16:32 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-12-21 16:32 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-12-21 16:32 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-12-21 16:30 . 2007-12-21 16:30 164 --a------ C:\install.dat
2007-12-19 19:27 . 2007-12-20 15:18 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-19 19:27 . 2007-12-23 11:33 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-19 19:27 . 2007-12-19 19:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2007-12-19 19:27 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-19 19:27 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-19 19:27 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-19 19:27 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-19 19:27 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-19 19:25 . 2007-12-19 20:54 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-12-19 19:24 . 2007-12-23 11:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-16 17:13 . 2007-12-16 17:13 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2007-12-04 18:29 . 2007-12-04 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Musicnotes
2007-12-04 01:33 . 2007-12-04 01:33 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 . 2007-12-04 01:33 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 . 2007-12-04 01:33 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 . 2007-12-04 01:33 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2007-12-04 01:33 . 2007-12-04 01:33 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2007-11-30 16:21 . 2007-12-20 15:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-30 16:21 . 2007-11-30 16:21 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-29 22:30 . 2007-11-29 22:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30 . 2007-11-29 22:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:30 . 2007-11-29 22:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 . 2007-11-29 22:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 . 2007-11-29 22:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-11-29 22:28 . 2007-11-29 22:28 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-11-29 22:28 . 2007-11-29 22:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 . 2007-11-29 22:28 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2007-11-29 22:28 . 2007-11-29 22:28 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2007-11-28 21:55 . 2007-11-28 21:55 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 . 2007-11-28 21:53 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 . 2007-11-28 21:53 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 . 2007-11-28 21:53 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 . 2007-11-28 21:53 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:53 . 2007-11-28 21:53 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 . 2007-11-28 21:53 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:52 . 2007-11-28 21:52 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-25 11:58 . 2007-11-25 11:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sibelius Software
2007-11-25 11:54 . 2007-11-25 11:54 <DIR> d-------- C:\Program Files\Sibelius Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-23 08:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-22 18:12 --------- d-----w C:\Program Files\Apple Software Update
2007-12-22 16:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-21 16:34 68,943,060 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-21 16:23 --------- d-----w C:\Program Files\Java Web Start
2007-12-21 16:23 --------- d-----w C:\Program Files\DivX
2007-12-21 16:23 --------- d-----w C:\Program Files\aod
2007-12-19 20:09 --------- d-----w C:\Program Files\Lycos
2007-12-19 20:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lycos
2007-12-19 19:26 --------- d-----w C:\Program Files\Google
2007-12-19 17:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2007-11-14 16:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-06 17:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-06 17:27 --------- d-----w C:\Program Files\Canon
2007-11-03 12:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Canon
2007-10-25 15:46 --------- d-----w C:\Program Files\PeaZip
2007-03-28 18:45 25,752,376 ----a-w C:\Program Files\wmp11-windowsxp-x86-enu.exe
2007-03-21 16:41 14,731,088 ----a-w C:\Program Files\DivXInstaller.exe
2006-11-07 19:27 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2004-12-30 09:20 3,276,296 ----a-w C:\Program Files\BSINSTALL.exe
2004-03-24 19:25 6,377,789 ----a-w C:\Program Files\vlc-0.7.1-win32.exe
2001-03-28 11:02 122,880 ----a-w C:\WINDOWS\inf\AGFA\message.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-16 17:13 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-16 17:13 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 02:41]
"NvMediaCenter"="RUNDLL32.exe" [2001-08-23 12:00 C:\WINDOWS\system32\rundll32.exe]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2004-05-28 15:22]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-19 19:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeltTray"="DeltTray.exe" [2004-08-26 22:43 C:\WINDOWS\system32\delttray.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 09:16]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-05 16:23]
"ShowIcon_Fujifilm_Fujifilm Digital Memory Card Reader 7 in 1 DCR-71"="C:\Program Files\Fujifilm Card Reader\shwicon.exe" [2003-01-27 15:20]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2007-10-01 16:40]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 02:41]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 09:22]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-06-07 15:15:10]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-19 19:24:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
C:\WINDOWS\TBPanel.exe /A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
2002-11-08 14:50 98304 --a------ C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows auto update]
msblast.exe

R0 ppa;Iomega Parallel Port Filter Driver;C:\WINDOWS\System32\DRIVERS\ppa.sys [2001-08-17 12:53]
R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\System32\Drivers\SSFS0BB9.SYS [2007-10-01 16:24]
R1 Asapi;Asapi;C:\WINDOWS\System32\drivers\Asapi.sys [2000-01-08 09:22]

*Newly Created Service* - SHAREDACCESS
.
Contents of the 'Scheduled Tasks' folder
"2007-12-22 17:44:20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-19 19:25:32 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-12-21 16:32:25 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- A:\
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-23 11:32:39
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-23 11:35:50 - machine was rebooted

here is the new log from hijack this.....................................

ComboFix 07-12-21.4 - Administrator 2007-12-23 11:24:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.171 [GMT 0:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\RECYCLER\svwhost.exe.bak

.
((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 )))))))))))))))))))))))))))))))
.

2007-12-22 17:18 . 2007-01-18 12:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-12-22 16:11 . 2007-12-22 16:11 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-12-22 16:11 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-21 17:17 . 2005-05-20 00:58 356,352 --a------ C:\WINDOWS\system32\eSellerateEngine.dll
2007-12-21 17:17 . 2004-02-11 18:27 102,912 --a------ C:\WINDOWS\system32\islzma.dll
2007-12-21 17:17 . 2003-06-06 10:21 81,920 --a------ C:\WINDOWS\system32\eSellerateControl350.dll
2007-12-21 17:17 . 2005-11-18 12:05 78,336 --a------ C:\WINDOWS\system32\drivers\ssi.sys
2007-12-21 16:32 . 2007-12-21 16:32 <DIR> d-------- C:\Program Files\Webroot
2007-12-21 16:32 . 2007-12-21 16:32 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-12-21 16:32 . 2007-12-21 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-12-21 16:32 . 2007-12-21 16:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-12-21 16:32 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2007-12-21 16:32 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-12-21 16:32 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-12-21 16:32 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-12-21 16:32 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-12-21 16:30 . 2007-12-21 16:30 164 --a------ C:\install.dat
2007-12-19 19:27 . 2007-12-20 15:18 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-19 19:27 . 2007-12-23 11:33 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-19 19:27 . 2007-12-19 19:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2007-12-19 19:27 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-19 19:27 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-19 19:27 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-19 19:27 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-19 19:27 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-19 19:25 . 2007-12-19 20:54 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-12-19 19:24 . 2007-12-23 11:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-16 17:13 . 2007-12-16 17:13 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2007-12-04 18:29 . 2007-12-04 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Musicnotes
2007-12-04 01:33 . 2007-12-04 01:33 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 . 2007-12-04 01:33 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 . 2007-12-04 01:33 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 . 2007-12-04 01:33 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2007-12-04 01:33 . 2007-12-04 01:33 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2007-11-30 16:21 . 2007-12-20 15:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-30 16:21 . 2007-11-30 16:21 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-29 22:30 . 2007-11-29 22:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30 . 2007-11-29 22:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:30 . 2007-11-29 22:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 . 2007-11-29 22:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 . 2007-11-29 22:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-11-29 22:28 . 2007-11-29 22:28 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-11-29 22:28 . 2007-11-29 22:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 . 2007-11-29 22:28 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2007-11-29 22:28 . 2007-11-29 22:28 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2007-11-28 21:55 . 2007-11-28 21:55 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 . 2007-11-28 21:53 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 . 2007-11-28 21:53 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 . 2007-11-28 21:53 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 . 2007-11-28 21:53 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:53 . 2007-11-28 21:53 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 . 2007-11-28 21:53 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:52 . 2007-11-28 21:52 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-25 11:58 . 2007-11-25 11:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sibelius Software
2007-11-25 11:54 . 2007-11-25 11:54 <DIR> d-------- C:\Program Files\Sibelius Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-23 08:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-22 18:12 --------- d-----w C:\Program Files\Apple Software Update
2007-12-22 16:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-21 16:34 68,943,060 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-21 16:23 --------- d-----w C:\Program Files\Java Web Start
2007-12-21 16:23 --------- d-----w C:\Program Files\DivX
2007-12-21 16:23 --------- d-----w C:\Program Files\aod
2007-12-19 20:09 --------- d-----w C:\Program Files\Lycos
2007-12-19 20:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lycos
2007-12-19 19:26 --------- d-----w C:\Program Files\Google
2007-12-19 17:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2007-11-14 16:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-06 17:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-06 17:27 --------- d-----w C:\Program Files\Canon
2007-11-03 12:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Canon
2007-10-25 15:46 --------- d-----w C:\Program Files\PeaZip
2007-03-28 18:45 25,752,376 ----a-w C:\Program Files\wmp11-windowsxp-x86-enu.exe
2007-03-21 16:41 14,731,088 ----a-w C:\Program Files\DivXInstaller.exe
2006-11-07 19:27 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2004-12-30 09:20 3,276,296 ----a-w C:\Program Files\BSINSTALL.exe
2004-03-24 19:25 6,377,789 ----a-w C:\Program Files\vlc-0.7.1-win32.exe
2001-03-28 11:02 122,880 ----a-w C:\WINDOWS\inf\AGFA\message.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-16 17:13 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-16 17:13 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 02:41]
"NvMediaCenter"="RUNDLL32.exe" [2001-08-23 12:00 C:\WINDOWS\system32\rundll32.exe]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2004-05-28 15:22]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-19 19:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeltTray"="DeltTray.exe" [2004-08-26 22:43 C:\WINDOWS\system32\delttray.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 09:16]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-05 16:23]
"ShowIcon_Fujifilm_Fujifilm Digital Memory Card Reader 7 in 1 DCR-71"="C:\Program Files\Fujifilm Card Reader\shwicon.exe" [2003-01-27 15:20]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2007-10-01 16:40]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 02:41]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 09:22]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-06-07 15:15:10]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-19 19:24:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
C:\WINDOWS\TBPanel.exe /A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
2002-11-08 14:50 98304 --a------ C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows auto update]
msblast.exe

R0 ppa;Iomega Parallel Port Filter Driver;C:\WINDOWS\System32\DRIVERS\ppa.sys [2001-08-17 12:53]
R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\System32\Drivers\SSFS0BB9.SYS [2007-10-01 16:24]
R1 Asapi;Asapi;C:\WINDOWS\System32\drivers\Asapi.sys [2000-01-08 09:22]

*Newly Created Service* - SHAREDACCESS
.
Contents of the 'Scheduled Tasks' folder
"2007-12-22 17:44:20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-19 19:25:32 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-12-21 16:32:25 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- A:\
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-23 11:32:39
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-23 11:35:50 - machine was rebooted

#4 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 23 December 2007 - 07:26 AM

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\msblast.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows auto update]

Save this as Save this as "CFScript"

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

Then post the results log and a new HijackThis log.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#5 scottydog

New Member

New Member
3 posts

Posted 23 December 2007 - 08:09 AM

Hi LD

OK, I dragged and dropped the CFScript file into combofix and it started automatically so incase the new logfile is of any help I have attached it BELOW this 'hijack this' log.... Also in answer to your question the pc seems to run as normal but I lost my internet connection through fire fox, I tried explorer and that didn't work either and I had to restart the pc to get it to work?
I ran a few applications and the only problem I noted was 'word' took quite a while to close the first time round, but was fine when I tried it again.
Sadly I have to leave very soon to visit family for christmas so apologies in advance if I am unable to contact you for a few days. Rest assured my first job home will be to log in and follow your advice

Wishing you a happy christmas!!!!!!

scott.

ok here's the new HJT LOG

Logfile of HijackThis v1.99.1
Scan saved at 13:51:00, on 23/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\DeltTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Fujifilm Card Reader\shwicon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar4.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShowIcon_Fujifilm_Fujifilm Digital Memory Card Reader 7 in 1 DCR-71] "C:\Program Files\Fujifilm Card Reader\shwicon.exe" -t"Fujifilm\Fujifilm Digital Memory Card Reader 7 in 1 DCR-71"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Documents and Settings\Administrator\My Documents\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Documents and Settings\Administrator\My Documents\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Documents and Settings\Administrator\My Documents\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Documents and Settings\Administrator\My Documents\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Documents and Settings\Administrator\My Documents\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Documents and Settings\Administrator\My Documents\ieSpell\iespell.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrad...raderMediaX.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.liv...es/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37800.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by8fd.bay8.ho...ex/HMAtchmt.ocx
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

AS MENTIONED HERES EXTRA LOG FROM NEW SCAN WITH COMBOFIX...

ComboFix 07-12-21.4 - Administrator 2007-12-23 13:33:27.2 - NTFSx86
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\msblast.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 )))))))))))))))))))))))))))))))
.

2007-12-22 17:18 . 2007-01-18 12:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-12-22 16:11 . 2007-12-22 16:11 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-12-22 16:11 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-21 17:17 . 2005-05-20 00:58 356,352 --a------ C:\WINDOWS\system32\eSellerateEngine.dll
2007-12-21 17:17 . 2004-02-11 18:27 102,912 --a------ C:\WINDOWS\system32\islzma.dll
2007-12-21 17:17 . 2003-06-06 10:21 81,920 --a------ C:\WINDOWS\system32\eSellerateControl350.dll
2007-12-21 17:17 . 2005-11-18 12:05 78,336 --a------ C:\WINDOWS\system32\drivers\ssi.sys
2007-12-21 16:32 . 2007-12-21 16:32 <DIR> d-------- C:\Program Files\Webroot
2007-12-21 16:32 . 2007-12-21 16:32 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-12-21 16:32 . 2007-12-21 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-12-21 16:32 . 2007-12-21 16:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-12-21 16:32 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2007-12-21 16:32 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-12-21 16:32 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-12-21 16:32 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-12-21 16:32 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-12-21 16:30 . 2007-12-21 16:30 164 --a------ C:\install.dat
2007-12-19 19:27 . 2007-12-20 15:18 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-19 19:27 . 2007-12-23 11:35 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-19 19:27 . 2007-12-19 19:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2007-12-19 19:27 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-19 19:27 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-19 19:27 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-19 19:27 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-19 19:27 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-19 19:25 . 2007-12-19 20:54 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-12-19 19:24 . 2007-12-23 11:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-16 17:13 . 2007-12-16 17:13 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2007-12-04 18:29 . 2007-12-04 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Musicnotes
2007-12-04 01:33 . 2007-12-04 01:33 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 . 2007-12-04 01:33 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 . 2007-12-04 01:33 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 . 2007-12-04 01:33 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2007-12-04 01:33 . 2007-12-04 01:33 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2007-11-30 16:21 . 2007-12-20 15:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-30 16:21 . 2007-11-30 16:21 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-29 22:30 . 2007-11-29 22:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30 . 2007-11-29 22:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:30 . 2007-11-29 22:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 . 2007-11-29 22:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 . 2007-11-29 22:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-11-29 22:28 . 2007-11-29 22:28 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-11-29 22:28 . 2007-11-29 22:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 . 2007-11-29 22:28 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2007-11-29 22:28 . 2007-11-29 22:28 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2007-11-28 21:55 . 2007-11-28 21:55 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 . 2007-11-28 21:53 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 . 2007-11-28 21:53 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 . 2007-11-28 21:53 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 . 2007-11-28 21:53 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:53 . 2007-11-28 21:53 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 . 2007-11-28 21:53 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:52 . 2007-11-28 21:52 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-25 11:58 . 2007-11-25 11:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sibelius Software
2007-11-25 11:54 . 2007-11-25 11:54 <DIR> d-------- C:\Program Files\Sibelius Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-23 08:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-22 18:12 --------- d-----w C:\Program Files\Apple Software Update
2007-12-22 16:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-21 16:34 68,943,060 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-21 16:23 --------- d-----w C:\Program Files\Java Web Start
2007-12-21 16:23 --------- d-----w C:\Program Files\DivX
2007-12-21 16:23 --------- d-----w C:\Program Files\aod
2007-12-19 20:09 --------- d-----w C:\Program Files\Lycos
2007-12-19 20:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lycos
2007-12-19 19:26 --------- d-----w C:\Program Files\Google
2007-12-19 17:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2007-11-14 16:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-14 16:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-11-06 17:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-06 17:27 --------- d-----w C:\Program Files\Canon
2007-11-03 12:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Canon
2007-10-25 15:46 --------- d-----w C:\Program Files\PeaZip
2007-10-20 00:56 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-10-20 00:56 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-10-20 00:56 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-03-28 18:45 25,752,376 ----a-w C:\Program Files\wmp11-windowsxp-x86-enu.exe
2007-03-21 16:41 14,731,088 ----a-w C:\Program Files\DivXInstaller.exe
2006-11-07 19:27 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2004-12-30 09:20 3,276,296 ----a-w C:\Program Files\BSINSTALL.exe
2004-03-24 19:25 6,377,789 ----a-w C:\Program Files\vlc-0.7.1-win32.exe
2001-03-28 11:02 122,880 ----a-w C:\WINDOWS\inf\AGFA\message.exe
.

((((((((((((((((((((((((((((( snapshot@2007-12-23_11.34.02.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-22 17:23:13 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2007-12-23 11:44:34 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-16 17:13 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-16 17:13 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 02:41]
"NvMediaCenter"="RUNDLL32.exe" [2001-08-23 12:00 C:\WINDOWS\system32\rundll32.exe]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2004-05-28 15:22]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-19 19:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeltTray"="DeltTray.exe" [2004-08-26 22:43 C:\WINDOWS\system32\delttray.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 09:16]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-05 16:23]
"ShowIcon_Fujifilm_Fujifilm Digital Memory Card Reader 7 in 1 DCR-71"="C:\Program Files\Fujifilm Card Reader\shwicon.exe" [2003-01-27 15:20]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2007-10-01 16:40]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 02:41]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 09:22]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-06-07 15:15:10]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-19 19:24:46]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
C:\WINDOWS\TBPanel.exe /A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
2002-11-08 14:50 98304 --a------ C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

R0 ppa;Iomega Parallel Port Filter Driver;C:\WINDOWS\System32\DRIVERS\ppa.sys [2001-08-17 12:53]
R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\System32\Drivers\SSFS0BB9.SYS [2007-10-01 16:24]
R1 Asapi;Asapi;C:\WINDOWS\System32\drivers\Asapi.sys [2000-01-08 09:22]

*Newly Created Service* - SHAREDACCESS
.
Contents of the 'Scheduled Tasks' folder
"2007-12-22 17:44:20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-19 19:25:32 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-12-21 16:32:25 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- A:\
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-23 13:41:05
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-23 13:43:42
C:\ComboFix2.txt ... 2007-12-23 11:35

THANKS!!!!!

#6 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 23 December 2007 - 08:21 AM

That all looks good. You need to run windows updates and update to XP2.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#7 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 31 December 2007 - 09:43 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

Body Background

skin color theme