WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] Trojans, AdWare, Worm, IE went crazy...HELP

Started by IAmSusie3 , Apr 29 2008 10:08 AM

This topic is locked

54 replies to this topic

#1 IAmSusie3

Authentic Member

Authentic Member
55 posts

Posted 29 April 2008 - 10:08 AM

Ok..I am pretty much clueless about computer terminology, but I am smart and catch on quickly. So you will need to be very patient with me and use detailed descriptions for me to follow. I signed into Internet Explorer and it went crazy. Stuff was popping up everywhere. So I went to "CTRL-ALT-DEL" and a lot of stuff was running that shouldn't have been, and there were a lot of processes running that I knew weren't supposed to be there. So then I went to IE to the history...(this is after closing a lot of the processes that were not supposed to be there) and finally got it opened. I clicked on "today"...and "order visited". There was so much stuff on there and I know I hadn't been to those sites! So I went to yahoo answers and found this site. I followed some instructions about downloading the ATF Cleaner by Atribune - did that....Then the next step was to download Malwarebytes Anti Malware. I followed all those instructions. The log file said there were 133 infected files. Examples: AdWare.commAD, Trojan.DNSChanger, Trojan.Vundo, Trojan.Insider,Trojan.Downloader, Trojan.BHO, Trojan.Agent, Trojan.Network, AdWare.Shopping, AdWare.Funweb, Rogue.BugDoctor, Malware.Trace, Trojan.Dropper, AdWare.TargetServer, AdWare.ISM, Trojan.NetMon, Worm.OnlineG, Trojan.Service to name a few. Anyway, I followed the instructions and "removed selected" (which was all). In the Logfile I saved, there were about 15 or 16 that said "delete on reboot". I have no idea how to do that. But my processess seem to not have all those bad ones in it. So something must be working. Would somebody please help me fix this and get rid of this virus stuff? I noticed that everybody lists those things in "applications" and "processes" and other stuff. I have no idea how to do that so I'll need help there, too. Also, how did this happen? What did I do wrong? And why do people attach these viruses and stuff to people's computers? How can it be fun for them if they can't see how angry I am? What's the excitement in it for them? I just don't get it!!! Please help...Thanks

Advertisements

Register to Remove

#2 gringo_pr

Silver Member

Visiting Fellow
423 posts

Posted 03 May 2008 - 06:02 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

Sorry about the delay in responding

The forums have been very busy

If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread.

:install hijackthis:

Download HJTInstall.exe to your Desktop.
Doubleclick HJTInstall.exe to install it.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Copy/Paste the log to your next reply please.

Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Also please make an uninstall list and post that as well

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.

Gringo

#3 IAmSusie3

Authentic Member

Authentic Member
55 posts

Posted 04 May 2008 - 03:47 PM

Ok...I did the "install hijackthis" thing you told me to do...and now, I'm going to copy and paste it. Hopefully, this will work.

OH MY GOSH....IT ACTUALLY WORKED!!!! SO, HERE YOU GO.

Now, I'm going to do the next step of "make an uninstall list using hijack this". So be on the look out for that too.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:38:24 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe
C:\Program Files\Svconr\Svconr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
C:\Program Files\MostFun\Bin\MostFun.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dial
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {53378be3-f71c-1dfa-84a4-65c5b617ef19} - {91fe716b-5c56-4a48-afd1-c17f3eb87335} - C:\WINDOWS\system32\aypbmcjp.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\bak\mcupdate.exe
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\Avast4\ashWebSv.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [a0c41ad9] rundll32.exe "C:\WINDOWS\system32\bbbiksxo.dll",b
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [ShutterflyStudio] C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: 2WireSetup.lnk = C:\Program Files\2Wire\WebWorks.exe
O4 - Startup: Event Minder Reminders.lnk = C:\HALLMARK\EMREMIND.EXE
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Startup: MostFun.lnk = C:\Program Files\MostFun\Bin\MostFun.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to miniMEDIA Video Converter... - C:\Program Files\Tiger Electronics\miniMEDIA\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?da9fb24d82bf41f28a3bb81f4fd0ec6f
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?da9fb24d82bf41f28a3bb81f4fd0ec6f
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Yahoo! Pyramids - http://download2.gam...ts/y/pyt1_x.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://C:\Program Files\Tropix\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase2895.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.co...GameManager.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12956 bytes

#4 IAmSusie3

Authentic Member

Authentic Member
55 posts

Posted 04 May 2008 - 03:53 PM

OK...here is step two.."Make an uninstall list using hijack this"..... YEA!!! THAT WORKED TOO!! HERE YOU GO....LET ME KNOW WHAT'S UP... 1st Grade v1.0 2Wire Wireless Client Adobe Flash Player ActiveX Adobe Reader 7.0.9 Adobe Shockwave Player Adobe® Photoshop® Album Starter Edition 3.2 AOL Coach Version 2.0(Build:20041026.5 en) AOL Connectivity Services AOL Spyware Protection AOL You've Got Pictures Screensaver Apple Mobile Device Support Apple Software Update Barbie® Pet Rescue Big Fish Games Client Bonjour Brain Booster CC_ccProxyExt ccCommon CCleaner (remove only) ccPxyCore Circulate Digital Media Reader Dream Day - First Home Dream Day First Home ebgcInfra ebgcRes ebgcRes ebgcRes ebgcRes ebgcRes ebgcRes ebgcSDK ebgcSDK Family Feud III: Dream Home Form Fill (Windows Live Toolbar) Foto-Mosaik 4.1.0 Google Earth Google Toolbar for Internet Explorer Google Video Player HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB926239) Intel® Extreme Graphics 2 Driver Intel® PRO Network Adapters and Drivers iTunes J2SE Runtime Environment 5.0 Update 10 Java™ SE Runtime Environment 6 Update 1 JumpStart 1st Grade 2001 Jumpstart First Grade v1.4 Kid Pix Studio Deluxe Lexmark 730 Series LimeWire 4.14.10 LiveReg (Symantec Corporation) LiveUpdate 2.5 (Symantec Corporation) Malwarebytes' Anti-Malware McAfee AntiSpyware McAfee SecurityCenter Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Digital Image Starter Edition 2006 Microsoft LifeCam Microsoft Money 2005 Microsoft Office Standard Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Works miniMEDIA MostFun - Blood Ties MostFun - Dream Chronicles MostFun Game Player Mozilla Firefox (2.0.0.7) MSN MSRedist MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) My Wal-Mart Digital Photo Center Mystery P.I. - The Vegas Heist Napster Napster Burn Engine Nero BurnRights Nero OEM Norton AntiSpam Norton AntiSpam Norton AntiVirus 2005 Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security 2005 (Symantec Corporation) Norton Security Center Norton WMI Update Norton WMI Update OneCare Advisor (Windows Live Toolbar) OpenMG AAC Add-on Module 1.0.00 OpenMG Limited Patch 4.5-06-05-12-01 OpenMG Secure Module 4.5.01 Operation PC Inspector smart recovery Photo Viewer 2.3 PowerDVD Pure Networks Port Magic QuickTime RealArcade Realtek AC'97 Audio Rhapsody Player Engine SBC Yahoo! Applications SBC Yahoo! DSL Home Networking Installer Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926247) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931768) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937143) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB942615) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944338) Security Update for Windows XP (KB944533) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB947864) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Sesame Street Elmo's Art Workshop Shutterfly Studio Smart Menus (Windows Live Toolbar) SoftV92 Data Fax Modem with SmartCP Solitaire Vol. 1 SonicStage 4.0 SPBBC Super TextTwist SUPERAntiSpyware Free Edition Symantec Script Blocking Installer SymNet Tabbed Browsing (Windows Live Toolbar) The Hidden Object Show Tropix Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB942840) Update for Windows XP (KB946627) VideoLAN VLC media player 0.8.6d Viewpoint Media Player Virtual Earth 3D (Beta) Wal-Mart Mini Movie Windows Backup Utility Windows Imaging Component Windows Live OneCare safety scanner Windows Live Outlook Toolbar (Windows Live Toolbar) Windows Live Sign-in Assistant Windows Live Toolbar Windows Live Toolbar Windows Live Toolbar Extension (Windows Live Toolbar) Windows Live Toolbar Feed Detector (Windows Live Toolbar) Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Creativity Fun Packs - Windows Movie Maker 2 Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Titles Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Word Slinger Yahoo! Install Manager Yahoo! Toolbar ZoomBook

#5 gringo_pr

Silver Member

Visiting Fellow
423 posts

Posted 05 May 2008 - 08:04 AM

Hello IAmSusie3

:run combofix:

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: how-to-use-combofix

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

:information and logs:

In your next post I need the following

1.LOG FROM COMBOFIX
2.NEW HIJACKTHIS LOG
[/list]
Gringo

#6 IAmSusie3

Authentic Member

Authentic Member
55 posts

Posted 07 May 2008 - 05:28 PM

OK....HERE IS THE COMBOFIX LOG:

ComboFix 08-05-01.3 - Owner 2008-05-07 9:33:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.144 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\IA
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\command.pif
C:\WINDOWS\system32\FhiiRXyb.ini
C:\WINDOWS\system32\FhiiRXyb.ini2
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NWSAPAGENT
-------\Service_NwSapAgent

((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 )))))))))))))))))))))))))))))))
.

2008-05-05 16:58 . 2008-05-05 16:58 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Gamelab
2008-05-05 16:57 . 2008-05-05 16:58 <DIR> d-------- C:\Program Files\Jojo's Fashion Show
2008-05-05 16:31 . 2008-05-06 21:38 <DIR> d-------- C:\Program Files\SpongeBob SquarePants Diner Dash
2008-05-05 00:48 . 2008-05-05 00:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2008-05-04 23:13 . 2008-05-04 23:13 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\iWin
2008-05-04 16:37 . 2008-05-04 16:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-04 10:19 . 2008-05-07 08:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-04 10:19 . 2008-05-04 10:19 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-30 17:38 . 2008-04-30 17:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-30 17:28 . 2008-04-30 17:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-30 17:28 . 2008-04-30 17:28 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-04-30 17:28 . 2008-04-30 17:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-30 16:39 . 2008-04-30 16:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 13:24 . 2008-04-30 13:31 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-04-30 10:51 . 2008-04-30 10:51 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\iWinArcade
2008-04-30 00:26 . 2008-04-30 00:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-04-30 00:09 . 2006-09-18 10:57 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-30 00:09 . 2006-09-18 11:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-04-30 00:09 . 2006-09-18 11:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-04-30 00:09 . 2006-09-18 11:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-04-30 00:09 . 2008-04-30 00:09 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-30 00:09 . 2008-05-07 09:33 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-29 17:16 . 2008-04-29 17:16 <DIR> d-------- C:\Program Files\Mystery P.I. - The Vegas Heist
2008-04-29 17:16 . 2008-04-29 17:16 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SpinTop
2008-04-28 18:01 . 2008-04-28 23:36 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-28 18:01 . 2008-04-28 18:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-28 18:01 . 2008-04-28 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-28 17:00 . 2008-04-28 17:00 <DIR> d-------- C:\Program Files\Svconr
2008-04-28 16:45 . 2008-04-28 16:45 109,738 --a------ C:\WINDOWS\BMa3f72945.xml
2008-04-27 00:30 . 2006-09-14 11:53 1,941,504 --a------ C:\WINDOWS\system32\Tropix.scr
2008-04-21 03:45 . 2008-04-21 03:45 <DIR> d-------- C:\Program Files\The Hidden Object Show
2008-04-20 02:20 . 2008-04-20 02:20 <DIR> d-------- C:\WINDOWS\Dream Day - First Home
2008-04-20 02:20 . 2008-04-20 02:21 <DIR> d-------- C:\Program Files\Dream Day - First Home
2008-04-19 02:15 . 2008-04-20 01:15 <DIR> d-------- C:\Program Files\Dream Day First Home
2008-04-19 02:04 . 2008-05-04 23:14 <DIR> d-------- C:\Program Files\Family Feud III - Dream Home
2008-04-10 00:13 . 2008-04-10 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Interama
2008-04-07 02:13 . 2008-04-07 02:13 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Pi Eye Games
2008-04-07 01:52 . 2008-04-07 01:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MostFun
2008-04-07 01:41 . 2008-04-09 23:48 <DIR> d-------- C:\Program Files\MostFun
2008-04-07 01:25 . 2008-05-06 21:49 <DIR> d-------- C:\Program Files\Brain Booster
2008-04-07 01:23 . 2008-04-07 01:23 <DIR> d-------- C:\Program Files\Circulate

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 07:14 --------- d-----w C:\Documents and Settings\Owner\Application Data\PlayFirst
2008-05-07 07:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-07 02:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-05 06:28 --------- d-----w C:\Program Files\Lx_cats
2008-05-04 05:59 --------- d-----w C:\Program Files\AOL Games
2008-05-01 05:41 --------- d-----w C:\Program Files\2Wire
2008-04-30 05:35 --------- d-----w C:\Documents and Settings\Owner\Application Data\Uniblue
2008-04-29 08:45 --------- d-----w C:\Program Files\GameHouse
2008-04-29 07:13 --------- d-----w C:\Documents and Settings\Owner\Application Data\Big Fish Games
2008-04-29 06:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2008-04-29 00:20 --------- d-----w C:\Program Files\BFG
2008-04-21 08:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gogii
2008-04-21 02:30 --------- d-----w C:\Program Files\Tropix
2008-04-20 22:13 13,984 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-04-19 06:59 --------- d-----w C:\Program Files\bfgclient
2008-04-04 19:52 --------- d-----w C:\Program Files\iTunes
2008-04-04 19:43 --------- d-----w C:\Program Files\iPod
2008-04-04 19:41 --------- d-----w C:\Program Files\Bonjour
2008-04-04 19:40 --------- d-----w C:\Program Files\QuickTime
2008-04-04 18:52 --------- d-----w C:\Program Files\LimeWire
2008-04-02 19:21 --------- d-----w C:\Program Files\Games
2008-04-02 03:18 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ludia
2008-04-02 03:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ludia
2008-04-01 07:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\Boomzap
2008-04-01 07:02 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-03-28 01:24 --------- d-----w C:\Program Files\CardRecovery
2008-03-26 18:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\Leadertech
2008-03-26 18:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-26 17:36 --------- d-----w C:\Program Files\Digital Photo Recovery
2008-03-21 07:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Friday's games
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 15:10 0 ----a-w C:\Program Files\temp01
2008-03-12 15:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2006-12-19 00:21 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-11-11 23:06 1,727,833 ----a-w C:\Program Files\ChayceAndRoland.JPG
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 50,776 2005-06-23 16:24:12 C:\Program Files\America Online 9.0\bak\AOL.EXE

----a-w 125,528 2004-11-03 21:03:00 C:\Program Files\Common Files\AOL\1158597562\EE\bak\AOLHostManager.exe

----a-w 185,896 2007-07-02 14:54:17 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

----a-w 58,488 2004-08-27 23:22:40 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe

----a-w 218,240 2004-08-06 00:23:14 C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe

----a-w 32,768 2004-11-03 03:24:46 C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe

----a-w 135,168 2004-11-15 22:04:32 C:\Program Files\Digital Media Reader\bak\shwiconem.exe

----a-w 68,856 2007-08-04 04:07:15 C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe

----a-w 267,064 2007-09-05 23:03:52 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-03-30 15:36:40 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 83,608 2007-03-14 08:43:44 C:\Program Files\Java\jre1.6.0_01\bin\bak\jusched.exe

----a-w 327,680 2006-01-06 20:14:20 C:\Program Files\McAfee\McAfee AntiSpyware\bak\masalert.exe

----a-w 303,104 2005-09-23 01:29:08 C:\Program Files\McAfee.com\Agent\bak\mcagent.exe

----a-w 212,992 2006-01-11 19:05:42 C:\Program Files\McAfee.com\Agent\bak\McUpdate.exe

----a-w 277,296 2006-10-13 23:01:18 C:\Program Files\Microsoft LifeCam\bak\LifeExp.exe

----a-w 132,248 2004-08-17 22:36:18 C:\Program Files\Norton Internet Security\bak\cfgwiz.exe

----a-w 33,936 2004-08-31 02:29:36 C:\Program Files\Norton Internet Security\bak\UrlLstCk.exe

----a-w 286,720 2007-06-29 11:24:52 C:\Program Files\QuickTime\bak\QTTask.exe
----a-w 413,696 2008-03-29 04:37:20 C:\Program Files\QuickTime\QTTask.exe

----a-w 1,028,096 2003-07-14 19:55:01 C:\Program Files\SBC Yahoo!\Connection Manager\bak\ConnectionManager.exe

----a-w 81,920 2006-05-08 10:17:56 C:\Program Files\Sony\SonicStage\bak\SsAAD.exe

----a-w 57,344 2003-07-11 21:51:16 C:\Program Files\Yahoo!\browser\bak\ybrwicon.exe

----a-w 224,248 2007-06-08 14:59:38 C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe

----a-w 707,376 2006-10-13 23:04:06 C:\WINDOWS\bak\vVX3000.exe

----a-w 118,784 2004-08-20 22:51:14 C:\WINDOWS\system32\bak\hkcmd.exe

----a-w 155,648 2004-08-20 22:55:14 C:\WINDOWS\system32\bak\igfxtray.exe

----a-w 155,648 2001-07-09 18:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91fe716b-5c56-4a48-afd1-c17f3eb87335}]
C:\WINDOWS\system32\aypbmcjp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShutterflyStudio"="C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe" [2007-03-06 13:05 2496512]
"Svconr"="C:\Program Files\Svconr\Svconr.exe" [2008-04-28 17:00 57344]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 19:42 79448]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\bak\mcupdate.exe" [2006-01-11 14:05 212992]
"LXCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 14:47 73728]
"avast! Web Scanner"="C:\PROGRA~1\ALWILS~1\Avast4\ashWebSv.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"a0c41ad9"="C:\WINDOWS\system32\bbbiksxo.dll" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashServ.exe" [ ]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
2WireSetup.lnk - C:\Program Files\2Wire\WebWorks.exe [2008-05-01 00:40:53 622592]
Event Minder Reminders.lnk - C:\HALLMARK\EMREMIND.EXE [2007-07-09 16:39:42 6240]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Install Pending Files.LNK - C:\Program Files\SIFXINST\SIFXINST.EXE [2006-09-18 11:35:37 729088]
iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-01-28 19:51:51 107520]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1158597562\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MostFun\\Bin\\MostFun.exe"=

R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 18:01]
R3 2WIREPCP;2Wire USB;C:\WINDOWS\system32\DRIVERS\2WirePCP.sys [2005-05-12 11:26]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 01:01]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-30 16:44:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-07 14:29:03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-29 13:43:41 C:\WINDOWS\Tasks\McAfee AntiSpyware.job"
- c:\progra~1\mcafee\MCAFEE~1\MASCon.exe
"2008-05-05 23:28:16 C:\WINDOWS\Tasks\ParetoLogic Registration.job"
- C:\WINDOWS\system32\rundll32.exe@
"2006-09-18 16:26:07 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-03-22 13:24:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\PROGRA~1\Uniblue\SPYERA~1\SpyEraser.exe
"2007-10-14 06:03:04 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\PROGRA~1\Uniblue\SPYERA~1\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 09:43:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\McAfee AntiSpyware\MASSrv.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MostFun\Bin\MostFun.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-05-07 9:58:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-07 14:58:29

Pre-Run: 65,679,998,976 bytes free
Post-Run: 68,223,328,256 bytes free

260 --- E O F --- 2008-04-09 08:16:23

#7 IAmSusie3

Authentic Member

Authentic Member
55 posts

Posted 07 May 2008 - 05:37 PM

OK...HERE'S THE NEW "HIJACK THIS LOG".......lET ME KNOW IF THIS IS THE STUFF YOU WANTED....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:29:28 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe
C:\Program Files\Svconr\Svconr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
C:\Program Files\MostFun\Bin\MostFun.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {53378be3-f71c-1dfa-84a4-65c5b617ef19} - {91fe716b-5c56-4a48-afd1-c17f3eb87335} - C:\WINDOWS\system32\aypbmcjp.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\bak\mcupdate.exe
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\Avast4\ashWebSv.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [a0c41ad9] rundll32.exe "C:\WINDOWS\system32\bbbiksxo.dll",b
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [ShutterflyStudio] C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: 2WireSetup.lnk = C:\Program Files\2Wire\WebWorks.exe
O4 - Startup: Event Minder Reminders.lnk = C:\HALLMARK\EMREMIND.EXE
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Startup: MostFun.lnk = C:\Program Files\MostFun\Bin\MostFun.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to miniMEDIA Video Converter... - C:\Program Files\Tiger Electronics\miniMEDIA\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?da9fb24d82bf41f28a3bb81f4fd0ec6f
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?da9fb24d82bf41f28a3bb81f4fd0ec6f
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Yahoo! Pyramids - http://download2.gam...ts/y/pyt1_x.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://C:\Program Files\Tropix\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase2895.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.co...GameManager.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 13049 bytes

#8 gringo_pr

Silver Member

Visiting Fellow
423 posts

Posted 08 May 2008 - 08:59 AM

Hello IAmSusie3

you are doing good
now lets keep going

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

KILLALL::

Folder::
C:\Program Files\Svconr

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91fe716b-5c56-4a48-afd1-c17f3eb87335}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svconr"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"a0c41ad9"=-

AWF::
C:\Program Files\America Online 9.0\bak\AOL.EXE
C:\Program Files\Common Files\AOL\1158597562\EE\bak\AOLHostManager.exe
C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe
C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe
C:\Program Files\Digital Media Reader\bak\shwiconem.exe
C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
C:\Program Files\iTunes\bak\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\bak\jusched.exe
C:\Program Files\McAfee\McAfee AntiSpyware\bak\masalert.exe
C:\Program Files\McAfee.com\Agent\bak\mcagent.exe
C:\Program Files\McAfee.com\Agent\bak\McUpdate.exe
C:\Program Files\Microsoft LifeCam\bak\LifeExp.exe
C:\Program Files\Norton Internet Security\bak\cfgwiz.exe
C:\Program Files\Norton Internet Security\bak\UrlLstCk.exe
C:\Program Files\QuickTime\bak\QTTask.exe
C:\Program Files\SBC Yahoo!\Connection Manager\bak\ConnectionManager.exe
C:\Program Files\Sony\SonicStage\bak\SsAAD.exe
C:\Program Files\Yahoo!\browser\bak\ybrwicon.exe
C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe
C:\WINDOWS\bak\vVX3000.exe
C:\WINDOWS\system32\bak\hkcmd.exe
C:\WINDOWS\system32\bak\igfxtray.exe
C:\WINDOWS\system32\bak\NeroCheck.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

:information and logs:

In your next post I need the following

1.the new log from combofix
[/list]
Gringo

#9 IAmSusie3

Authentic Member

Authentic Member
55 posts

Posted 09 May 2008 - 07:51 AM

ComboFix 08-05-01.3 - Owner 2008-05-09 2:31:04.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.200 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Svconr
C:\Program Files\Svconr\Svconr.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.

2008-05-05 16:58 . 2008-05-05 16:58 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Gamelab
2008-05-05 16:57 . 2008-05-05 16:58 <DIR> d-------- C:\Program Files\Jojo's Fashion Show
2008-05-05 16:31 . 2008-05-06 21:38 <DIR> d-------- C:\Program Files\SpongeBob SquarePants Diner Dash
2008-05-05 00:48 . 2008-05-05 00:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2008-05-04 23:13 . 2008-05-04 23:13 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\iWin
2008-05-04 16:37 . 2008-05-04 16:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-04 10:19 . 2008-05-09 02:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-04 10:19 . 2008-05-04 10:19 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-30 17:38 . 2008-04-30 17:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-30 17:28 . 2008-04-30 17:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-30 17:28 . 2008-04-30 17:28 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-04-30 17:28 . 2008-04-30 17:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-30 16:39 . 2008-04-30 16:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 13:24 . 2008-04-30 13:31 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-04-30 10:51 . 2008-04-30 10:51 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\iWinArcade
2008-04-30 00:26 . 2008-04-30 00:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-04-30 00:09 . 2006-09-18 10:57 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-30 00:09 . 2006-09-18 11:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-04-30 00:09 . 2006-09-18 11:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-04-30 00:09 . 2006-09-18 11:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-04-30 00:09 . 2008-04-30 00:09 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-30 00:09 . 2008-05-08 20:55 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-29 17:16 . 2008-04-29 17:16 <DIR> d-------- C:\Program Files\Mystery P.I. - The Vegas Heist
2008-04-29 17:16 . 2008-04-29 17:16 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SpinTop
2008-04-28 18:01 . 2008-04-28 23:36 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-28 18:01 . 2008-04-28 18:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-28 18:01 . 2008-04-28 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-28 16:45 . 2008-04-28 16:45 109,738 --a------ C:\WINDOWS\BMa3f72945.xml
2008-04-27 00:30 . 2006-09-14 11:53 1,941,504 --a------ C:\WINDOWS\system32\Tropix.scr
2008-04-21 03:45 . 2008-04-21 03:45 <DIR> d-------- C:\Program Files\The Hidden Object Show
2008-04-20 02:20 . 2008-04-20 02:20 <DIR> d-------- C:\WINDOWS\Dream Day - First Home
2008-04-20 02:20 . 2008-04-20 02:21 <DIR> d-------- C:\Program Files\Dream Day - First Home
2008-04-19 02:15 . 2008-04-20 01:15 <DIR> d-------- C:\Program Files\Dream Day First Home
2008-04-19 02:04 . 2008-05-04 23:14 <DIR> d-------- C:\Program Files\Family Feud III - Dream Home
2008-04-10 00:13 . 2008-04-10 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Interama

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 07:37 --------- d-----w C:\Program Files\QuickTime
2008-05-09 07:37 --------- d-----w C:\Program Files\Norton Internet Security
2008-05-09 07:37 --------- d-----w C:\Program Files\Microsoft LifeCam
2008-05-09 07:37 --------- d-----w C:\Program Files\iTunes
2008-05-09 07:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-09 07:30 --------- d-----w C:\Program Files\Digital Media Reader
2008-05-09 07:30 --------- d-----w C:\Program Files\America Online 9.0
2008-05-07 07:14 --------- d-----w C:\Documents and Settings\Owner\Application Data\PlayFirst
2008-05-07 07:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-07 02:49 --------- d-----w C:\Program Files\Brain Booster
2008-05-07 02:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-05 06:28 --------- d-----w C:\Program Files\Lx_cats
2008-05-04 05:59 --------- d-----w C:\Program Files\AOL Games
2008-05-01 05:41 --------- d-----w C:\Program Files\2Wire
2008-04-30 05:35 --------- d-----w C:\Documents and Settings\Owner\Application Data\Uniblue
2008-04-29 08:45 --------- d-----w C:\Program Files\GameHouse
2008-04-29 07:13 --------- d-----w C:\Documents and Settings\Owner\Application Data\Big Fish Games
2008-04-29 06:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2008-04-29 00:20 --------- d-----w C:\Program Files\BFG
2008-04-21 08:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gogii
2008-04-21 02:30 --------- d-----w C:\Program Files\Tropix
2008-04-20 22:13 13,984 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-04-19 06:59 --------- d-----w C:\Program Files\bfgclient
2008-04-10 04:48 --------- d-----w C:\Program Files\MostFun
2008-04-07 07:13 --------- d-----w C:\Documents and Settings\Owner\Application Data\Pi Eye Games
2008-04-07 06:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\MostFun
2008-04-07 06:23 --------- d-----w C:\Program Files\Circulate
2008-04-04 19:43 --------- d-----w C:\Program Files\iPod
2008-04-04 19:41 --------- d-----w C:\Program Files\Bonjour
2008-04-04 18:52 --------- d-----w C:\Program Files\LimeWire
2008-04-02 19:21 --------- d-----w C:\Program Files\Games
2008-04-02 03:18 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ludia
2008-04-02 03:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ludia
2008-04-01 07:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\Boomzap
2008-04-01 07:02 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-03-28 01:24 --------- d-----w C:\Program Files\CardRecovery
2008-03-26 18:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\Leadertech
2008-03-26 18:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-26 17:36 --------- d-----w C:\Program Files\Digital Photo Recovery
2008-03-21 07:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Friday's games
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 15:10 0 ----a-w C:\Program Files\temp01
2008-03-12 15:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2006-12-19 00:21 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-11-11 23:06 1,727,833 ----a-w C:\Program Files\ChayceAndRoland.JPG
.

((((((((((((((((((((((((((((( snapshot@2008-05-07_ 9.56.10.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-07 14:43:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-09 07:37:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-09 07:16:03 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\neodesk\e42ab0fd\2e9ffd2\d18gdbnx.dll
+ 2008-05-09 07:16:01 4,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\neodesk\e42ab0fd\2e9ffd2\dhn1ybjc.dll
+ 2008-05-09 07:15:57 3,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\neodesk\e42ab0fd\2e9ffd2\grj2-eym.dll
+ 2004-08-20 22:51:14 118,784 ----a-w C:\WINDOWS\system32\hkcmd.exe
+ 2004-08-20 22:55:14 155,648 ----a-w C:\WINDOWS\system32\igfxtray.exe
+ 2001-07-09 18:50:42 155,648 ----a-w C:\WINDOWS\system32\NeroCheck.exe
+ 2006-10-13 23:04:06 707,376 ----a-w C:\WINDOWS\vVX3000.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShutterflyStudio"="C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe" [2007-03-06 13:05 2496512]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 19:42 79448]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 14:05 212992]
"LXCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 14:47 73728]
"avast! Web Scanner"="C:\PROGRA~1\ALWILS~1\Avast4\ashWebSv.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-05 18:03 267064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashServ.exe" [ ]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
2WireSetup.lnk - C:\Program Files\2Wire\WebWorks.exe [2008-05-01 00:40:53 622592]
Event Minder Reminders.lnk - C:\HALLMARK\EMREMIND.EXE [2007-07-09 16:39:42 6240]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Install Pending Files.LNK - C:\Program Files\SIFXINST\SIFXINST.EXE [2006-09-18 11:35:37 729088]
iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-01-28 19:51:51 107520]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1158597562\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MostFun\\Bin\\MostFun.exe"=

R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 18:01]
R3 2WIREPCP;2Wire USB;C:\WINDOWS\system32\DRIVERS\2WirePCP.sys [2005-05-12 11:26]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 01:01]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-07 16:44:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-09 07:29:04 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-29 13:43:41 C:\WINDOWS\Tasks\McAfee AntiSpyware.job"
- c:\progra~1\mcafee\MCAFEE~1\MASCon.exe
"2008-05-08 23:00:04 C:\WINDOWS\Tasks\ParetoLogic Registration.job"
- C:\WINDOWS\system32\rundll32.exe@
"2006-09-18 16:26:07 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-03-22 13:24:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\PROGRA~1\Uniblue\SPYERA~1\SpyEraser.exe
"2007-10-14 06:03:04 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\PROGRA~1\Uniblue\SPYERA~1\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 02:37:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\McAfee AntiSpyware\MASSrv.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\MostFun\Bin\MostFun.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2008-05-09 2:52:06 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-05-09 07:51:47
ComboFix2.txt 2008-05-07 14:58:54

Pre-Run: 69,124,771,840 bytes free
Post-Run: 69,113,585,664 bytes free

231 --- E O F --- 2008-04-09 08:16:23

#10 gringo_pr

Silver Member

Visiting Fellow
423 posts

Posted 09 May 2008 - 04:45 PM

Hello IAmSusie3

you are doing very good :thumbup:

: Recovery Console :

we need to install the Recovery Console on this computer
this is very important it could save you later

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System

Posted Image

the one for you is Windows XP Service Pack 2 (SP2)

Download the file & save it as it's originally named, next to ComboFix.exe.

Posted Image

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

:Clean temp files:

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) CleanerÂ© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

Under Main choose: Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
if you use Firefox: Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera: Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program
[/list]
: Malwarebytes' Anti-Malware :

Please download Malwarebytes' Anti-Malware to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

:Run Kaspersky Online AV Scanner:

Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.
Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary.
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer"
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Copy and paste the report into your next reply

:information and logs:

In your next post I need the following

1.log from combofix (it will be short)
2.log from MBAM
3.log from kaspersky
4.let me know how the computer is doing now
[/list]
Gringo

Advertisements

Register to Remove

#11 IAmSusie3

Authentic Member

Authentic Member
55 posts

Posted 11 May 2008 - 10:02 PM

OK...HERE'S THE LOG FILE FOR THE "RECOVERY CONSOLE" STEP....

ComboFix 08-05-01.3 - Owner 2008-05-11 22:48:17.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.112 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))
.

2008-05-05 16:58 . 2008-05-05 16:58 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Gamelab
2008-05-05 16:57 . 2008-05-05 16:58 <DIR> d-------- C:\Program Files\Jojo's Fashion Show
2008-05-05 16:31 . 2008-05-06 21:38 <DIR> d-------- C:\Program Files\SpongeBob SquarePants Diner Dash
2008-05-05 00:48 . 2008-05-05 00:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2008-05-04 23:13 . 2008-05-04 23:13 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\iWin
2008-05-04 16:37 . 2008-05-04 16:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-04 10:19 . 2008-05-11 13:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-04 10:19 . 2008-05-04 10:19 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-30 17:38 . 2008-04-30 17:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-30 17:28 . 2008-04-30 17:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-30 17:28 . 2008-04-30 17:28 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-04-30 17:28 . 2008-04-30 17:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-30 16:39 . 2008-04-30 16:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 13:24 . 2008-04-30 13:31 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-04-30 10:51 . 2008-04-30 10:51 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\iWinArcade
2008-04-30 00:26 . 2008-04-30 00:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-04-30 00:09 . 2006-09-18 10:57 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-30 00:09 . 2006-09-18 11:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-04-30 00:09 . 2006-09-18 11:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-04-30 00:09 . 2006-09-18 11:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-04-30 00:09 . 2008-04-30 00:09 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-30 00:09 . 2008-05-11 22:12 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-29 17:16 . 2008-04-29 17:16 <DIR> d-------- C:\Program Files\Mystery P.I. - The Vegas Heist
2008-04-29 17:16 . 2008-04-29 17:16 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SpinTop
2008-04-28 18:01 . 2008-04-28 23:36 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-28 18:01 . 2008-04-28 18:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-28 18:01 . 2008-04-28 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-28 16:45 . 2008-04-28 16:45 109,738 --a------ C:\WINDOWS\BMa3f72945.xml
2008-04-27 00:30 . 2006-09-14 11:53 1,941,504 --a------ C:\WINDOWS\system32\Tropix.scr
2008-04-21 03:45 . 2008-04-21 03:45 <DIR> d-------- C:\Program Files\The Hidden Object Show
2008-04-20 02:20 . 2008-04-20 02:20 <DIR> d-------- C:\WINDOWS\Dream Day - First Home
2008-04-20 02:20 . 2008-04-20 02:21 <DIR> d-------- C:\Program Files\Dream Day - First Home
2008-04-19 02:15 . 2008-04-20 01:15 <DIR> d-------- C:\Program Files\Dream Day First Home
2008-04-19 02:04 . 2008-05-04 23:14 <DIR> d-------- C:\Program Files\Family Feud III - Dream Home

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 03:40 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-05-09 07:37 --------- d-----w C:\Program Files\QuickTime
2008-05-09 07:37 --------- d-----w C:\Program Files\Norton Internet Security
2008-05-09 07:37 --------- d-----w C:\Program Files\Microsoft LifeCam
2008-05-09 07:37 --------- d-----w C:\Program Files\iTunes
2008-05-09 07:37 --------- d-----w C:\Program Files\Digital Media Reader
2008-05-09 07:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-09 07:37 --------- d-----w C:\Program Files\America Online 9.0
2008-05-07 07:14 --------- d-----w C:\Documents and Settings\Owner\Application Data\PlayFirst
2008-05-07 07:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-07 02:49 --------- d-----w C:\Program Files\Brain Booster
2008-05-07 02:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-05 06:28 --------- d-----w C:\Program Files\Lx_cats
2008-05-04 05:59 --------- d-----w C:\Program Files\AOL Games
2008-05-01 05:41 --------- d-----w C:\Program Files\2Wire
2008-04-30 05:35 --------- d-----w C:\Documents and Settings\Owner\Application Data\Uniblue
2008-04-29 08:45 --------- d-----w C:\Program Files\GameHouse
2008-04-29 07:13 --------- d-----w C:\Documents and Settings\Owner\Application Data\Big Fish Games
2008-04-29 06:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2008-04-29 00:20 --------- d-----w C:\Program Files\BFG
2008-04-21 08:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gogii
2008-04-21 02:30 --------- d-----w C:\Program Files\Tropix
2008-04-20 22:13 13,984 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-04-19 06:59 --------- d-----w C:\Program Files\bfgclient
2008-04-10 05:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Interama
2008-04-10 04:48 --------- d-----w C:\Program Files\MostFun
2008-04-07 07:13 --------- d-----w C:\Documents and Settings\Owner\Application Data\Pi Eye Games
2008-04-07 06:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\MostFun
2008-04-07 06:23 --------- d-----w C:\Program Files\Circulate
2008-04-04 19:43 --------- d-----w C:\Program Files\iPod
2008-04-04 19:41 --------- d-----w C:\Program Files\Bonjour
2008-04-04 18:52 --------- d-----w C:\Program Files\LimeWire
2008-04-02 19:21 --------- d-----w C:\Program Files\Games
2008-04-02 03:18 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ludia
2008-04-02 03:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ludia
2008-04-01 07:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\Boomzap
2008-04-01 07:02 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-03-28 01:24 --------- d-----w C:\Program Files\CardRecovery
2008-03-26 18:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\Leadertech
2008-03-26 18:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-26 17:36 --------- d-----w C:\Program Files\Digital Photo Recovery
2008-03-21 07:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Friday's games
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 15:10 0 ----a-w C:\Program Files\temp01
2008-03-12 15:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2006-12-19 00:21 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-11-11 23:06 1,727,833 ----a-w C:\Program Files\ChayceAndRoland.JPG
.

((((((((((((((((((((((((((((( snapshot@2008-05-07_ 9.56.10.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-07 14:43:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-12 03:39:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-12 03:42:59 3,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\neodesk\e42ab0fd\2e9ffd2\gbwmwqro.dll
+ 2008-05-12 03:43:06 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\neodesk\e42ab0fd\2e9ffd2\m8h6qhod.dll
+ 2008-05-12 03:43:03 4,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\neodesk\e42ab0fd\2e9ffd2\qssflf6k.dll
+ 2008-05-11 19:33:03 126,976 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\neoedge.services.agent.webservices\526c3ea7\436a57b2\assembly\tmp\JQW28EKQ\NeoEdge.Services.Agent.dll
+ 2004-08-20 22:51:14 118,784 ----a-w C:\WINDOWS\system32\hkcmd.exe
+ 2004-08-20 22:55:14 155,648 ----a-w C:\WINDOWS\system32\igfxtray.exe
+ 2001-07-09 18:50:42 155,648 ----a-w C:\WINDOWS\system32\NeroCheck.exe
+ 2006-10-13 23:04:06 707,376 ----a-w C:\WINDOWS\vVX3000.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShutterflyStudio"="C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe" [2007-03-06 13:05 2496512]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 19:42 79448]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 14:05 212992]
"LXCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 14:47 73728]
"avast! Web Scanner"="C:\PROGRA~1\ALWILS~1\Avast4\ashWebSv.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-05 18:03 267064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashServ.exe" [ ]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
2WireSetup.lnk - C:\Program Files\2Wire\WebWorks.exe [2008-05-01 00:40:53 622592]
Event Minder Reminders.lnk - C:\HALLMARK\EMREMIND.EXE [2007-07-09 16:39:42 6240]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Install Pending Files.LNK - C:\Program Files\SIFXINST\SIFXINST.EXE [2006-09-18 11:35:37 729088]
iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-01-28 19:51:51 107520]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1158597562\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MostFun\\Bin\\MostFun.exe"=

R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 18:01]
R3 2WIREPCP;2Wire USB;C:\WINDOWS\system32\DRIVERS\2WirePCP.sys [2005-05-12 11:26]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 01:01]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-07 16:44:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-12 03:29:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-29 13:43:41 C:\WINDOWS\Tasks\McAfee AntiSpyware.job"
- c:\progra~1\mcafee\MCAFEE~1\MASCon.exe
"2008-05-12 02:30:56 C:\WINDOWS\Tasks\ParetoLogic Registration.job"
- C:\WINDOWS\system32\rundll32.exe@
"2006-09-18 16:26:07 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-03-22 13:24:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\PROGRA~1\Uniblue\SPYERA~1\SpyEraser.exe
"2007-10-14 06:03:04 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\PROGRA~1\Uniblue\SPYERA~1\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 22:52:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-11 22:57:15
ComboFix-quarantined-files.txt 2008-05-12 03:56:29
ComboFix2.txt 2008-05-09 07:52:08
ComboFix3.txt 2008-05-07 14:58:54

Pre-Run: 68,905,361,408 bytes free
Post-Run: 68,943,060,992 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

214 --- E O F --- 2008-04-09 08:16:23

#12 gringo_pr

Silver Member

Visiting Fellow
423 posts

Posted 12 May 2008 - 11:36 AM

I also need the logs from Malwarebytes and Kaspersky when you get the chance. Gringo

#13 IAmSusie3

Authentic Member

Authentic Member
55 posts

Posted 12 May 2008 - 11:19 PM

Sorry this is split up....this goes with the post on May 9, 2008...I already sent you the RECOVER CONSOLE LOG FILE...AND HERE'S THE MALWARE BYTES LOG FILE....Next I'm going to do the KASPERSKY MALWARE BYTES ANTI-MALWARE LOG..... Malwarebytes' Anti-Malware 1.12 Database version: 744 Scan type: Full Scan (C:\|D:\|) Objects scanned: 140088 Time elapsed: 1 hour(s), 2 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 14 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\QooBox\Quarantine\C\Program Files\Svconr\Svconr.exe.vir (Trojan.Clicker) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP177\A0172419.exe (Adware.SearchAid) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP178\A0173431.exe (Adware.SearchAid) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP178\A0173434.exe (Adware.SearchAid) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP178\A0173435.exe (Adware.SearchAid) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP178\A0173648.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP178\A0173658.dll (Adware.TargetSaver) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP178\A0173673.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP180\A0173790.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP180\A0173873.exe (Trojan.Insider) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP180\A0173874.exe (Adware.Insider) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP180\A0173881.exe (Rogue.BugDoctor) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP181\A0176767.dll (Adware.TargetSaver) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP189\A0185282.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

#14 IAmSusie3

Authentic Member

Authentic Member
55 posts

Posted 13 May 2008 - 06:28 AM

OK...HERE IS THE KASPERSKY LOG FILE...... ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Tuesday, May 13, 2008 7:27:14 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 13/05/2008 Kaspersky Anti-Virus database records: 768145 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan Statistics: Total number of scanned objects: 101836 Number of viruses found: 14 Number of infected objects: 18 Number of suspicious objects: 0 Duration of the scan process: 05:03:00 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-4-30-2008( 17-38-23 ).LOG Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\AntiSpyware\Data\masdata.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\AntiSpyware\Data\masevents.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd002.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.15545 Infected: Trojan-Downloader.Win32.Homles.bj skipped C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.24795 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.41851 Infected: Trojan-Downloader.Win32.Homles.bj skipped C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.90204 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped C:\Documents and Settings\Owner\Application Data\Shutterfly\Studio\app_log--05-13-08--06-32-03.log Object is locked skipped C:\Documents and Settings\Owner\Application Data\Shutterfly\Studio\mm_0_1.tdb Object is locked skipped C:\Documents and Settings\Owner\Application Data\Shutterfly\Studio\mm_1_1.odb Object is locked skipped C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-13-2008( 1-31-16 ).LOG Object is locked skipped C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Owner\Incomplete\Preview-T-3545425-bratz movie.mpg Infected: Trojan-Downloader.WMA.Wimad.n skipped C:\Documents and Settings\Owner\Incomplete\Preview-T-3545425-little mermaid 2.mpg Infected: Trojan-Downloader.WMA.Wimad.n skipped C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory\2e9ffd2.be13aa05.ini.inuse Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory\436a57b2.be13aa05.ini.inuse Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory\MostFun.exe.be13aa05.ini.inuse Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\MostFun\RuntimeState\{2d9c6400-153d-4fdf-9aaa-933577e0433a}\Logs\edb.log Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\MostFun\RuntimeState\{2d9c6400-153d-4fdf-9aaa-933577e0433a}\Logs\tmp.edb Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008051320080514\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\~DF5879.tmp Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\~DFE6E3.tmp Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\PhishingFilter\45E13EC5-3DB7-4B3D-9F80-073A58AB5E82.dat Object is locked skipped C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Shared\(New Release) good is good sheral crow 23.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped C:\Documents and Settings\Owner\Shared\little mermaid 2.mpg Infected: Trojan-Downloader.WMA.Wimad.n skipped C:\Documents and Settings\Owner\Shared\TOTALLY HIP TRACK.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped C:\My Games\Tropix\postcard.exe Infected: Trojan-Downloader.Win32.Agent.dro skipped C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP105\A0139839.exe Infected: not-a-virus:AdTool.Win32.FenomenGame.a skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP140\A0153437.exe Infected: Backdoor.Win32.Rbot.piv skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP152\A0154408.exe Infected: Backdoor.Win32.Rbot.jwg skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP172\A0167991.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.niz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP174\A0169173.exe Infected: Backdoor.Win32.Mex.s skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP177\A0172336.exe Infected: Trojan-Downloader.Win32.Agent.lsl skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP178\A0173433.exe Infected: not-a-virus:AdWare.Win32.AdBand.y skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP178\A0173436.exe Infected: Trojan-Downloader.Win32.Agent.mri skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP192\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\TEMP\sqlite_1Yinetr9ckmdIxB Object is locked skipped C:\WINDOWS\TEMP\sqlite_6dRztrvV8roKGxt Object is locked skipped C:\WINDOWS\TEMP\sqlite_ieuIoN4o7hFhSxZ Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

#15 IAmSusie3

Authentic Member

Authentic Member
55 posts

Posted 13 May 2008 - 06:33 AM

OK...NOW YOU WANTED TO KNOW HOW THE COMPUTER IS DOING....BEFORE I DID ALL THOSE THINGS YOU JUST GOT...IT WAS RUNNING VERY, VERY SLOW....AND A FEW TIMES I WOULDN'T HAVE A MOUSE. SEVERAL TIMES IT WOULD FREEZE UP AND I HAD TO TURN IT OFF AND TURN IT ON AGAIN.... AS FOR HOW IT IS RUNNNG AFTER ALL THAT STUFF....I DON'T KNOW YET...I JUST POSTED THE KASPERSKY AND NOW I GOTTA RUN THE KIDS TO SCHOOL AND WHEN I GET BACK I'LL DO SOME STUFF AND LET YOU KNOW... I THINK I HAVE ANOTHER EMAIL FROM YOU, BUT IT IS PROBABLY JUST ASKING FOR WHAT I SENT YOU JUST NOW.... I'LL BE BACK SOON....THANKS FOR ALL YOUR HELP AND THE "PEP TALK COMPLIMENTS"....THOSE MAKE MY DAY!

Body Background

skin color theme