Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Webwatcher


  • Please log in to reply
2 replies to this topic

#1 VWells

VWells

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 08 April 2008 - 07:14 PM

I had Webwatcher installed on my computer.
I believe that I have removed the majority of it, however, when I restart, a folder c:\windows\system32\atww\cache is created. It is empty, but I'm wary that something residual is still lingering on my system.


LOGS:


Deckard's System Scanner v20071014.68
Run by tim on 2008-04-08 17:07:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2008-04-09 00:07:59 UTC - RP268 - Deckard's System Scanner Restore Point
5: 2008-04-08 17:41:24 UTC - RP267 - Installed RICOH R5C832/843 Flash Media Driver Ver.1.01.09E
4: 2008-04-04 16:38:03 UTC - RP266 - Installed Microsoft Works 6-9 Converter
3: 2008-04-03 18:22:19 UTC - RP265 - Installed Sunbelt CounterSpy.
2: 2008-04-03 17:30:19 UTC - RP264 - Removed Corel Painter IX


-- First Restore Point --
1: 2008-03-25 18:06:02 UTC - RP263 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-08 17:09:40
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\tim\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = ?
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O10 - Unknown file in Winsock LSP: C:\Program Files\Iolo\Common\Firewall\iFW_Xfilter.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188763614234
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE


--
End of file - 6067 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - NOTEPAD.EXE %1
.scr - scrfile - shell\open\command - NOTEPAD.EXE %1
.txt - txtfile - shell\open\command - Notepad.exe %1
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Klpf - c:\windows\system32\drivers\klpf.sys <Not Verified; KL; KL klpf>
R0 Klpid - c:\windows\system32\drivers\klpid.sys <Not Verified; KL; KL klpid>
R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
R1 Klmc - c:\windows\system32\drivers\klmc.sys <Not Verified; Kaspersky Lab; Kaspersky Anti-Virus Personal>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 LBeepKE - c:\windows\system32\drivers\lbeepke.sys <Not Verified; Logitech, Inc.; Logitech SetPoint™>
R2 Packet (Auto Internet Protocol) - c:\windows\system32\drivers\packet.sys <Not Verified; SingleClick Systems; Auto IP Protocol Driver>
R3 SBAPIFS - c:\windows\system32\drivers\sbapifs.sys (file missing)

S3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - c:\windows\system32\drivers\bvrpmpr5.sys <Not Verified; BVRP Software; BVRPNDIS Rawether for Windows>
S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>
S3 MEMSWEEP2 - c:\windows\system32\47.tmp (file missing)
S3 SymIM (Symantec Network Security Intermediate Filter Service) - c:\windows\system32\drivers\symim.sys (file missing)
S3 SymIMMP - c:\windows\system32\drivers\symim.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 kavsvc - "c:\program files\kaspersky lab\kaspersky anti-virus personal\kavsvc.exe" <Not Verified; Kaspersky Lab; Kaspersky Anti-Virus Personal>
S4 Nanacpsrwc -


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-07 10:57:03 368 --a------ C:\WINDOWS\Tasks\RegCure.job
2008-04-07 10:57:03 434 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-01-17 15:15:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-08 and 2008-04-08 -----------------------------

2008-04-08 16:23:46 0 d-------- C:\Program Files\roguescanfix
2008-04-08 16:15:24 1556 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-08 16:04:41 0 d--hs---- C:\WINDOWS\CSC
2008-04-08 16:01:21 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-08 16:01:21 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-08 16:01:21 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-08 16:01:21 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-08 16:01:21 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-08 16:01:21 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-08 16:01:21 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-08 10:16:55 0 d-------- C:\Program Files\Yahoo!
2008-04-07 13:27:42 0 d-------- C:\Program Files\Sophos
2008-04-07 11:19:52 0 d-------- C:\aa
2008-04-07 11:08:58 0 d-------- C:\WINDOWS\RegCure
2008-04-07 10:56:59 0 d-------- C:\Program Files\RegCure
2008-04-04 17:01:55 0 d-------- C:\Documents and Settings\Tim_2\Application Data\SmartFTP
2008-04-04 09:38:08 0 d-------- C:\Program Files\Microsoft Works
2008-04-03 17:43:46 0 d-------- C:\Documents and Settings\Tim_2\Application Data\Sunbelt Software
2008-04-03 15:09:57 0 d-------- C:\Program Files\Shortcuts Map
2008-04-03 14:34:25 0 d-------- C:\Documents and Settings\tim\.housecall6.6
2008-04-03 12:43:38 0 d-------- C:\Documents and Settings\All Users\Application Data\logs
2008-04-03 12:03:00 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-04-03 12:03:00 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-04-03 12:01:56 0 d-------- C:\Documents and Settings\tim\Application Data\Sunbelt Software
2008-04-03 12:00:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-04-03 11:22:22 0 d-------- C:\Program Files\Sunbelt Software
2008-04-01 16:30:38 0 d-------- C:\Documents and Settings\Tim_2\Application Data\Yahoo!
2008-04-01 16:15:38 0 d-------- C:\Documents and Settings\Tim_2\Application Data\Adobe
2008-04-01 16:12:09 0 d-------- C:\Documents and Settings\Tim_2\Application Data\Mozilla
2008-04-01 16:11:00 0 d-------- C:\Documents and Settings\Tim_2\Application Data\Apple Computer
2008-04-01 16:06:08 0 d-------- C:\Documents and Settings\Tim_2\Application Data\Macromedia
2008-04-01 16:05:42 0 d-------- C:\Documents and Settings\Tim_2\Contacts
2008-04-01 16:04:27 0 d-------- C:\Documents and Settings\Tim_2\Application Data\Grisoft
2008-04-01 16:04:20 0 d-------- C:\Documents and Settings\Tim_2\Application Data\ATI
2008-04-01 16:04:08 0 d-------- C:\Documents and Settings\Tim_2\Application Data\Identities
2008-04-01 16:04:04 0 d-------- C:\Documents and Settings\Tim_2\Application Data\WTablet
2008-04-01 16:03:55 0 d--h----- C:\Documents and Settings\Tim_2\Templates
2008-04-01 16:03:55 0 dr------- C:\Documents and Settings\Tim_2\Start Menu
2008-04-01 16:03:55 0 dr-h----- C:\Documents and Settings\Tim_2\SendTo
2008-04-01 16:03:55 0 dr-h----- C:\Documents and Settings\Tim_2\Recent
2008-04-01 16:03:55 0 d--h----- C:\Documents and Settings\Tim_2\PrintHood
2008-04-01 16:03:55 1310720 --ah----- C:\Documents and Settings\Tim_2\NTUSER.DAT
2008-04-01 16:03:55 0 d--h----- C:\Documents and Settings\Tim_2\NetHood
2008-04-01 16:03:55 0 dr------- C:\Documents and Settings\Tim_2\My Documents
2008-04-01 16:03:55 0 d--h----- C:\Documents and Settings\Tim_2\Local Settings
2008-04-01 16:03:55 0 dr------- C:\Documents and Settings\Tim_2\Favorites
2008-04-01 16:03:55 0 d-------- C:\Documents and Settings\Tim_2\Desktop
2008-04-01 16:03:55 0 d---s---- C:\Documents and Settings\Tim_2\Cookies
2008-04-01 16:03:55 0 dr-h----- C:\Documents and Settings\Tim_2\Application Data
2008-04-01 16:03:55 0 d---s---- C:\Documents and Settings\Tim_2\Application Data\Microsoft
2008-04-01 16:03:55 0 d--h----- C:\Documents and Settings\Tim_2\Application Data\Gtek
2008-04-01 09:55:29 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-01 09:15:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-20 09:50:03 0 d-------- C:\Program Files\Eltima Software


-- Find3M Report ---------------------------------------------------------------

2008-04-08 10:41:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-07 12:12:33 0 d-------- C:\Program Files\MSN Messenger
2008-04-07 11:21:41 0 d-------- C:\Documents and Settings\tim\Application Data\Azureus
2008-04-07 09:29:10 0 d-------- C:\Documents and Settings\tim\Application Data\WTablet
2008-04-03 10:38:33 0 d-------- C:\Program Files\Flash Favorite
2008-04-03 10:28:09 0 d-------- C:\Program Files\AviSynth 2.5
2008-03-27 13:41:10 0 d-------- C:\Documents and Settings\tim\Application Data\Adobe
2008-03-20 10:03:29 0 d-------- C:\Program Files\Azureus
2008-03-13 16:11:06 0 d-------- C:\Documents and Settings\tim\Application Data\U3
2008-03-08 11:46:54 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-07 09:32:08 0 d-------- C:\Program Files\MSXML 6.0
2008-03-05 21:50:05 0 d-------- C:\Documents and Settings\tim\Application Data\Media Player Classic
2008-03-05 20:59:45 0 d-------- C:\Program Files\MSBuild
2008-03-05 20:55:02 0 d-------- C:\Program Files\Reference Assemblies
2008-03-05 19:38:20 0 d-------- C:\Program Files\Red Kawa
2008-03-03 19:56:13 0 d-------- C:\Program Files\Common Files
2008-03-03 19:56:13 0 d-------- C:\Program Files\Common Files\SourceTec
2008-03-03 19:56:12 0 d-------- C:\Program Files\SourceTec
2008-02-26 22:23:07 0 d-------- C:\Documents and Settings\tim\Application Data\Alien Skin
2008-02-19 01:21:09 0 d-------- C:\Program Files\SmartFTP Client
2008-01-15 15:43:16 356352 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [16/03/2007 06:10 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [08/03/2006 12:48 PM]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [21/12/2007 03:30 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" [20/12/2006 06:47 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [30/08/2007 05:43 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kaspersky Anti-Hacker.lnk - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe [04/08/2005 8:19:03 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioloDelayModule]
C:\Program Files\Iolo\System Mechanic Professional 6\delay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAVPersonal50]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TlntSvr"=3 (0x3)
"SharedAccess"=2 (0x2)
"mnmsrvc"=3 (0x3)
"iPod Service"=3 (0x3)
"btwdins"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"aawservice"=2 (0x2)
"wuauserv"=2 (0x2)
"VSS"=3 (0x3)
"TrkWks"=2 (0x2)
"SysmonLog"=3 (0x3)
"seclogon"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"MSDTC"=3 (0x3)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"CiSvc"=3 (0x3)
"BITS"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"SwPrv"=3 (0x3)
"RSVP"=3 (0x3)
"Netlogon"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"Browser"=2 (0x2)
"kavsvc"=2 (0x2)

*Newly Created Service* - SBAPIFS



-- End of Deckard's System Scanner: finished at 2008-04-08 17:10:32 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T7400 @ 2.16GHz
CPU 1: Intel® Core™2 CPU T7400 @ 2.16GHz
Percentage of Memory in Use: 29%
Physical Memory (total/avail): 2046.37 MiB / 1450.49 MiB
Pagefile Memory (total/avail): 3939.18 MiB / 3572.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.18 MiB

C: is Fixed (NTFS) - 137 GiB total, 77.74 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 6.14 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST9160821AS - 149.05 GiB - 4 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 - Installable File System - 10 GiB - D:
\PARTITION2 (bootable) - Installable File System - 137 GiB - C:
\PARTITION3 - Extended w/Extended Int 13 - 2048 MiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: iolo Personal Firewall® v1.1 (iolo technologies, LLC) Disabled
FW: Kaspersky Anti-Hacker v1.8.0.180 (Kaspersky Lab)
AV: Kaspersky Anti-Virus Personal v5.0.391 (Kaspersky Labs)
AV: iolo AntiVirus® v1.1 (iolo technologies, LLC) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"="C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Iolo\\System Mechanic Professional 7\\Personal Firewall\\ioloFW.exe"="C:\\Program Files\\Iolo\\System Mechanic Professional 7\\Personal Firewall\\ioloFW.exe:*:Enabled:iolo Firewall®"
"C:\\Program Files\\Iolo\\System Mechanic Professional 7\\AntiVirus\\ioloAV.exe"="C:\\Program Files\\Iolo\\System Mechanic Professional 7\\AntiVirus\\ioloAV.exe:*:Enabled:iolo AntiVirus®"
"C:\\Program Files\\Iolo\\System Mechanic Professional 7\\AntiVirus\\iAVEmailScanner.exe"="C:\\Program Files\\Iolo\\System Mechanic Professional 7\\AntiVirus\\iAVEmailScanner.exe:*:Enabled:iolo AntiVirus® Email Protection"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\tim\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TIMS-LAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\tim
LOGONSERVER=\\TIMS-LAPTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\tim\LOCALS~1\Temp
TMP=C:\DOCUME~1\tim\LOCALS~1\Temp
USERDOMAIN=TIMS-LAPTOP
USERNAME=tim
USERPROFILE=C:\Documents and Settings\tim
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

tim (admin)
Tim_2


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\setup.exe" -l0x9 anything
AcroChallenge 2.86 --> MsiExec.exe /X{FA3D29BC-9440-4CB4-993D-189543036C1E}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Illustrator CS --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Alien Skin Eye Candy 5 Impact --> C:\PROGRA~1\Adobe\PHOTOS~2\Plug-Ins\ALIENS~1\EYECAN~2\Unwise32.exe C:\PROGRA~1\Adobe\PHOTOS~2\Plug-Ins\ALIENS~1\EYECAN~2\INSTALL.LOG
Alien Skin Eye Candy 5 Nature --> C:\PROGRA~1\Adobe\PHOTOS~2\Plug-Ins\ALIENS~1\EYECAN~1\UNWISE.EXE C:\PROGRA~1\Adobe\PHOTOS~2\Plug-Ins\ALIENS~1\EYECAN~1\INSTALL.LOG
Alien Skin Eye Candy 5 Textures --> C:\PROGRA~1\Adobe\PHOTOS~2\Plug-Ins\ALIENS~1\EYECAN~3\UNWISE.EXE C:\PROGRA~1\Adobe\PHOTOS~2\Plug-Ins\ALIENS~1\EYECAN~3\INSTALL.LOG
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
ESPN Java Check --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://games.espn.go.com/s/flblm/07/livedraft/jws-check.jarjnlp"
Flash Decompiler Trillix --> "C:\Program Files\Eltima Software\Flash Decompiler Trillix\unins000.exe"
HijackThis 2.0.0 --> "C:\Documents and Settings\tim\Desktop\HijackThis.exe" /uninstall
iolo technologies' System Mechanic Professional 6 --> "C:\Program Files\iolo\System Mechanic Professional 6\UninstallSMPro.exe"
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
Kaspersky Anti-Hacker --> "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\uninstall.exe"
Kaspersky Anti-Virus Personal --> "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\uninstall.exe"
Magic DVD Ripper V5.2 --> "C:\Program Files\MagicDVDRipper\unins000.exe"
Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 6-9 Converter --> MsiExec.exe /X{172423F9-522A-483A-AD65-03600CE4CA4F}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
RegCure --> "C:\WINDOWS\RegCure\uninstall.exe" "/U:C:\Program Files\RegCure\Uninstall\uninstall.xml"
roguescanfix 1.5 --> "C:\Program Files\roguescanfix\unins000.exe"
Shortcuts Map 2.3 --> C:\Program Files\Shortcuts Map\uninst.exe
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
Sophos Anti-Rootkit 1.3.1 --> C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove
Sothink SWF Decompiler --> "C:\Program Files\SourceTec\Sothink SWF Decompiler\unins000.exe"
TrickOrScriptPlugins 2.1 --> C:\Program Files\TrickOrScriptPlugins\uninst.exe
Video Edit Magic 4 --> "C:\Program Files\Deskshare\Video Edit Magic 4.4\unins000.exe"
Videora iPod Converter 3.07 --> C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Wacom Tablet --> C:\Program Files\Tablet\Wacom\Remove.exe /u
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

No Errors/Warnings found.


-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

No Errors/Warnings found.


-- End of Deckard's System Scanner: finished at 2008-04-08 17:10:32 ------------

BC AdBot (Login to Remove)

 


#2 VWells

VWells
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 10 April 2008 - 12:53 PM

Nobody here is a Webwatcher expert?

#3 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 19 April 2008 - 03:34 PM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
As you can probably see our HijackThis Team is incredibly busy at the moment, but I apologise for the delay you have experienced. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:
Preparation Guide For Use Before Posting A HijackThis Log
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users