Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Speed Slowdown, All Scans Come Clean


  • Please log in to reply
5 replies to this topic

#1 hbsteve

hbsteve

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 22 July 2007 - 12:52 PM

Hiya all... hope someone can help out :flowers:
win xp, sp2, all microsoft updates installed

Usually run a very tight ship and run Avast & Counterspy for the most part...
one thing that does throw a red flag and the ONLY thing i found that shows a problem is avast outgoing email scan logo.. constantly on showing mail going to all sorts of addr's germany, china, everywhere... so hopefully this is the reason for this internet connection problem :thumbsup:

Anyways, norton, aol, avast, windows security, and well every other tool i have, panda, mcaffee, blacklight, spybot, counterspy, ccleaner, adaware, cureit, sasserfix, killbox, vundofix.. all come up clean

Avast found a false positive on panda's pskavs.dll... avast cleaned a win32:ctx constrat-bf[trj]... oh and blacklight did find a system32:lzx32sys

Anyways... other things that I get are the "services and controller app has encountered a problem and needs to close...", and the system shutdown popup"This system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT Authority\system" then like a minute til shutdown.... Well Perhaps something I did stopped the services and controller error popup, and from another forum found a bandaid to the shutdown... (open up command line, and type "shutdown -a"... seems to work for now

Here is Hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 10:14:46 AM, on 7/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\DOCUME~1\Steve\LOCALS~1\Temp\Rar$EX00.063\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl05c\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SBCSTray] "C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] "C:\Program Files\MySpace\IM\MySpaceIM.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [FFTI] "C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\szo7qj31.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles/szo7qj31.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168280234046
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winxtx32 - winxtx32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

BC AdBot (Login to Remove)

 


#2 hbsteve

hbsteve
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 22 July 2007 - 01:19 PM

From another post, I tried out SuperAntiSpyware prg... did scan
and found same that spysweeper/blacklight found... the rkrustok (system32:lzx32.sys)
so going to reboot now and try again.. (the background emailing is still continuing though) :thumbsup:

#3 hbsteve

hbsteve
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 22 July 2007 - 01:58 PM

After restart perhaps the emailing has stopped.. havent seen it kick on...

also just ran combofix but it had alot of errors... perhaps due to my antispyware prgs running.. ill try shutting them down and running again... here is it's log:

"Steve" - 2007-07-22 11:45:14 - ComboFix 07-07-14.6 - Service Pack 2 NTFS

Rootkit driver pe386 is present. ... attempting disinfection
pe386 ...... driver unloaded successfully.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\hosts


((((((((((((((((((((((((( Files Created from 2007-06-22 to 2007-07-22 )))))))))))))))))))))))))))))))


2007-07-22 11:38 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-22 10:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-22 10:58 <DIR> d-------- C:\DOCUME~1\Steve\APPLIC~1\SUPERAntiSpyware.com
2007-07-22 10:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-22 09:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-21 22:14 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-07-21 21:55 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-07-21 21:55 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-07-21 21:55 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-07-21 21:55 160,056 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-07-21 21:55 1,520,952 --a------ C:\WINDOWS\WRSetup.dll
2007-07-21 21:55 <DIR> d-------- C:\Program Files\Webroot
2007-07-21 21:55 <DIR> d-------- C:\DOCUME~1\Steve\APPLIC~1\Webroot
2007-07-21 21:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-07-21 21:49 164 --a------ C:\install.dat
2007-07-20 09:36 524,288 --ah----- C:\DOCUME~1\ADMINI~1.DEL\NTUSER.DAT
2007-07-18 07:19 <DIR> d-------- C:\Program Files\MSBuild
2007-07-18 07:13 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-07-18 07:11 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-07-18 07:10 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-07-18 07:09 <DIR> d-------- C:\3be838bd63cb4741afeedaa6
2007-07-18 07:07 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-07-18 07:07 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-07-18 07:07 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-07-17 01:18 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-07-17 01:18 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-17 01:18 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-17 01:18 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-17 01:18 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-17 01:18 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-17 01:18 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-17 00:54 <DIR> d-------- C:\WINDOWS\system32\Panda Software
2007-07-12 03:02 <DIR> d-------- C:\Program Files\Yahoo Pal
2007-07-05 11:56 <DIR> d-------- C:\DOCUME~1\Steve\APPLIC~1\My Battle for Middle-earth Files
2007-07-05 08:53 <DIR> d-------- C:\Program Files\MSN Messenger
2007-07-05 08:53 <DIR> d-------- C:\DOCUME~1\Steve\Contacts
2007-07-03 09:01 <DIR> d-------- C:\DOCUME~1\Steve\APPLIC~1\Google
2007-07-02 08:24 98,304 -ra------ C:\WINDOWS\system32\ATR062xLUSB.dll
2007-07-02 08:24 98,304 --a------ C:\WINDOWS\ATR062xLUSB.dll
2007-07-02 08:24 69,632 --a------ C:\WINDOWS\system32\FTD2XX.dll
2007-07-02 08:24 69,632 --a------ C:\WINDOWS\FTD2XX.dll
2007-07-02 08:24 640,512 --a------ C:\WINDOWS\system32\OC30.DLL
2007-07-02 08:24 57,404 --a------ C:\WINDOWS\system32\drivers\ftser2k.sys
2007-07-02 08:24 56,031 --a------ C:\WINDOWS\system32\drivers\FTCSER2K.SYS
2007-07-02 08:24 51,821 --a------ C:\WINDOWS\system32\ftserui2.dll
2007-07-02 08:24 51,821 --a------ C:\WINDOWS\ftserui2.dll
2007-07-02 08:24 48,625 --a------ C:\WINDOWS\system32\FTCSUI2.DLL
2007-07-02 08:24 48,625 --a------ C:\WINDOWS\FTCSUI2.DLL
2007-07-02 08:24 46,592 --a------ C:\WINDOWS\system32\libusb0.dll
2007-07-02 08:24 46,592 --a------ C:\WINDOWS\libusb0.dll
2007-07-02 08:24 43,058 --a------ C:\WINDOWS\system32\drivers\FTCUSB.SYS
2007-07-02 08:24 414,208 --a------ C:\WINDOWS\system32\lasunin.exe
2007-07-02 08:24 414,208 --a------ C:\WINDOWS\system32\FTDIUNIN.EXE
2007-07-02 08:24 414,208 --a------ C:\WINDOWS\system32\ftcunin.exe
2007-07-02 08:24 414,208 --a------ C:\WINDOWS\lasunin.exe
2007-07-02 08:24 414,208 --a------ C:\WINDOWS\FTDIUNIN.EXE
2007-07-02 08:24 414,208 --a------ C:\WINDOWS\ftcunin.exe
2007-07-02 08:24 36,864 --a------ C:\WINDOWS\system32\FTLang.dll
2007-07-02 08:24 36,864 --a------ C:\WINDOWS\FTLang.dll
2007-07-02 08:24 33,792 --a------ C:\WINDOWS\system32\drivers\libusb0.sys
2007-07-02 08:24 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2007-07-02 08:24 25,316 --a------ C:\WINDOWS\system32\drivers\FTCSENUM.SYS
2007-07-02 08:24 24,209 --a------ C:\WINDOWS\system32\drivers\ftdibus.sys
2007-07-02 08:24 22,592 --a------ C:\WINDOWS\system32\FTCSUI.DLL
2007-07-02 08:24 22,592 --a------ C:\WINDOWS\FTCSUI.DLL
2007-07-02 08:24 <DIR> d-------- C:\Program Files\LandAirSea Systems
2007-06-29 20:49 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-06-29 20:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-06-28 07:19 <DIR> d-------- C:\Program Files\PDF reDirect
2007-06-28 07:19 <DIR> d-------- C:\DOCUME~1\Steve\APPLIC~1\PDF reDirect
2007-06-24 17:23 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-24 17:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-22 18:42:00 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2007-07-22 17:57:08 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-07-21 02:28:47 -------- d-----w C:\Program Files\Windows Live Safety Center
2007-07-17 07:55:32 4,676 ----a-w C:\WINDOWS\mozver.dat
2007-07-14 06:36:20 -------- d-----w C:\Program Files\iTunes
2007-07-14 06:36:10 -------- d-----w C:\Program Files\iPod
2007-07-14 06:31:43 -------- d-----w C:\Program Files\QuickTime
2007-07-06 14:49:43 -------- d-----w C:\DOCUME~1\Steve\APPLIC~1\Skype
2007-07-05 18:43:50 -------- d-----w C:\Program Files\EA GAMES
2007-07-03 16:01:52 -------- d-----w C:\Program Files\Google
2007-06-11 02:39:23 22,584 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-06-11 02:38:20 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-06-10 18:22:09 63,040 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-06-04 22:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 22:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 22:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-02 23:29:41 -------- d-----w C:\Program Files\Timeline Interactive
2007-05-26 14:50:17 -------- d-----w C:\Program Files\Debugging Tools for Windows
2007-05-21 19:53:45 1,040,384 ----a-w C:\WINDOWS\system32\libeay32.dll
2007-05-21 19:53:42 196,608 ----a-w C:\WINDOWS\system32\ssleay32.dll
2007-05-21 17:19:42 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-21 17:18:56 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-05-21 17:18:56 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-11 01:36:20 64,976 ----a-w C:\WINDOWS\system32\PDFreDirectMonNT.dll
2007-05-08 09:00:01 0 ----a-w C:\WINDOWS\system32\SBRC.dat
2007-05-08 09:00:01 0 ----a-w C:\WINDOWS\system32\SBFC.dat
2007-05-07 00:13:36 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-05-07 00:04:49 46 ----a-w C:\WINDOWS\system32\DonationCoder_urlsnooper_InstallInfo.dat
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-03-09 07:12:32 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-10-31 16:29 198136 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05c\BrStDvPt.exe" [2005-01-26 19:02]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-11-11 19:30]
"nwiz"="nwiz.exe" [2005-05-12 01:34 C:\WINDOWS\system32\nwiz.exe]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-11 20:48]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe" [2007-03-09 10:31]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-20 09:59]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 08:42]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-06-21 18:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 06:56]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 18:34]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 18:16]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FFTI"="C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\szo7qj31.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles/szo7qj31.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll --a------ 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winxtx32]
winxtx32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SBCSSvc]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]


Contents of the 'Scheduled Tasks' folder
2007-07-20 20:37:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-22 05:14:14 C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-22 11:53:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SBAPIFS]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\sbapifs.sys"

Completion time: 2007-07-22 11:53:44
C:\ComboFix-quarantined-files.txt ... 2007-07-22 11:53

--- E O F ---

#4 hbsteve

hbsteve
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 22 July 2007 - 02:04 PM

this time was much quicker... still gave could not find path error..?


"Steve" - 2007-07-22 12:00:49 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-22 to 2007-07-22 )))))))))))))))))))))))))))))))


2007-07-22 11:38 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-22 10:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-22 10:58 <DIR> d-------- C:\DOCUME~1\Steve\APPLIC~1\SUPERAntiSpyware.com
2007-07-22 10:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-22 09:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-21 22:14 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-07-21 21:55 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-07-21 21:55 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-07-21 21:55 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-07-21 21:55 160,056 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-07-21 21:55 1,520,952 --a------ C:\WINDOWS\WRSetup.dll
2007-07-21 21:55 <DIR> d-------- C:\Program Files\Webroot
2007-07-21 21:55 <DIR> d-------- C:\DOCUME~1\Steve\APPLIC~1\Webroot
2007-07-21 21:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-07-21 21:49 164 --a------ C:\install.dat
2007-07-20 09:36 524,288 --ah----- C:\DOCUME~1\ADMINI~1.DEL\NTUSER.DAT
2007-07-18 07:19 <DIR> d-------- C:\Program Files\MSBuild
2007-07-18 07:13 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-07-18 07:11 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-07-18 07:10 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-07-18 07:09 <DIR> d-------- C:\3be838bd63cb4741afeedaa6
2007-07-18 07:07 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-07-18 07:07 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-07-18 07:07 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-07-17 01:18 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-07-17 01:18 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-17 01:18 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-17 01:18 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-17 01:18 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-17 01:18 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-17 01:18 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-17 00:54 <DIR> d-------- C:\WINDOWS\system32\Panda Software
2007-07-12 03:02 <DIR> d-------- C:\Program Files\Yahoo Pal
2007-07-05 11:56 <DIR> d-------- C:\DOCUME~1\Steve\APPLIC~1\My Battle for Middle-earth Files
2007-07-05 08:53 <DIR> d-------- C:\Program Files\MSN Messenger
2007-07-05 08:53 <DIR> d-------- C:\DOCUME~1\Steve\Contacts
2007-07-03 09:01 <DIR> d-------- C:\DOCUME~1\Steve\APPLIC~1\Google
2007-07-02 08:24 98,304 -ra------ C:\WINDOWS\system32\ATR062xLUSB.dll
2007-07-02 08:24 98,304 --a------ C:\WINDOWS\ATR062xLUSB.dll
2007-07-02 08:24 69,632 --a------ C:\WINDOWS\system32\FTD2XX.dll
2007-07-02 08:24 69,632 --a------ C:\WINDOWS\FTD2XX.dll
2007-07-02 08:24 640,512 --a------ C:\WINDOWS\system32\OC30.DLL
2007-07-02 08:24 57,404 --a------ C:\WINDOWS\system32\drivers\ftser2k.sys
2007-07-02 08:24 56,031 --a------ C:\WINDOWS\system32\drivers\FTCSER2K.SYS
2007-07-02 08:24 51,821 --a------ C:\WINDOWS\system32\ftserui2.dll
2007-07-02 08:24 51,821 --a------ C:\WINDOWS\ftserui2.dll
2007-07-02 08:24 48,625 --a------ C:\WINDOWS\system32\FTCSUI2.DLL
2007-07-02 08:24 48,625 --a------ C:\WINDOWS\FTCSUI2.DLL
2007-07-02 08:24 46,592 --a------ C:\WINDOWS\system32\libusb0.dll
2007-07-02 08:24 46,592 --a------ C:\WINDOWS\libusb0.dll
2007-07-02 08:24 43,058 --a------ C:\WINDOWS\system32\drivers\FTCUSB.SYS
2007-07-02 08:24 414,208 --a------ C:\WINDOWS\system32\lasunin.exe
2007-07-02 08:24 414,208 --a------ C:\WINDOWS\system32\FTDIUNIN.EXE
2007-07-02 08:24 414,208 --a------ C:\WINDOWS\system32\ftcunin.exe
2007-07-02 08:24 414,208 --a------ C:\WINDOWS\lasunin.exe
2007-07-02 08:24 414,208 --a------ C:\WINDOWS\FTDIUNIN.EXE
2007-07-02 08:24 414,208 --a------ C:\WINDOWS\ftcunin.exe
2007-07-02 08:24 36,864 --a------ C:\WINDOWS\system32\FTLang.dll
2007-07-02 08:24 36,864 --a------ C:\WINDOWS\FTLang.dll
2007-07-02 08:24 33,792 --a------ C:\WINDOWS\system32\drivers\libusb0.sys
2007-07-02 08:24 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2007-07-02 08:24 25,316 --a------ C:\WINDOWS\system32\drivers\FTCSENUM.SYS
2007-07-02 08:24 24,209 --a------ C:\WINDOWS\system32\drivers\ftdibus.sys
2007-07-02 08:24 22,592 --a------ C:\WINDOWS\system32\FTCSUI.DLL
2007-07-02 08:24 22,592 --a------ C:\WINDOWS\FTCSUI.DLL
2007-07-02 08:24 <DIR> d-------- C:\Program Files\LandAirSea Systems
2007-06-29 20:49 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-06-29 20:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-06-28 07:19 <DIR> d-------- C:\Program Files\PDF reDirect
2007-06-28 07:19 <DIR> d-------- C:\DOCUME~1\Steve\APPLIC~1\PDF reDirect
2007-06-24 17:23 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-24 17:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-22 18:42:00 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2007-07-22 17:57:08 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-07-21 02:28:47 -------- d-----w C:\Program Files\Windows Live Safety Center
2007-07-17 07:55:32 4,676 ----a-w C:\WINDOWS\mozver.dat
2007-07-14 06:36:20 -------- d-----w C:\Program Files\iTunes
2007-07-14 06:36:10 -------- d-----w C:\Program Files\iPod
2007-07-14 06:31:43 -------- d-----w C:\Program Files\QuickTime
2007-07-06 14:49:43 -------- d-----w C:\DOCUME~1\Steve\APPLIC~1\Skype
2007-07-05 18:43:50 -------- d-----w C:\Program Files\EA GAMES
2007-07-03 16:01:52 -------- d-----w C:\Program Files\Google
2007-06-11 02:39:23 22,584 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-06-11 02:38:20 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-06-10 18:22:09 63,040 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-06-04 22:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 22:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 22:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-02 23:29:41 -------- d-----w C:\Program Files\Timeline Interactive
2007-05-26 14:50:17 -------- d-----w C:\Program Files\Debugging Tools for Windows
2007-05-21 19:53:45 1,040,384 ----a-w C:\WINDOWS\system32\libeay32.dll
2007-05-21 19:53:42 196,608 ----a-w C:\WINDOWS\system32\ssleay32.dll
2007-05-21 17:19:42 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-21 17:18:56 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-05-21 17:18:56 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-11 01:36:20 64,976 ----a-w C:\WINDOWS\system32\PDFreDirectMonNT.dll
2007-05-08 09:00:01 0 ----a-w C:\WINDOWS\system32\SBRC.dat
2007-05-08 09:00:01 0 ----a-w C:\WINDOWS\system32\SBFC.dat
2007-05-07 00:13:36 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-05-07 00:04:49 46 ----a-w C:\WINDOWS\system32\DonationCoder_urlsnooper_InstallInfo.dat
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-03-09 07:12:32 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-10-31 16:29 198136 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05c\BrStDvPt.exe" [2005-01-26 19:02]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-11-11 19:30]
"nwiz"="nwiz.exe" [2005-05-12 01:34 C:\WINDOWS\system32\nwiz.exe]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-11 20:48]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe" [2007-03-09 10:31]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-20 09:59]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 08:42]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-06-21 18:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 06:56]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 18:34]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 18:16]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FFTI"="C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\szo7qj31.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles/szo7qj31.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll --a------ 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winxtx32]
winxtx32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SBCSSvc]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-07-20 20:37:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-22 05:14:14 C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-22 12:01:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-22 12:02:03
C:\ComboFix-quarantined-files.txt ... 2007-07-22 12:02
C:\ComboFix2.txt ... 2007-07-22 11:53

--- E O F ---

#5 hbsteve

hbsteve
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 23 July 2007 - 12:53 AM

wow i've fallen 4 pages back with no replies? Even though may have fixed myself, does anyone see anything?

#6 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:55 PM

Posted 05 August 2007 - 01:23 PM

Hi hbsteve, :flowers:

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

A new version of HijackThis has now been released, so before you repost your log please download and install the new version by following the instructions in Step 9 of the Preparation Guide For Use Before Posting A Hijackthis Log. Note that it is unnecessary to uninstall the old version because the new one will be copied to a different folder.

Thanks for your patience! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users