Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix & Hijackthis Logs


  • This topic is locked This topic is locked
2 replies to this topic

#1 Array

Array

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 26 August 2007 - 03:03 AM

Dumb adware wont go away so here are my logs thanks!

Spyware keeps finding this thing called advertising and casamedia i think thats the name, i keep removing them but after i scan again they are right back....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:56 AM, on 8/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
D:\Program Files\BroadJump\Client Foundation\CFD.exe
D:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\WINDOWS\system32\CTsvcCDA.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
D:\Program Files\Microsoft Windows OneCare Live\winss.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\SBC\Connection Manager\CManager.exe
D:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\WINDOWS\explorer.exe
D:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Overcast Recording\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BJCFD] D:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [OneCareUI] "D:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "D:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [DW4] "D:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [YSearchProtection] D:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Aim6] "D:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Connection Manager.lnk = D:\Program Files\SBC\Connection Manager\CManager.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://usfulfillment.puretracks.com/onager.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{442FD814-B388-441B-A0FA-5638B47A6E9F}: NameServer = 68.94.156.1 68.94.157.1
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6950 bytes





ComboFix 07-08-25.2 - "Overcast Recording" 2007-08-26 2:57:16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.726 [GMT -7:00]


((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 )))))))))))))))))))))))))))))))


2007-08-26 01:31 51,200 --a------ D:\WINDOWS\nircmd.exe
2007-08-25 06:39 81,024 --a------ D:\WINDOWS\system32\drivers\msfwdrv.sys
2007-08-25 06:39 67,784 --a------ D:\WINDOWS\system32\drivers\MpFilter.sys
2007-08-25 06:39 105,856 --a------ D:\WINDOWS\system32\drivers\msfwhlpr.sys
2007-08-25 06:38 <DIR> d--h----- D:\WINDOWS\$hf_mig$
2007-08-25 06:38 <DIR> d-------- D:\Program Files\MSXML 4.0
2007-08-25 06:32 <DIR> d-------- D:\Program Files\Microsoft Windows OneCare Live
2007-08-25 03:42 <DIR> d-------- D:\Program Files\Common Files\Scanner
2007-08-24 23:30 221,184 --a------ D:\WINDOWS\system32\wmpns.dll
2007-08-24 23:29 1,048,576 -ra------ D:\WINDOWS\system32\ROBOEX32.DLL
2007-08-24 23:29 <DIR> d-------- D:\Program Files\Ulead Systems
2007-08-24 23:28 69,632 --a------ D:\WINDOWS\system32\stv680sl.dll
2007-08-24 23:28 618,496 --a------ D:\WINDOWS\system32\stvcol.dll
2007-08-24 23:28 49,152 --a------ D:\WINDOWS\system32\stvscale.dll
2007-08-24 23:28 49,152 --a------ D:\WINDOWS\system32\STV680tg.dll
2007-08-24 23:28 245,760 --a------ D:\WINDOWS\system32\STV680u.dll
2007-08-24 23:28 113,072 --a------ D:\WINDOWS\system32\drivers\stv680.sys
2007-08-24 23:28 <DIR> d-------- D:\Program Files\Bell+Howell
2007-08-23 02:48 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
2007-08-22 23:11 <DIR> d-------- D:\Program Files\Microsoft Games
2007-08-19 21:20 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Screaming Bee
2007-08-19 01:08 <DIR> d-------- D:\DOCUME~1\OVERCA~1\APPLIC~1\Screaming Bee
2007-08-19 01:06 <DIR> d-------- D:\Program Files\Common Files\Screaming Bee
2007-08-18 19:04 <DIR> d-------- D:\Program Files\Screaming Bee
2007-08-16 16:12 <DIR> d-------- D:\Program Files\Viewpoint
2007-08-16 16:12 <DIR> d-------- D:\Program Files\Common Files\AOL
2007-08-16 16:12 <DIR> d-------- D:\DOCUME~1\OVERCA~1\APPLIC~1\acccore
2007-08-16 16:12 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-08-16 16:12 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-08-16 16:12 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-08-16 16:09 <DIR> d-------- D:\Program Files\AIM6
2007-08-16 16:07 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-08-12 18:48 <DIR> d-------- D:\Program Files\Vstplugins
2007-08-12 18:48 <DIR> d-------- D:\Program Files\Sony
2007-08-11 01:29 765,952 --a------ D:\WINDOWS\system32\xvidcore.dll
2007-08-11 01:29 180,224 --a------ D:\WINDOWS\system32\xvidvfw.dll
2007-08-11 01:29 <DIR> d-------- D:\Program Files\Xvid
2007-08-11 01:27 <DIR> d-------- D:\Program Files\J2K-Codec SDK
2007-08-11 00:53 <DIR> dr-h----- D:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!
2007-08-11 00:53 <DIR> d-------- D:\DOCUME~1\OVERCA~1\APPLIC~1\Yahoo!
2007-08-11 00:53 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-08-11 00:52 <DIR> d-------- D:\WINDOWS\cache
2007-08-09 22:55 <DIR> d-------- D:\DOCUME~1\OVERCA~1\APPLIC~1\Help
2007-08-05 11:25 <DIR> d-------- D:\Program Files\MSN Messenger
2007-08-05 11:24 <DIR> d-------- D:\Program Files\Windows Journal Viewer
2007-08-05 11:17 <DIR> d-------- D:\WINDOWS\system32\SoftwareDistribution
2007-08-05 10:25 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-08-04 19:45 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-08-04 19:02 <DIR> d-------- D:\Program Files\Bonjour
2007-08-04 18:57 <DIR> d-------- D:\Program Files\Common Files\Macrovision Shared
2007-07-26 23:09 <DIR> d-------- D:\Program Files\ImageForge3
2007-07-26 23:09 <DIR> d-------- D:\DOCUME~1\OVERCA~1\APPLIC~1\CursorArts


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-25 20:28 --------- d-------- D:\DOCUME~1\OVERCA~1\APPLIC~1\Smart Recorder
2007-08-25 20:28 --------- d-------- D:\DOCUME~1\OVERCA~1\APPLIC~1\Smart Recorder
2007-08-25 17:50 --------- d-------- D:\Program Files\BitTorrent
2007-08-25 03:42 --------- d-------- D:\Program Files\Yahoo!
2007-08-24 23:29 --------- d--h----- D:\Program Files\InstallShield Installation Information
2007-07-30 19:19 92504 --a------ D:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ D:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ D:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ D:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ D:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ D:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ D:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ D:\WINDOWS\system32\wups.dll
2007-07-20 22:15 --------- d-------- D:\Program Files\FLVPlayer
2007-07-20 19:26 --------- d-------- D:\Program Files\Common Files\NewSoft
2007-07-20 19:26 --------- d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Newsoft
2007-07-20 19:25 --------- d-------- D:\Program Files\NewSoft
2007-07-20 19:23 --------- d-------- D:\Program Files\Common Files\DSC303
2007-07-14 21:58 --------- d-------- D:\Program Files\The Weather Channel FW
2007-07-14 21:58 --------- d-------- D:\DOCUME~1\OVERCA~1\APPLIC~1\Real
2007-07-14 21:58 --------- d-------- D:\DOCUME~1\OVERCA~1\APPLIC~1\Real
2007-07-14 21:57 --------- d-------- D:\Program Files\Real
2007-07-14 21:57 --------- d-------- D:\Program Files\Common Files\xing shared
2007-07-14 21:57 --------- d-------- D:\Program Files\Common Files\Real
2007-07-14 14:51 --------- d-------- D:\DOCUME~1\OVERCA~1\APPLIC~1\GetRightToGo
2007-07-14 14:51 --------- d-------- D:\DOCUME~1\OVERCA~1\APPLIC~1\GetRightToGo
2007-07-14 14:50 --------- d-------- D:\DOCUME~1\OVERCA~1\APPLIC~1\WinRAR
2007-07-14 14:50 --------- d-------- D:\DOCUME~1\OVERCA~1\APPLIC~1\WinRAR
2007-07-14 14:10 --------- d-------- D:\DOCUME~1\OVERCA~1\APPLIC~1\BitTorrent
2007-07-14 14:10 --------- d-------- D:\DOCUME~1\OVERCA~1\APPLIC~1\BitTorrent
2007-07-14 12:04 --------- d-------- D:\Program Files\Common Files\Adobe Systems Shared
2007-07-13 21:16 --------- d-------- D:\DOCUME~1\OVERCA~1\APPLIC~1\Creative
2007-07-13 21:16 --------- d-------- D:\DOCUME~1\OVERCA~1\APPLIC~1\Creative
2007-07-13 20:49 --------- d-------- D:\Program Files\Kreatives.org
2007-07-13 16:23 8972 --a------ D:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2007-07-13 16:23 2378 --a------ D:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2007-07-12 18:02 --------- d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-12 16:13 --------- d-------- D:\Program Files\TellyAdder
2007-07-11 19:29 --------- d-------- D:\Program Files\Support.com
2007-07-11 19:29 --------- d-------- D:\Program Files\SBC
2007-07-11 19:28 --------- d-------- D:\Program Files\SBC Yahoo!
2007-07-11 19:28 --------- d-------- D:\Program Files\BroadJump
2007-07-11 19:28 --------- d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com
2007-07-11 18:32 --------- d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-07-11 18:07 --------- d-------- D:\Program Files\Creative
2007-07-11 18:03 --------- d-------- D:\Program Files\Common Files\InstallShield
2007-07-11 17:57 --------- d-------- D:\Program Files\NovaLogic
2007-07-11 17:50 --------- d-------- D:\Program Files\Realtek Sound Manager
2007-07-11 17:50 --------- d-------- D:\Program Files\Realtek AC97
2007-07-11 17:50 --------- d-------- D:\Program Files\AvRack
2007-07-10 20:39 --------- d-------- D:\Program Files\microsoft frontpage
2007-07-10 20:37 --------- d--h----- D:\Program Files\WindowsUpdate
2007-07-10 20:37 --------- d-------- D:\Program Files\Movie Maker
2007-07-10 20:37 --------- d-------- D:\Program Files\Common Files\MSSoap
2007-07-10 20:36 --------- d-------- D:\Program Files\Windows NT
2007-07-10 20:36 --------- d-------- D:\Program Files\Online Services
2007-07-10 20:36 --------- d-------- D:\Program Files\MSN Gaming Zone
2007-07-10 20:36 --------- d-------- D:\Program Files\Messenger
2007-07-10 13:10 --------- d-------- D:\Program Files\Common Files\SpeechEngines
2007-07-10 13:10 --------- d-------- D:\Program Files\Common Files\ODBC
1998-08-24 12:09 10000 --a------ D:\WINDOWS\inf\unregpn.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 00:00 D:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-10-10 18:56]
"nwiz"="nwiz.exe" [2006-10-10 18:56 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2006-10-10 18:56]
"CTSysVol"="D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 16:10]
"P17Helper"="P17.dll" [2005-05-02 20:38 D:\WINDOWS\system32\P17.dll]
"UpdReg"="D:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"BJCFD"="D:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"tgcmdprovidersbc"="c:\program files\support.com\bin\tgcmd.exe" []
"Adobe Photo Downloader"="D:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-14 21:57]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"OneCareUI"="D:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-08-02 10:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"Yahoo! Pager"="1" []
"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"BitTorrent"="D:\Program Files\BitTorrent\bittorrent.exe" []
"DW4"="D:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 07:51]
"YSearchProtection"="D:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-28 15:10]
"Aim6"="D:\Program Files\AIM6\aim6.exe" [2007-04-27 14:17]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpybotSnD"="D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

D:\DOCUME~1\OVERCA~1\STARTM~1\Programs\Startup\
Adobe Gamma.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Connection Manager.lnk - D:\Program Files\SBC\Connection Manager\CManager.exe [2007-07-11 19:29:09]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

R0 Achernar;Achernar - SCSI Command Filters;D:\WINDOWS\system32\Drivers\Achernar.sys
R1 MSFWHLPR;MSFWHLPR;D:\WINDOWS\system32\DRIVERS\msfwhlpr.sys
R2 MSFWDrv;MSFWDrv;D:\WINDOWS\system32\DRIVERS\msfwdrv.sys
R2 msfwsvc;OneCare Firewall;"D:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe"
R2 OneCareMP;OneCare AntiSpyware and AntiVirus;"D:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe"
R3 Aldebaran;Aldebaran - SCSI Command Filters;D:\WINDOWS\system32\Drivers\Aldebaran.sys
R3 MpFilter;Microsoft Malware Protection Driver;D:\WINDOWS\system32\DRIVERS\MpFilter.sys
R3 P17;Sound Blaster Audigy;D:\WINDOWS\system32\drivers\P17.sys
R3 SCREAMINGBDRIVER;Screaming Bee Audio;D:\WINDOWS\system32\drivers\ScreamingBAudio.sys
S2 Ca536av;FashionCam Video Camera Device;D:\WINDOWS\system32\Drivers\Ca536av.sys
S3 USBCamera;FashionCam Digital Still Camera Device;D:\WINDOWS\system32\Drivers\Bulk536.sys

*Newly Created Service* - CATCHME
*Newly Created Service* - MPFILTER
*Newly Created Service* - MSFWSVC
*Newly Created Service* - WINSS

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-26 02:58:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-26 2:58:34
D:\ComboFix-quarantined-files.txt ... 2007-08-26 02:58
D:\ComboFix2.txt ... 2007-08-26 01:36

--- E O F ---

BC AdBot (Login to Remove)

 


#2 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:43 AM

Posted 06 September 2007 - 08:24 AM

Hello and welcome to BC.

Sorry for the delay in getting to you. If you haven't received help elsewhere already and still need help, please post a fresh HijackThis log and I'll be happy to help you.

#3 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:43 AM

Posted 10 September 2007 - 06:07 PM

Due to lack of response, this thread will now be closed. If you need this topic reopened, please PM me with the address of the thread.and we will reopen it for you. This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users