Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Is Infected Log


  • Please log in to reply
19 replies to this topic

#1 Dyllan

Dyllan

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 24 October 2007 - 09:07 PM

Hey here is my Hijack This log that one of you suggested I post up- from the "Am I infected- What do I do?" My topic is "Computer is Infected":
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:57 PM, on 10/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\America Online 9.0a\aolwbspd.exe
C:\Program Files\Common Files\AOL\1187332776\ee\aolsoftware.exe
C:\DOCUME~1\DYLLAN~1\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis.zip\HijackThis.exe

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BF48F52-B9BF-4D08-B90A-3E0B9A172152}: NameServer = 66.174.92.14 66.174.95.44
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2529489-B7FB-4D49-ADD0-BBBAE2326DF7}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BF48F52-B9BF-4D08-B90A-3E0B9A172152}: NameServer = 66.174.92.14 66.174.95.44
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8713 bytes

BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:06:02 PM

Posted 26 October 2007 - 03:25 PM

Hi Dyllan, I will be handling your log and helping you to get cleaned up.

Please take note of the following:

1. Please do not make any system changes yet. as any changes you make may well alter your log.
2. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
3. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
4. Please reply to this thread. Do not start a new topic.

Firstly....
you are running a zip version of Hjt from a temp folder, please uninstall this version and download the self extracting version from here:
HJTInstall.exe
Save HJTInstall.exe to your desktop.

Double-click the file then click the Install button.

The file will be extracted to C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
A shortcut for future use will also be created on your desktop and the Intro Frame of HijackThis will open.

Click Do a system scan and save a log file. Copy the entire contents of that log and post it here by clicking the Add Reply button.

Please use the shortcut to run the extracted HijackThis.exe from now on.

We need to know that any backups we make will be secure. This is why we need the other version installed in the correct directory.
Then post back a new Hjt log for me please.
Thx

Starbuck

Edited by Starbuck, 26 October 2007 - 03:53 PM.

BBPP6nz.png


#3 Dyllan

Dyllan
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 26 October 2007 - 06:41 PM

Okay, well right after I posted my 1st log, I read that Norton tends to slow the internet down. And since I alrady had SAS, I figured that with both of them, it might also be causing my computer to slow down. So I uninstalled all my Norton/Symantec products. Also, I noticed that I had 2 remaining McAfee products, and I had tried to uninstall them, but one did not uninstall; O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
I also updated my out of date Java. So Norton will be missing from the log, one McAfee product, and the Java wil be "Java Runtime Environment (JRE) 6 Update 3".
Oh and just a side note, my Verizon Internet card started out with one connection option. Then shortly after I installed Video ActiveX (what caused all this), a new connection option was aded (Dial-up Connection), but the last couple of days, my internet connection has been being cut off, and just a few minutes ago, when it disconnected, that option was deleted. Not sure if it is significant, but I found it suspicious.

Here is my HiJackThis log, and sorry about the changes, I didn't know I shouldn't make any changes:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:42:05 PM, on 10/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0a\aolwbspd.exe
C:\Program Files\Common Files\AOL\1187332776\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193430912468
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BF48F52-B9BF-4D08-B90A-3E0B9A172152}: NameServer = 66.174.92.14 66.174.95.44
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2529489-B7FB-4D49-ADD0-BBBAE2326DF7}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BF48F52-B9BF-4D08-B90A-3E0B9A172152}: NameServer = 66.174.92.14 66.174.95.44
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6250 bytes

Sorry about the inconvienence.

#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:06:02 PM

Posted 27 October 2007 - 02:36 AM

Hi Dyllan

So I uninstalled all my Norton/Symantec products

You have now uninstalled your Anti Virus program!
SAS is not the same........... it's an anti malware program.
You shouldn't be running your pc with no Anti Virus installed.
Please install an Anti Virus program immediately.

If you prefer a 'free' Anti Virus program instead of 'Norton',
you can choose one from the list below:

BBPP6nz.png


#5 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:06:02 PM

Posted 28 October 2007 - 04:04 AM

Hi Dyllan,

Please download ComboFix
and save it to your 'Desktop'.

**Note: It is important that it is saved directly to your desktop**

Now:
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
These can be re-enabled once Combofix has finished.

Double click combofix.exe and follow the prompts.
When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. This may cause it to stall

I would also like to see an uninstall list:
Run HijackThis... click on Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save..... copy and paste the results in your next post.
More information with a screenshot, can be found here.

In your next reply. please post:
Combofix log
The uninstall list
and a new HJT log.
Thx

BBPP6nz.png


#6 Dyllan

Dyllan
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 29 October 2007 - 12:56 AM

Here's the ComboFix Log (before I installed the anti-virus):
ComboFix 07-10-28.2 - Dyllan Vangemert 2007-10-28 22:47:40.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.650 [GMT -5:00]
Running from: C:\Documents and Settings\Dyllan Vangemert\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-29 )))))))))))))))))))))))))))))))
.

2007-10-28 21:28 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-26 23:33 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-26 17:14 <DIR> d-------- C:\Documents and Settings\Dyllan Vangemert\Application Data\Comodo
2007-10-26 17:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-10-26 17:02 <DIR> d-------- C:\Program Files\Comodo
2007-10-26 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-10-25 18:28 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-24 15:17 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-10-17 23:04 <DIR> d-------- C:\Documents and Settings\Dyllan Vangemert\Application Data\wsInspector
2007-10-17 22:54 <DIR> d-------- C:\Program Files\Startup Inspector for Windows
2007-10-10 20:05 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-10-10 19:58 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-10 00:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-10 00:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-10 00:04 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-10 00:04 <DIR> d-------- C:\Documents and Settings\Dyllan Vangemert\Application Data\SUPERAntiSpyware.com
2007-10-08 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-08 22:26 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-08 21:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-08 01:44 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-08 01:44 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-08 01:44 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-08 01:20 <DIR> d-------- C:\Documents and Settings\Dyllan Vangemert\Application Data\McAfee
2007-10-07 22:49 <DIR> d-------- C:\mcafee_mcpr
2007-10-07 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-06 01:08 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-05 22:41 <DIR> d-------- C:\Program Files\CONEXANT
2007-10-05 17:23 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-05 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-05 17:14 <DIR> d-------- C:\Documents and Settings\Dyllan Vangemert\Application Data\Viewpoint
2007-10-05 17:03 <DIR> d-------- C:\Program Files\AdwareAlert
2007-10-05 17:03 <DIR> d-------- C:\Documents and Settings\Dyllan Vangemert\Application Data\AdwareAlert
2007-10-05 00:39 <DIR> d-------- C:\Documents and Settings\Dyllan Vangemert\Application Data\SpywareBot
2007-10-04 22:51 <DIR> d-------- C:\Program Files\STOPzilla!
2007-10-04 22:51 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-10-04 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-10-04 01:46 2,408 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-04 01:28 <DIR> d-------- C:\Documents and Settings\Dyllan Vangemert\Application Data\ErrorSmart
2007-10-04 00:34 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-04 00:25 <DIR> d---s---- C:\Documents and Settings\Dyllan Vangemert\UserData
2007-10-03 23:33 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-10-03 23:00 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-03 22:35 <DIR> d-------- C:\Program Files\Universal

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-25 23:28 --------- d-----w C:\Program Files\Java
2007-10-25 23:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-25 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-24 20:16 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-22 04:43 --------- d-----w C:\Program Files\MUSICMATCH
2007-10-22 04:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-11 23:06 --------- d-----w C:\Program Files\Sonic
2007-10-11 02:40 --------- d-----w C:\Program Files\Common Files\AOL
2007-10-06 02:24 --------- d-----w C:\Program Files\CyberLink
2007-10-06 02:22 --------- d-----w C:\Documents and Settings\Dyllan Vangemert\Application Data\CyberLink
2007-10-05 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-05 03:53 1,024 ----a-w C:\WINDOWS\system32\drivers\A1F911DF-87A7-4810-8006-408A84D81E54.cxv
2007-09-15 03:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2007-09-14 22:16 --------- d-----w C:\Program Files\PANTECH
2007-08-22 12:55 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 12:55 665,600 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 12:55 617,984 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 12:55 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 12:55 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 12:55 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 12:55 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 12:55 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 12:55 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 12:55 3,064,832 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 12:55 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 12:55 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 12:55 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 12:55 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 12:55 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 12:55 1,498,112 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 12:55 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 12:55 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:19 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-31 00:18 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\Dyllan Vangemert\Start Menu\Programs\Startup\
VZAccess Manager.lnk - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2006-10-24 18:41:10]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0a\aoltray.exe [2006-03-18 19:28:28]
AOL Companion.lnk - C:\Program Files\AOL Companion\companion.exe [2005-12-14 02:27:29]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

R3 PTDCBus;PANTECH PC Card Composite Device Driver (UDP);C:\WINDOWS\system32\DRIVERS\PTDCBus.sys
R3 PTDCMdm;PANTECH PC Card Drivers (UDP);C:\WINDOWS\system32\DRIVERS\PTDCMdm.sys
R3 PTDCVsp;PANTECH PC Card Diagnostic Serial Port (UDP);C:\WINDOWS\system32\DRIVERS\PTDCVsp.sys
R3 SMNDIS5;SMNDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS
S3 kwkxusb;Kyocera CDMA Wireless Modem Driver;C:\WINDOWS\system32\DRIVERS\kwusb2k.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-05 22:03:37 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
"2007-10-04 22:22:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-06 02:04:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.exe
"2007-10-10 01:55:55 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.exe
"2007-10-29 03:47:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 22:49:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-28 22:49:50
C:\ComboFix-quarantined-files.txt ... 2007-10-08 21:11
C:\ComboFix2.txt ... 2007-10-28 22:39
C:\ComboFix3.txt ... 2007-10-08 21:11
.
--- E O F ---

#7 Dyllan

Dyllan
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 29 October 2007 - 01:07 AM

Here's the Uninstall list:

Adobe Flash Player 9 ActiveX
ALPS Touch Pad Driver
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
Apple Software Update
Broadcom Management Programs 2
Conexant D110 MDC V.9x Modem
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
DellSupport
Digital Content Portal
Digital Line Detect
EarthLink setup files
Get High Speed Internet!
HijackThis 2.0.2
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
Intel® Graphics Media Accelerator Driver for Mobile
Intel® PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
iPod for Windows User Guide
iPod System Software Updater 2.1
iTunes
Java™ 6 Update 3
Learn2 Player (Uninstall Only)
mCore
mDrWiFi
mHlpDell
Microsoft Office Basic Edition 2003
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
mSSO
mToolkit
mWlsSafe
mXML
mZConfig
NetWaiting
NetZeroInstallers
OCR Software by I.R.I.S 7.0
PANTECH PC Card Software
PaperPort 8.0 SE
QuickBooks Simple Start Special Edition
QuickSet
QuickTime
RealPlayer Basic
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
SUPERAntiSpyware Free Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Viewpoint Media Player
VZAccess Manager
WebCyberCoach 3.2 Dell
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
World Class Poker

#8 Dyllan

Dyllan
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 29 October 2007 - 01:35 AM

And here's the HiJackThis Log (after installing Avast):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:42 PM, on 10/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\America Online 9.0a\aolwbspd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\AOL\1187332776\ee\aolsoftware.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193430912468
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BF48F52-B9BF-4D08-B90A-3E0B9A172152}: NameServer = 66.174.92.14 66.174.95.44
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2529489-B7FB-4D49-ADD0-BBBAE2326DF7}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BF48F52-B9BF-4D08-B90A-3E0B9A172152}: NameServer = 66.174.92.14 66.174.95.44
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7023 bytes

Also, whenever I start up my computer, after it gets running, something comes up and says that it is preparing to install "Photo Gallery". If I press cancel right away, it doesn't do it again. But if I don't press it right away, I have to press cancel like 20 times for it to stop. What should I do for a firewall, should I just leave my firewall as the Windows firewall that my computer started with?

Edited by Dyllan, 29 October 2007 - 08:04 PM.


#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:06:02 PM

Posted 29 October 2007 - 07:46 PM

Hi Dyllan,

Now that you have sorted your Anti-Virus out.... let's sort your firewall out:
The XP firewall does a good job of monitoring, examining and blocking inbound traffic but makes no attempt to filter or block outbound traffic like most 3rd-party personal firewalls.
If you want a good 'free' 3rd party firewall.... choose one of the suggestions below:

Zone Alarm Firewall
Comodo Free Firewall
Online Armor Free Firewall

After installing one of these firewalls, make sure that the 'windows firewall' is switched off.

something comes up and says that it is preparing to install "Photo Album"

Can you tell me exactly what the message says.... does it say what program is trying to install 'Photo Album'?

Please give me some time to go over the logs and i'll get back to you as soon as possible.

Edited by Starbuck, 29 October 2007 - 07:48 PM.

BBPP6nz.png


#10 Dyllan

Dyllan
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 29 October 2007 - 07:49 PM

Okay, I am installing Comodo Firewall. Thanks, let me know.

#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:06:02 PM

Posted 30 October 2007 - 11:46 AM

Hi Dyllan

You are running an old version of 'ComboFix' ....
please uninstall the version on your system.
You can do this by
Clicking on Start ...then run ... and type in combofix /u (there is a gap between x and /) Then press the enter key.

Then please follow the instructions in my earlier post and download and run the newer version.
When ComboFix has completed, please post the new log report back to me.

Starbuck

BBPP6nz.png


#12 Dyllan

Dyllan
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 30 October 2007 - 06:19 PM

Oh, I thought I used your link last time. Oh well, I uninstalled ComboFix and then reinstalled it using the link above.

ComboFix 07-10-29.1 - Dyllan Vangemert 2007-10-30 16:11:14.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.493 [GMT -5:00]
Running from: C:\Documents and Settings\Dyllan Vangemert\Local Settings\Temporary Internet Files\Content.IE5\XDWCS2O4\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-30 )))))))))))))))))))))))))))))))
.

2007-10-28 23:06 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-10-28 23:06 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-28 23:06 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-28 23:06 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-28 23:06 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-28 23:06 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-28 23:05 <DIR> d-------- C:\Program Files\Alwil Software
2007-10-28 23:05 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-28 21:28 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-26 23:33 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-26 17:14 <DIR> d-------- C:\Documents and Settings\Dyllan Vangemert\Application Data\Comodo
2007-10-26 17:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-10-26 17:02 <DIR> d-------- C:\Program Files\Comodo
2007-10-26 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-10-25 18:28 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-24 15:17 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-10-17 23:04 <DIR> d-------- C:\Documents and Settings\Dyllan Vangemert\Application Data\wsInspector
2007-10-17 22:54 <DIR> d-------- C:\Program Files\Startup Inspector for Windows
2007-10-10 20:05 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-10-10 19:58 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-10 00:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-10 00:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-10 00:04 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-10 00:04 <DIR> d-------- C:\Documents and Settings\Dyllan Vangemert\Application Data\SUPERAntiSpyware.com
2007-10-08 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-08 22:26 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-08 21:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-08 01:44 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-08 01:44 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-08 01:44 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-08 01:20 <DIR> d-------- C:\Documents and Settings\Dyllan Vangemert\Application Data\McAfee
2007-10-07 22:49 <DIR> d-------- C:\mcafee_mcpr
2007-10-07 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-06 01:08 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-05 22:41 <DIR> d-------- C:\Program Files\CONEXANT
2007-10-05 17:23 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-05 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-05 17:14 <DIR> d-------- C:\Documents and Settings\Dyllan Vangemert\Application Data\Viewpoint
2007-10-05 17:03 <DIR> d-------- C:\Program Files\AdwareAlert
2007-10-05 17:03 <DIR> d-------- C:\Documents and Settings\Dyllan Vangemert\Application Data\AdwareAlert
2007-10-05 00:39 <DIR> d-------- C:\Documents and Settings\Dyllan Vangemert\Application Data\SpywareBot
2007-10-04 22:51 <DIR> d-------- C:\Program Files\STOPzilla!
2007-10-04 22:51 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-10-04 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-10-04 01:46 2,408 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-04 01:28 <DIR> d-------- C:\Documents and Settings\Dyllan Vangemert\Application Data\ErrorSmart
2007-10-04 00:34 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-04 00:25 <DIR> d---s---- C:\Documents and Settings\Dyllan Vangemert\UserData
2007-10-03 23:33 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-10-03 23:00 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-03 22:35 <DIR> d-------- C:\Program Files\Universal
2007-09-14 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2007-09-14 17:16 <DIR> d-------- C:\Program Files\PANTECH
2007-09-14 17:16 319,456 --a------ C:\WINDOWS\system32\DIFxAPI.dll
2007-09-14 17:16 61,440 --a------ C:\WINDOWS\system32\pxfhwmcp.dll
2007-09-14 17:16 39,424 --a------ C:\WINDOWS\system32\drivers\PTDCMdm.sys
2007-09-14 17:16 37,760 --a------ C:\WINDOWS\system32\drivers\PTDCVsp.sys
2007-09-14 17:16 24,832 --a------ C:\WINDOWS\system32\drivers\PTDCBus.sys
2007-09-14 17:16 14,336 --a------ C:\WINDOWS\system32\PTDCCID.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-25 23:28 --------- d-----w C:\Program Files\Java
2007-10-25 23:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-25 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-24 20:16 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-22 04:43 --------- d-----w C:\Program Files\MUSICMATCH
2007-10-22 04:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-11 23:06 --------- d-----w C:\Program Files\Sonic
2007-10-11 02:40 --------- d-----w C:\Program Files\Common Files\AOL
2007-10-06 02:24 --------- d-----w C:\Program Files\CyberLink
2007-10-06 02:22 --------- d-----w C:\Documents and Settings\Dyllan Vangemert\Application Data\CyberLink
2007-10-05 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-05 03:53 1,024 ----a-w C:\WINDOWS\system32\drivers\A1F911DF-87A7-4810-8006-408A84D81E54.cxv
2007-08-22 12:55 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 12:55 665,600 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 12:55 617,984 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 12:55 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 12:55 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 12:55 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 12:55 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 12:55 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 12:55 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 12:55 3,064,832 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 12:55 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 12:55 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 12:55 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 12:55 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 12:55 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 12:55 1,498,112 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 12:55 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 12:55 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:19 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-31 00:18 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-09 13:09 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
2007-07-09 13:09 584,192 ----a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 05:06]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-10-29 17:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\Dyllan Vangemert\Start Menu\Programs\Startup\
VZAccess Manager.lnk - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2006-10-24 18:41:10]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0a\aoltray.exe [2006-03-18 19:28:28]
AOL Companion.lnk - C:\Program Files\AOL Companion\companion.exe [2005-12-14 02:27:29]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

R3 PTDCBus;PANTECH PC Card Composite Device Driver (UDP);C:\WINDOWS\system32\DRIVERS\PTDCBus.sys
R3 PTDCMdm;PANTECH PC Card Drivers (UDP);C:\WINDOWS\system32\DRIVERS\PTDCMdm.sys
R3 PTDCVsp;PANTECH PC Card Diagnostic Serial Port (UDP);C:\WINDOWS\system32\DRIVERS\PTDCVsp.sys
R3 SMNDIS5;SMNDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS
S3 kwkxusb;Kyocera CDMA Wireless Modem Driver;C:\WINDOWS\system32\DRIVERS\kwusb2k.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-05 22:03:37 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
"2007-10-04 22:22:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-06 02:04:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.exe
"2007-10-10 01:55:55 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.exe
"2007-10-30 21:12:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 16:13:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-30 16:13:57
C:\ComboFix-quarantined-files.txt ... 2007-10-08 21:11
C:\ComboFix2.txt ... 2007-10-28 22:49
C:\ComboFix3.txt ... 2007-10-28 22:39
.
--- E O F ---

#13 Dyllan

Dyllan
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 30 October 2007 - 11:56 PM

Oh the message was "Preparing to install Photo Gallery" not Album, I had it wrong. In the middle of the box it says "preparing to install" and in the blue name bar on the right side of the box, it says "Photo Gallery". If I let it sit for a couple minutes, another message comes up and says "The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2908." The only option in that window is OK, and I have to click that at least 30 times for it to go away. This also did this with a couple other items, but they were programs I didn't use, so I uninstalled them. But there is no program on my computer named Photo Gallery. I checked in the Add or Remove Programs folder, but their was nothing called Photo Gallery. The popups started when I started cleaning my computer for the first time after Video ActiveX was installed.

I had installed some virus scanners and then uninstalled them but In my ComboFix Log there are many of them that are in the scheduled tasks folder:

"2007-10-05 22:03:37 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
"2007-10-04 22:22:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-06 02:04:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.exe
"2007-10-10 01:55:55 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.exe
"2007-10-30 21:12:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe

The only one of those that should be there is the AppleSoftwareUpdate. Are those history items or stiil there? if they are still there, how do I get rid of them?

Ever since I installed Comodo Firewall, my computer has slowed down even more. I uninstalled it and it seemed to be better, but when I re-installed it, my computer slowed down again.

Edited by Dyllan, 31 October 2007 - 12:12 AM.


#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:06:02 PM

Posted 31 October 2007 - 04:26 PM

Hi Dyllan,
Sorry to be a pain, but you must follow my instructions.
Post #5 says.....
Please download ComboFix
and save it to your 'Desktop'.

**Note: It is important that it is saved directly to your desktop**

If you look at the header in your Combofix report...... you are running it from:
C:\Documents and Settings\Dyllan Vangemert\Local Settings\Temporary Internet Files\Content.IE5\XDWCS2O4\ComboFix[1].exe

We need 'ComboFix' to run from the correct place otherwise any 'cfscript' we may need to run later, will not work.
With these sort of programs, we have to run them correctly for them to work properly.
Could you please try again and make sure that 'ComboFix' is saved and then run from your 'Desktop'.
Thx

BBPP6nz.png


#15 Dyllan

Dyllan
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 01 November 2007 - 05:33 PM

I saved it to the desktop before, but I selected run right after it downloaded. Sorry about that:

ComboFix 07-11-01.1 - Dyllan Vangemert 2007-11-01 15:26:07.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.494 [GMT -5:00]
Running from: C:\Documents and Settings\Dyllan Vangemert\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-01 to 2007-11-01 )))))))))))))))))))))))))))))))
.

2007-10-30 21:58 182,304 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-30 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-30 21:45 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-10-30 21:45 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-30 21:45 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-30 21:42 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-28 23:06 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-10-28 23:06 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-28 23:06 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-28 23:06 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-28 23:06 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-28 23:06 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-28 23:05 <DIR> d-------- C:\Program Files\Alwil Software
2007-10-28 23:05 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-28 21:28 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-26 23:33 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-26 17:14 <DIR> d-------- C:\Documents and Settings\Dyllan Vangemert\Application Data\Comodo
2007-10-26 17:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-10-26 17:02 <DIR> d-------- C:\Program Files\Comodo
2007-10-26 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-10-25 18:28 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-24 15:17 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-10-17 23:04 <DIR> d-------- C:\Documents and Settings\Dyllan Vangemert\Application Data\wsInspector
2007-10-17 22:54 <DIR> d-------- C:\Program Files\Startup Inspector for Windows
2007-10-10 20:05 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-10-10 19:58 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-10 00:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-10 00:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-10 00:04 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-10 00:04 <DIR> d-------- C:\Documents and Settings\Dyllan Vangemert\Application Data\SUPERAntiSpyware.com
2007-10-08 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-08 22:26 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-08 21:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-08 01:44 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-08 01:44 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-08 01:44 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-08 01:20 <DIR> d-------- C:\Documents and Settings\Dyllan Vangemert\Application Data\McAfee
2007-10-07 22:49 <DIR> d-------- C:\mcafee_mcpr
2007-10-07 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-06 01:08 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-05 22:41 <DIR> d-------- C:\Program Files\CONEXANT
2007-10-05 17:23 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-05 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-05 17:14 <DIR> d-------- C:\Documents and Settings\Dyllan Vangemert\Application Data\Viewpoint
2007-10-05 17:03 <DIR> d-------- C:\Program Files\AdwareAlert
2007-10-05 17:03 <DIR> d-------- C:\Documents and Settings\Dyllan Vangemert\Application Data\AdwareAlert
2007-10-05 00:39 <DIR> d-------- C:\Documents and Settings\Dyllan Vangemert\Application Data\SpywareBot
2007-10-04 22:51 <DIR> d-------- C:\Program Files\STOPzilla!
2007-10-04 22:51 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-10-04 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-10-04 01:46 2,408 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-04 01:28 <DIR> d-------- C:\Documents and Settings\Dyllan Vangemert\Application Data\ErrorSmart
2007-10-04 00:34 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-04 00:25 <DIR> d---s---- C:\Documents and Settings\Dyllan Vangemert\UserData
2007-10-03 23:33 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-10-03 23:00 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-03 22:35 <DIR> d-------- C:\Program Files\Universal

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-31 03:16 2,108 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-25 23:28 --------- d-----w C:\Program Files\Java
2007-10-25 23:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-25 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-24 20:16 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-22 04:43 --------- d-----w C:\Program Files\MUSICMATCH
2007-10-22 04:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-11 23:06 --------- d-----w C:\Program Files\Sonic
2007-10-11 02:40 --------- d-----w C:\Program Files\Common Files\AOL
2007-10-06 02:24 --------- d-----w C:\Program Files\CyberLink
2007-10-06 02:22 --------- d-----w C:\Documents and Settings\Dyllan Vangemert\Application Data\CyberLink
2007-10-05 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-05 03:53 1,024 ----a-w C:\WINDOWS\system32\drivers\A1F911DF-87A7-4810-8006-408A84D81E54.cxv
2007-09-15 03:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2007-09-14 22:16 --------- d-----w C:\Program Files\PANTECH
2007-09-06 21:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-08-22 12:55 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 12:55 665,600 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 12:55 617,984 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 12:55 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 12:55 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 12:55 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 12:55 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 12:55 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 12:55 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 12:55 3,064,832 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 12:55 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 12:55 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 12:55 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 12:55 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 12:55 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 12:55 1,498,112 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 12:55 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 12:55 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:19 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-30_16.13.23.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-26 14:51:17 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-10-29 23:56:19 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-07-19 20:10:28 127,768 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-09-06 21:13:58 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll
+ 2007-09-06 21:14:04 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
+ 2007-09-06 21:14:28 395,080 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2007-09-06 21:14:04 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll
+ 2007-09-06 21:14:04 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
+ 2007-09-06 21:14:04 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
+ 2007-09-06 21:14:04 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
+ 2007-09-06 21:14:06 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
+ 2007-09-06 21:14:06 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
+ 2007-09-06 21:14:06 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
+ 2007-09-06 21:14:06 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
+ 2007-09-06 21:14:08 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
+ 2007-09-06 21:13:56 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
+ 2007-05-31 05:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2006-06-30 19:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-31 05:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-31 05:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-31 05:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-31 05:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
+ 2007-07-19 20:10:32 110,360 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\kl1.sys
+ 2007-07-19 20:10:32 186,128 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\klif.sys
+ 2007-05-31 05:03:48 110,360 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\kl1.sys
+ 2007-07-19 20:10:28 127,768 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\klif.sys
+ 2007-05-31 05:03:50 45,056 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\regcat.exe
+ 2006-09-20 04:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
+ 2007-08-25 00:31:48 274,432 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
+ 2006-12-19 23:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
+ 2007-05-31 05:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-31 05:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-31 05:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-31 05:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
+ 2007-08-25 00:31:48 135,168 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2006-12-19 23:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
+ 2007-09-06 21:13:56 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2004-01-30 17:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
+ 2007-09-06 21:13:58 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
+ 2007-09-06 21:13:58 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
+ 2007-09-06 21:13:58 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
+ 2007-09-06 21:14:30 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2007-09-06 21:14:30 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll
+ 2007-09-06 21:14:30 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2007-09-06 21:14:32 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
+ 2007-09-06 21:14:32 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
+ 2007-09-06 21:15:50 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2007-09-06 21:15:52 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2007-08-15 20:45:42 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2007-08-15 20:45:44 787,936 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
+ 2007-09-06 21:14:00 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
+ 2007-01-11 16:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2007-08-15 20:45:44 1,500,640 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
+ 2007-06-11 17:44:10 50,416 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
+ 2007-09-06 21:14:02 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2007-09-06 21:15:52 214,528 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2007-09-06 21:15:54 3,266,040 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2006-09-05 01:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
+ 2007-08-01 11:30:04 833,248 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
+ 2007-09-06 21:14:18 149,032 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
+ 2007-01-11 22:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
+ 2007-09-06 21:14:04 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
+ 2007-09-06 21:14:04 79,336 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
+ 2007-09-06 21:14:18 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2007-09-06 21:14:04 2,024,936 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
+ 2007-09-06 21:14:06 1,345,000 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
+ 2007-09-06 21:14:06 239,080 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2007-01-11 16:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
+ 2007-09-06 21:14:08 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
+ 2007-09-06 21:14:08 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
+ 2007-09-06 21:14:08 382,440 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
+ 2007-09-06 21:14:08 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
+ 2007-11-01 19:49:28 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_560.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 05:06]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\Dyllan Vangemert\Start Menu\Programs\Startup\
VZAccess Manager.lnk - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2006-10-24 18:41:10]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0a\aoltray.exe [2006-03-18 19:28:28]
AOL Companion.lnk - C:\Program Files\AOL Companion\companion.exe [2005-12-14 02:27:29]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

R3 PTDCBus;PANTECH PC Card Composite Device Driver (UDP);C:\WINDOWS\system32\DRIVERS\PTDCBus.sys
R3 PTDCMdm;PANTECH PC Card Drivers (UDP);C:\WINDOWS\system32\DRIVERS\PTDCMdm.sys
R3 PTDCVsp;PANTECH PC Card Diagnostic Serial Port (UDP);C:\WINDOWS\system32\DRIVERS\PTDCVsp.sys
R3 SMNDIS5;SMNDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS
S3 kwkxusb;Kyocera CDMA Wireless Modem Driver;C:\WINDOWS\system32\DRIVERS\kwusb2k.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-05 22:03:37 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
"2007-10-04 22:22:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-06 02:04:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.exe
"2007-10-10 01:55:55 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.exe
"2007-11-01 20:27:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-01 15:28:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-01 15:29:20
C:\ComboFix-quarantined-files.txt ... 2007-10-08 21:11
C:\ComboFix2.txt ... 2007-10-30 16:14
C:\ComboFix3.txt ... 2007-10-28 22:49
.
--- E O F ---

Edited by Dyllan, 01 November 2007 - 05:33 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users