Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This-- Please


  • Please log in to reply
8 replies to this topic

#1 WJACK459

WJACK459

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 18 November 2007 - 02:27 PM

i ran all the stages that you put in the --before u post!! i ran it in safe-mode too!!


here my hijackthis


can saved at 1:18:25 PM, on 11/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [WinPatrol System Monitor] "C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132763186529
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 8818 bytes


i have a question------------------with my startups---- does spyboy(tea-timer) and spy sweeper --netural one another (do they knock one another out)

:thumbsup: tyvm in advance ( i hope this is the right forum)
the "TENDERHEART"

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:04 PM

Posted 01 December 2007 - 04:09 PM

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log

Please also post the problems you are having.

#3 WJACK459

WJACK459
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 03 December 2007 - 03:14 PM

:blink: tyvm for ur responds to my hijackthis post i ran all the things you ask again "BEFORE you post" as you ask me to and here is a new post


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:44 PM, on 12/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [WinPatrol System Monitor] "C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132763186529
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 8740 bytes



am running slow and it seem that my spysweeper and spybot -teatime is trying to outdo --one another

( am asking--- should one or the other be on my startup or should i leave them both on it) and firefox is a take over--- when i try to to run IE7 OR sbcyahoo--- i just keep getting error messenges and that it has to close!!

i hope that am explaining it good enough but do i have to to much spyware and adware (applications) or which should i put in startup or none at all. :thumbsup: thank you , again and i hope that i have giving you enough --information
the "TENDERHEART"

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:04 PM

Posted 05 December 2007 - 04:55 PM

I think there could be a possible conflict between teatimer and spysweeper, so let's disable teatimer for the time being.

I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer during HijackThis Cleanup
Then, Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

Please download Combofix to your desktop.
Doubleclick combofix.exe to launch the application.

Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

#5 WJACK459

WJACK459
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 06 December 2007 - 01:55 AM

i tried to download the resetTeaTimer.bat but could get it. but i did run the combofix.exe i also disable

win patrol=spybot and spysweeper and here is the log from combofix.exe


ComboFix 07-12-02.6 - Owner 2007-12-06 0:34:44.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.102 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\windows.scr

.
((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 )))))))))))))))))))))))))))))))
.

2007-12-04 21:18 . 2007-12-04 21:18 <DIR> d-------- C:\Documents and Settings\VERYBLESSWOMAN\Application Data\Comodo
2007-12-02 20:25 . 2007-11-10 19:12 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-11-30 14:53 . 2007-11-30 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-11-24 13:49 . 2007-11-24 13:49 <DIR> d-------- C:\Documents and Settings\VICTORIA\Application Data\Comodo
2007-11-23 15:16 . 2007-11-23 15:16 <DIR> d-------- C:\WINDOWS\SYSTEM32\NtmsData
2007-11-20 14:55 . 2007-11-20 14:55 5,632 --ahs---- C:\WINDOWS\Thumbs.db
2007-11-18 03:04 . 2007-11-18 03:04 0 --a------ C:\WINDOWS\DellSC.INI
2007-11-18 02:29 . 2007-11-18 02:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2007-11-18 01:15 . 2007-11-18 01:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-11-17 23:52 . 2007-11-17 23:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-11-17 23:50 . 2007-11-17 23:50 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-11-17 23:37 . 2000-11-30 18:02 49 --a------ C:\WINDOWS\SMInfom.ini
2007-11-17 22:13 . 2000-11-30 14:17 29,344 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cmosa.sys
2007-11-17 22:12 . 2007-11-17 22:12 3 --a------ C:\WINDOWS\DATA.TCD
2007-11-17 22:12 . 2007-11-17 22:12 0 --a------ C:\WINDOWS\SYSTEM32\EULAckie.tcd
2007-11-17 22:11 . 2007-11-17 22:11 <DIR> d-------- C:\Program Files\Dell
2007-11-16 12:42 . 2000-03-23 12:50 446,464 -ra------ C:\WINDOWS\SYSTEM32\hhactivex.dll
2007-11-16 12:42 . 1999-05-07 13:24 414,944 --a------ C:\WINDOWS\SYSTEM32\COMCT332.OCX
2007-11-16 12:42 . 1998-11-10 10:46 328,480 --a------ C:\WINDOWS\SYSTEM32\ssa3d30.ocx
2007-11-16 12:42 . 2002-01-08 17:00 176,128 --a------ C:\WINDOWS\SYSTEM32\RcdScan.dll
2007-11-16 12:42 . 1998-09-24 12:03 171,967 --a------ C:\WINDOWS\SYSTEM32\Odbcjet.hlp
2007-11-16 12:42 . 1998-06-17 23:00 89,360 --a------ C:\WINDOWS\SYSTEM32\VB5DB.DLL
2007-11-16 12:42 . 2001-08-22 08:42 13,632 --------- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys
2007-11-16 12:42 . 1998-09-24 12:03 7,348 --a------ C:\WINDOWS\SYSTEM32\Odbcjet.cnt
2007-11-16 11:39 . 2007-11-16 11:40 105,823,606 --a------ C:\NEW BEGINNING 2.REG
2007-11-15 22:56 . 2007-11-15 22:56 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2007-11-15 19:27 . 2007-11-15 19:27 63 --a------ C:\WINDOWS\SYSTEM\SYSRegC.dll
2007-11-15 19:25 . 2007-05-24 16:57 143,360 --a------ C:\WINDOWS\SYSTEM32\GetHardDiskNo.dll
2007-11-14 22:43 . 2007-11-14 22:43 <DIR> d-------- C:\WINDOWS\RegistryCleaner
2007-11-13 19:09 . 2007-11-13 19:09 <DIR> d-------- C:\Documents and Settings\PRINCESS !!!!!\Application Data\Comodo
2007-11-12 23:11 . 2007-11-12 23:11 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\.phish
2007-11-12 22:15 . 2007-11-12 22:15 <DIR> d-------- C:\Program Files\Blue Coat K9 Web Protection
2007-11-12 21:57 . 2007-11-12 21:57 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-12 21:57 . 2007-11-12 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-12 12:16 . 2007-11-12 12:16 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-11 21:30 . 2007-11-11 21:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Comodo
2007-11-11 21:30 . 2007-11-11 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-11-11 21:27 . 2007-09-30 12:34 217 --a------ C:\boot.ini.comodofirewall
2007-11-10 19:11 . 2007-11-10 19:11 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2007-11-10 18:00 . 2007-11-10 18:00 <DIR> d-------- C:\Program Files\XoftSpySE
2007-11-08 18:42 . 2007-11-08 18:42 <DIR> d-------- C:\Documents and Settings\william\Application Data\Talkback
2007-11-08 18:35 . 2007-11-08 18:35 <DIR> d-------- C:\Documents and Settings\william\Application Data\Newsoft
2007-11-08 18:35 . 2007-11-08 18:35 29 --a------ C:\WINDOWS\DEBUGSM.INI
2007-11-08 18:07 . 2007-11-08 18:07 <DIR> d-------- C:\Documents and Settings\william\Application Data\Webroot
2007-11-08 18:07 . 2007-11-08 18:07 <DIR> d-------- C:\Documents and Settings\william\Application Data\AVG7
2007-11-08 16:58 . 2007-11-08 16:58 <DIR> d-------- C:\Documents and Settings\VICTORIA\Application Data\Talkback
2007-11-08 16:52 . 2007-11-08 16:52 <DIR> d-------- C:\Documents and Settings\VICTORIA\Application Data\Webroot
2007-11-08 16:11 . 2007-11-08 16:11 <DIR> d-------- C:\Documents and Settings\VERYBLESSWOMAN\Application Data\Talkback
2007-11-08 16:00 . 2007-11-08 16:00 <DIR> d-------- C:\Documents and Settings\VERYBLESSWOMAN\Application Data\Webroot
2007-11-08 01:28 . 2007-11-08 01:28 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-11-08 00:29 . 2007-11-08 00:29 <DIR> d-------- C:\Documents and Settings\Owner\.SunDownloadManager
2007-11-08 00:18 . 2007-11-08 00:18 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2007-11-07 23:56 . 2007-11-07 23:56 <DIR> d-------- C:\Program Files\PCPitstop
2007-11-07 23:02 . 2007-11-07 23:02 <DIR> d-------- C:\Program Files\Secunia
2007-11-07 22:38 . 2007-11-07 22:38 <DIR> d-------- C:\Documents and Settings\PRINCESS !!!!!\Application Data\Talkback
2007-11-07 22:35 . 2007-11-07 22:35 <DIR> d-------- C:\Documents and Settings\PRINCESS !!!!!\Application Data\Webroot
2007-11-07 16:54 . 2007-11-07 16:54 <DIR> d-------- C:\Program Files\CCleaner
2007-11-07 10:25 . 2007-11-07 10:25 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Talkback
2007-11-07 10:09 . 2007-08-08 20:02 235,008 --a------ C:\WINDOWS\UNBOC.EXE
2007-11-07 10:09 . 2007-05-08 17:01 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
2007-11-07 10:09 . 2004-08-04 12:00 22,528 --a------ C:\WINDOWS\SYSTEM32\wsock32.dlb
2007-11-07 10:08 . 2007-11-07 10:08 <DIR> d-------- C:\Program Files\Comodo
2007-11-07 10:08 . 2007-11-07 10:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BOC425
2007-11-07 10:08 . 2007-11-07 21:22 743 --a------ C:\WINDOWS\BOC425.INI
2007-11-07 09:29 . 2007-11-07 09:29 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Slide
2007-11-07 09:24 . 2007-11-07 09:24 <DIR> d-------- C:\Program Files\Eraser
2007-11-07 09:18 . 2007-11-07 09:18 <DIR> d-------- C:\Program Files\Total Uninstall 3
2007-11-07 09:18 . 2007-11-07 09:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Martau
2007-11-07 08:56 . 2007-11-07 08:56 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-07 08:56 . 2007-11-07 08:56 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-11-07 08:56 . 2007-11-07 08:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-07 08:55 . 2007-11-07 08:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-06 23:41 . 2007-11-06 23:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2007-11-06 21:34 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2007-11-06 20:58 . 2007-11-06 20:58 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2007-11-06 16:43 . 2007-11-06 16:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-11-06 16:43 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
2007-11-06 16:43 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2007-11-06 16:43 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
2007-11-06 16:43 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0BB9.sys
2007-11-06 16:42 . 2007-11-06 16:42 <DIR> d-------- C:\Program Files\Webroot
2007-11-06 16:42 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2007-11-06 16:42 . 2007-11-06 16:42 164 --a------ C:\install.dat
2007-11-06 16:41 . 2007-11-06 16:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-11-06 16:40 . 2007-11-06 16:40 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Webroot

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-13 05:11 --------- d-----w C:\Documents and Settings\Owner\Application Data\.phish
2007-11-11 06:54 28,672 ----a-w C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\dllcache\shell32.dll
2007-10-10 20:48 --------- d-----w C:\Documents and Settings\LocalService\Application Data\yahoo!
2007-09-27 23:27 21,536 ----a-w C:\Documents and Settings\PRINCESS !!!!!\Application Data\GDIPFONTCACHEV1.DAT
2007-03-31 20:15 21,536 ----a-w C:\Documents and Settings\VICTORIA\Application Data\GDIPFONTCACHEV1.DAT
2007-03-14 04:28 20,618,754 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_03_13_14_51_04_full.dmp.zip
2007-03-11 04:57 20,333,126 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_03_10_22_53_06_full.dmp.zip
2007-02-27 05:25 20,549,963 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_26_23_21_44_full.dmp.zip
2007-02-17 18:04 20,434,200 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_17_12_00_10_full.dmp.zip
2007-02-14 15:19 4,337,111 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_14_01_06_16_full.dmp.zip
2007-02-13 02:32 3,101,406 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_12_20_30_11_full.dmp.zip
2007-02-12 13:18 20,332,136 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_11_01_53_16_full.dmp.zip
2007-02-10 19:52 20,314,778 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_10_12_15_42_full.dmp.zip
2007-01-19 02:55 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-09-12 22:21 6,064 ----a-w C:\Documents and Settings\All Users\Application Data\ypinfo.bin
2006-05-14 07:10 46,388 ------w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_05_13_17_28_38_small.dmp.zip
2006-05-14 07:10 44,707 ------w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_05_13_17_28_32_small.dmp.zip
2006-03-15 23:33 21,536 ----a-w C:\Documents and Settings\william\Application Data\GDIPFONTCACHEV1.DAT
2005-10-05 22:32 271 --sh--w C:\Program Files\desktop.ini
2005-10-05 22:32 23,357 ---h--w C:\Program Files\folder.htt
2002-07-26 23:02 153,088 ----a-w C:\Documents and Settings\william\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol System Monitor"="C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe" [2005-12-12 23:18]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-11-11 21:25]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-06 12:21]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-06 12:22]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 12:00 C:\WINDOWS\SYSTEM32\narrator.exe]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Connection Manager.lnk]
backup=C:\WINDOWS\pss\Connection Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2005-08-01 06:05 94208 --a------ C:\Program Files\Lexmark 7300 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Brother XP spl Service"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe
"YBrowser"=C:\PROGRA~1\YAHOO!\BROWSER\ybrwicon.exe
"IPInSightLAN 02"="C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPClient.exe" -l
"IPInSightMonitor 02"="C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPMon32.exe"
"Motive SmartBridge"=C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
"YOP"=C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
"YPC"=C:\PROGRA~1\YAHOO!\PARENT~1\ypc.exe
"LXCICATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
R1 cmosa;cmosa;C:\WINDOWS\system32\DRIVERS\cmosa.sys
R1 cwmtdi;cwmtdi;C:\WINDOWS\system32\drivers\cwmtdi.sys
R3 BOCDRIVE;BOClean Kernel Monitor.;\??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys
R3 XIRLINK;Veo Mobile/Advanced Web Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys
S3 lxci_device;lxci_device;C:\WINDOWS\system32\lxcicoms.exe -service
S3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
"2007-12-06 05:56:12 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-11-13 23:11:34 C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job"
- C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE
"2007-12-06 05:51:04 C:\WINDOWS\Tasks\Uninstall Expiration Reminder.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-12-05 19:14:14 C:\WINDOWS\Tasks\wrSpySweeper_L3101B563AB944F6399721FD90BEABA54.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
- A:\
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 00:42:16
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-06 0:43:35
.
--- E O F ---



here is a new hijackthis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:03 AM, on 12/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [WinPatrol System Monitor] "C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132763186529
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 7594 bytes

thank you again for ur time and patience :thumbsup:
the "TENDERHEART"

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:04 PM

Posted 06 December 2007 - 04:49 PM

Please perform this online scan: Kaspersky Webscan
Note that this scanner will only work on Internet Explorer, so please use this browser for the scan.
Read the Requirements and Privacy statement, then select "Accept"
A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
Select "Install" to download the ActiveX controls that allows ActiveScan to run.

When the download is complete it will say ready, click "Next"
Select a target to scan: Click on "My Computer"
When the scan is complete choose to save the results as "Save as Text"
Post the Kaspersky scan results in your next reply, along with a new Hijackthis log.

#7 WJACK459

WJACK459
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 08 December 2007 - 01:45 AM

here's the kaspersky report


KASPERSKY ONLINE SCANNER REPORT
Friday, December 07, 2007 10:35:22 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/12/2007
Kaspersky Anti-Virus database records: 445829
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
Scan Statistics
Total number of scanned objects 52926
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 01:56:05

Infected Object Name Virus Name Last Action
C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\TASKS\SCHEDLGU.TXT Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_390.dat Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{929B650B-E4BC-4517-B47F-98B9A8785C59}.bin Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\Program Files\Blue Coat K9 Web Protection\cwmlog.txt Object is locked skipped
C:\Program Files\Blue Coat K9 Web Protection\urls.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12142006-141620.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF9611.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF6812.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFF303.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\System Volume Information\_restore{C19A9383-68D3-4099-97CD-1F7669A13E82}\RP71\change.log Object is locked skipped
Scan process completed.

i turn off the anti-virus, winpatrol , spysweeper, plus spyguard :thumbsup:

and it had 2 way to scan (didnt know which one you wanted) :wacko:

and here's a new hijackthis log :)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:55 AM, on 12/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\YAHOO!\BROWSER\YCOMMON.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [WinPatrol System Monitor] "C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1935655697-507921405-1957994488-1004\..\Run: [AVG7_Run] "C:\PROGRA~1\Grisoft\AVG7\avgw.exe" /RUNONCE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132763186529
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 7035 bytes




while am on the subject==== which should put on my startup== spyguard,spybot (teatimer) and winpatrol and leave spysweeper off? :)


and what is: 03 toolbar (no name) and 024 desktop(no name)


thank you very much for your time and patience :blink:
the "TENDERHEART"

#8 WJACK459

WJACK459
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 11 December 2007 - 01:47 PM

i just ran the combo and again and here is the log :blink: :)

ComboFix 07-12-11.1 - Owner 2007-12-11 12:26:04.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.118 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-11 to 2007-12-11 )))))))))))))))))))))))))))))))
.

2007-12-07 14:28 . 2007-12-07 14:28 <DIR> d-------- C:\Program Files\Karen's Power Tools
2007-12-07 14:27 . 2007-12-07 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
2007-12-04 21:18 . 2007-12-04 21:18 <DIR> d-------- C:\Documents and Settings\VERYBLESSWOMAN\Application Data\Comodo
2007-12-02 20:25 . 2007-11-10 19:12 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-11-30 14:53 . 2007-11-30 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-11-24 13:49 . 2007-11-24 13:49 <DIR> d-------- C:\Documents and Settings\VICTORIA\Application Data\Comodo
2007-11-23 15:16 . 2007-11-23 15:16 <DIR> d-------- C:\WINDOWS\SYSTEM32\NtmsData
2007-11-20 14:55 . 2007-11-20 14:55 5,632 --ahs---- C:\WINDOWS\Thumbs.db
2007-11-18 03:04 . 2007-11-18 03:04 0 --a------ C:\WINDOWS\DellSC.INI
2007-11-18 02:29 . 2007-11-18 02:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2007-11-18 01:15 . 2007-11-18 01:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-11-17 23:52 . 2007-11-17 23:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-11-17 23:50 . 2007-11-17 23:50 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-11-17 23:37 . 2000-11-30 18:02 49 --a------ C:\WINDOWS\SMInfom.ini
2007-11-17 22:13 . 2000-11-30 14:17 29,344 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cmosa.sys
2007-11-17 22:12 . 2007-11-17 22:12 3 --a------ C:\WINDOWS\DATA.TCD
2007-11-17 22:12 . 2007-11-17 22:12 0 --a------ C:\WINDOWS\SYSTEM32\EULAckie.tcd
2007-11-17 22:11 . 2007-11-17 22:11 <DIR> d-------- C:\Program Files\Dell
2007-11-16 12:42 . 2000-03-23 12:50 446,464 -ra------ C:\WINDOWS\SYSTEM32\hhactivex.dll
2007-11-16 12:42 . 1999-05-07 13:24 414,944 --a------ C:\WINDOWS\SYSTEM32\COMCT332.OCX
2007-11-16 12:42 . 1998-11-10 10:46 328,480 --a------ C:\WINDOWS\SYSTEM32\ssa3d30.ocx
2007-11-16 12:42 . 2002-01-08 17:00 176,128 --a------ C:\WINDOWS\SYSTEM32\RcdScan.dll
2007-11-16 12:42 . 1998-09-24 12:03 171,967 --a------ C:\WINDOWS\SYSTEM32\Odbcjet.hlp
2007-11-16 12:42 . 1998-06-17 23:00 89,360 --a------ C:\WINDOWS\SYSTEM32\VB5DB.DLL
2007-11-16 12:42 . 2001-08-22 08:42 13,632 --------- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys
2007-11-16 12:42 . 1998-09-24 12:03 7,348 --a------ C:\WINDOWS\SYSTEM32\Odbcjet.cnt
2007-11-16 11:39 . 2007-11-16 11:40 105,823,606 --a------ C:\NEW BEGINNING 2.REG
2007-11-15 22:56 . 2007-11-15 22:56 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2007-11-15 19:27 . 2007-11-15 19:27 63 --a------ C:\WINDOWS\SYSTEM\SYSRegC.dll
2007-11-15 19:25 . 2007-05-24 16:57 143,360 --a------ C:\WINDOWS\SYSTEM32\GetHardDiskNo.dll
2007-11-14 22:43 . 2007-11-14 22:43 <DIR> d-------- C:\WINDOWS\RegistryCleaner
2007-11-13 19:09 . 2007-11-13 19:09 <DIR> d-------- C:\Documents and Settings\PRINCESS !!!!!\Application Data\Comodo
2007-11-12 23:11 . 2007-11-12 23:11 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\.phish
2007-11-12 22:15 . 2007-11-12 22:15 <DIR> d-------- C:\Program Files\Blue Coat K9 Web Protection
2007-11-12 21:57 . 2007-11-12 21:57 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-12 21:57 . 2007-11-12 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-12 12:16 . 2007-11-12 12:16 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-11 21:30 . 2007-11-11 21:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Comodo
2007-11-11 21:30 . 2007-11-11 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-11-11 21:27 . 2007-09-30 12:34 217 --a------ C:\boot.ini.comodofirewall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-13 05:11 --------- d-----w C:\Documents and Settings\Owner\Application Data\.phish
2007-11-11 06:54 28,672 ----a-w C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-11 00:00 --------- d-----w C:\Program Files\XoftSpySE
2007-11-09 00:42 --------- d-----w C:\Documents and Settings\william\Application Data\Talkback
2007-11-09 00:35 --------- d-----w C:\Documents and Settings\william\Application Data\Newsoft
2007-11-09 00:07 --------- d-----w C:\Documents and Settings\william\Application Data\Webroot
2007-11-09 00:07 --------- d-----w C:\Documents and Settings\william\Application Data\AVG7
2007-11-08 22:58 --------- d-----w C:\Documents and Settings\VICTORIA\Application Data\Talkback
2007-11-08 22:52 --------- d-----w C:\Documents and Settings\VICTORIA\Application Data\Webroot
2007-11-08 22:11 --------- d-----w C:\Documents and Settings\VERYBLESSWOMAN\Application Data\Talkback
2007-11-08 22:00 --------- d-----w C:\Documents and Settings\VERYBLESSWOMAN\Application Data\Webroot
2007-11-08 07:28 --------- d-----w C:\Program Files\Common Files\xing shared
2007-11-08 06:18 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Talkback
2007-11-08 05:02 --------- d-----w C:\Program Files\Secunia
2007-11-08 04:38 --------- d-----w C:\Documents and Settings\PRINCESS !!!!!\Application Data\Talkback
2007-11-08 04:35 --------- d-----w C:\Documents and Settings\PRINCESS !!!!!\Application Data\Webroot
2007-11-07 22:54 --------- d-----w C:\Program Files\CCleaner
2007-11-07 16:25 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Talkback
2007-11-07 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOC425
2007-11-07 16:08 --------- d-----w C:\Program Files\Comodo
2007-11-07 15:29 --------- d-----w C:\Documents and Settings\Owner\Application Data\Slide
2007-11-07 15:24 --------- d-----w C:\Program Files\Eraser
2007-11-07 15:18 --------- d-----w C:\Program Files\Total Uninstall 3
2007-11-07 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Martau
2007-11-07 14:56 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-11-07 14:56 --------- d-----w C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-11-07 14:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-07 14:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-07 05:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\Leadertech
2007-11-07 02:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\Talkback
2007-11-06 22:43 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
2007-11-06 22:42 164 ----a-w C:\install.dat
2007-11-06 22:42 --------- d-----w C:\Program Files\Webroot
2007-11-06 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2007-11-06 22:40 --------- d-----w C:\Documents and Settings\Owner\Application Data\Webroot
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\dllcache\shell32.dll
2007-10-01 22:40 1,526,072 ----a-w C:\WINDOWS\WRSetup.dll
2007-09-27 23:27 21,536 ----a-w C:\Documents and Settings\PRINCESS !!!!!\Application Data\GDIPFONTCACHEV1.DAT
2007-03-31 20:15 21,536 ----a-w C:\Documents and Settings\VICTORIA\Application Data\GDIPFONTCACHEV1.DAT
2007-03-14 04:28 20,618,754 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_03_13_14_51_04_full.dmp.zip
2007-03-11 04:57 20,333,126 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_03_10_22_53_06_full.dmp.zip
2007-02-27 05:25 20,549,963 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_26_23_21_44_full.dmp.zip
2007-02-17 18:04 20,434,200 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_17_12_00_10_full.dmp.zip
2007-02-14 15:19 4,337,111 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_14_01_06_16_full.dmp.zip
2007-02-13 02:32 3,101,406 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_12_20_30_11_full.dmp.zip
2007-02-12 13:18 20,332,136 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_11_01_53_16_full.dmp.zip
2007-02-10 19:52 20,314,778 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_10_12_15_42_full.dmp.zip
2007-01-19 02:55 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-09-12 22:21 6,064 ----a-w C:\Documents and Settings\All Users\Application Data\ypinfo.bin
2006-05-14 07:10 46,388 ------w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_05_13_17_28_38_small.dmp.zip
2006-05-14 07:10 44,707 ------w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_05_13_17_28_32_small.dmp.zip
2006-03-15 23:33 21,536 ----a-w C:\Documents and Settings\william\Application Data\GDIPFONTCACHEV1.DAT
2005-10-05 22:32 271 --sh--w C:\Program Files\desktop.ini
2005-10-05 22:32 23,357 ---h--w C:\Program Files\folder.htt
2002-07-26 23:02 153,088 ----a-w C:\Documents and Settings\william\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-10-27 07:51]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol System Monitor"="C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe" [2005-12-12 23:18]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-11-11 21:25]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-06 12:21]
"BOC-425"="" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-06 12:22]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 12:00 C:\WINDOWS\SYSTEM32\narrator.exe]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Connection Manager.lnk]
backup=C:\WINDOWS\pss\Connection Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2005-08-01 06:05 94208 --a------ C:\Program Files\Lexmark 7300 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Brother XP spl Service"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe
"YBrowser"=C:\PROGRA~1\YAHOO!\BROWSER\ybrwicon.exe
"IPInSightLAN 02"="C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPClient.exe" -l
"IPInSightMonitor 02"="C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPMon32.exe"
"Motive SmartBridge"=C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
"YOP"=C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
"YPC"=C:\PROGRA~1\YAHOO!\PARENT~1\ypc.exe
"LXCICATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
R1 cmosa;cmosa;C:\WINDOWS\system32\DRIVERS\cmosa.sys
R1 cwmtdi;cwmtdi;C:\WINDOWS\system32\drivers\cwmtdi.sys
R3 BOCDRIVE;BOClean Kernel Monitor.;\??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys
R3 XIRLINK;Veo Mobile/Advanced Web Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys
S3 lxci_device;lxci_device;C:\WINDOWS\system32\lxcicoms.exe -service
S3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
"2007-12-11 18:02:56 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-11-13 23:11:34 C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job"
- C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE
"2007-12-11 17:51:02 C:\WINDOWS\Tasks\Uninstall Expiration Reminder.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-12-10 19:05:32 C:\WINDOWS\Tasks\wrSpySweeper_L3101B563AB944F6399721FD90BEABA54.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
- A:\
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-11 12:30:50
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-11 12:32:46
C:\ComboFix2.txt ... 2007-12-06 00:43
.
2007-12-07 17:55:57 --- E O F ---



here's another hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:48 PM, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [WinPatrol System Monitor] "C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132763186529
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 6460 byte


tyvm============ i know you all are very busy!!! and am grateful for your time and patience :thumbsup:
:wacko:
the "TENDERHEART"

#9 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:04 PM

Posted 11 December 2007 - 06:39 PM

Sorry for the delay, I was away for a few days.. :thumbsup:
The online scan was completely clean, a great sign!
The 03 and the 024 you mentioned can be left - they are harmless!
How is the PC running? I see a clean HJT log...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users