Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Adware Sending Me Emails (not Sure If It's Adware)


  • This topic is locked This topic is locked
5 replies to this topic

#1 SOKHRMAN

SOKHRMAN

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 28 November 2007 - 06:51 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:47:49 AM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\FotomatDeviceConnect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/MD/?func=newreg&...;os=5&src=1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\FotomatDeviceConnect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153823822125
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9560 bytes

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:13 AM

Posted 11 December 2007 - 03:29 PM

Looks clean to me. What makes you think you are sending emails?


Let's dig a bit deeper:
  • Download Combofix to your desktop.

  • Doubleclick combofix.exe

  • Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, and after reboot if it asks for one, combofix will open again to gather the necessary information for the log. This may take a while so please be patient. When done, Combofix will close and a log should open called combofix.txt.

Post the contents of this log in your next reply along with a new hijackthislog.

Please do not post the ComboFix-quarantined-files.txt unless I ask you to.

#3 SOKHRMAN

SOKHRMAN
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 11 December 2007 - 10:21 PM

I routinely get emails from a name like "Casey" with encoded messages such as

want beaten punctual
V I_A-G _R _A - $1.43
FEMALE V _I_A-G _R _ A - $1.44
C _I _A -L -I S - $2.22
S_ O _ >M -A - $0.65
L> E _V -ITRA - $3.69
Regenisis H G -H
Ga1in 3+ Inches In Pis Length.
186 ITE MS O N S _AL -E TODAY
RANGEFIT.COM
Hele i sztr du. A na

I try adding to spam list, but new names with similar messages appear. Is this just typical spam or could it be something from within my computer?

Thank you so much for your time.

Edited by SOKHRMAN, 11 December 2007 - 10:33 PM.


#4 SOKHRMAN

SOKHRMAN
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 11 December 2007 - 10:31 PM

ComboFix 07-12-12.3 - Will 2007-12-11 22:24:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2380 [GMT -5:00]
Running from: C:\Documents and Settings\Will\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-12 to 2007-12-12 )))))))))))))))))))))))))))))))
.

2007-12-11 21:30 . 2007-12-11 21:30 <DIR> d-------- C:\WINDOWS\LastGood
2007-12-08 15:16 . 2007-12-08 15:17 <DIR> d-------- C:\Documents and Settings\Will\Application Data\GetRightToGo
2007-12-03 23:22 . 2001-08-17 13:28 771,581 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\winacisa.sys
2007-12-03 23:21 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usr1801.sys
2007-12-03 23:20 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\tridxp.dll
2007-12-03 23:19 . 2004-08-04 05:00 571,392 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\tintlgnt.ime
2007-12-03 23:18 . 2004-08-04 05:00 456,704 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\smtpsvc.dll
2007-12-03 23:17 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\slntamr.sys
2007-12-03 23:16 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sblfx.dll
2007-12-03 23:15 . 2004-08-04 00:56 397,056 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\s3gnb.dll
2007-12-03 23:14 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2007-12-03 23:13 . 2004-08-04 05:00 131,584 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\pmxviceo.dll
2007-12-03 23:13 . 2002-09-03 14:52 68,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\plugin.ocx
2007-12-03 23:13 . 2004-08-04 05:00 67,584 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\pmigrate.dll
2007-12-03 23:13 . 2004-08-04 05:00 11,264 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\pmxmcro.dll
2007-12-03 23:13 . 2004-08-04 05:00 6,144 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\pmxgl.dll
2007-12-03 23:08 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ovcodek2.sys
2007-12-03 23:07 . 2004-08-03 22:31 132,695 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\netwlan5.sys
2007-12-03 23:06 . 2004-08-04 05:00 1,875,968 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2007-12-03 23:05 . 2001-08-17 13:28 802,683 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ltsm.sys
2007-12-03 23:04 . 2004-08-04 05:00 1,158,818 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\korwbrkr.lex
2007-12-03 23:03 . 2004-08-04 05:00 811,064 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\imjp81k.dll
2007-12-03 23:02 . 2004-08-04 05:00 13,463,552 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2007-12-03 23:01 . 2001-08-17 13:28 907,456 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hcf_msft.sys
2007-12-03 23:00 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\g400d.dll
2007-12-03 22:59 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\el656ct5.sys
2007-12-03 22:58 . 2001-08-17 12:14 952,007 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\diwan.sys
2007-12-03 22:57 . 2004-08-04 05:00 1,677,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2007-12-03 22:56 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\bcmdm.sys
2007-12-03 22:55 . 2004-08-04 00:56 870,784 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ati3d1ag.dll
2007-12-03 22:54 . 2004-08-04 05:00 2,134,528 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\smtpsnap.dll
2007-12-01 06:41 . 2007-12-11 16:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-01 06:41 . 2007-12-01 06:41 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-28 06:47 . 2007-11-28 06:47 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-26 23:31 . 2007-11-27 06:42 <DIR> d-------- C:\Documents and Settings\Will\.housecall6.6
2007-11-26 23:01 . 2007-11-28 06:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-26 07:36 . 2007-11-26 07:36 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-26 07:36 . 2007-11-26 07:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-26 07:35 . 2007-11-26 07:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-25 15:47 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys
2007-11-25 15:46 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-11-25 12:31 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2007-11-25 12:29 . 2007-11-25 12:29 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-24 15:10 . 2007-11-25 03:08 <DIR> d-------- C:\Program Files\MSN Games
2007-11-24 15:10 . 2007-11-24 15:44 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-24 10:51 . 2007-11-24 10:51 <DIR> d-------- C:\Program Files\iTunes
2007-11-24 10:51 . 2007-11-24 10:51 <DIR> d-------- C:\Program Files\iPod
2007-11-24 10:50 . 2007-11-24 10:50 <DIR> d-------- C:\Program Files\QuickTime
2007-11-23 15:56 . 2007-11-23 15:56 <DIR> d-------- C:\Documents and Settings\Will\Application Data\Leadertech
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 02:27 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-12 02:27 107,832 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrB.exe
2007-12-08 20:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-08 20:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-27 03:59 62,416 ----a-w C:\Documents and Settings\Will\Application Data\GDIPFONTCACHEV1.DAT
2007-11-26 12:34 --------- d-----w C:\Documents and Settings\Will\Application Data\Lavasoft
2007-11-25 20:50 --------- d-----w C:\Program Files\ArcSoft
2007-11-25 20:47 --------- d-----w C:\Documents and Settings\Will\Application Data\ArcSoft
2007-11-25 17:31 --------- d-----w C:\Program Files\Java
2007-11-23 20:56 --------- d-----w C:\Documents and Settings\Will\Application Data\Sonic
2007-11-23 19:46 --------- d-----w C:\Documents and Settings\Will\Application Data\Apple Computer
2007-11-18 22:38 --------- d-----w C:\Documents and Settings\Will\Application Data\Skype
2007-11-09 00:28 66,872 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrA.exe
2007-11-07 23:28 --------- d-----w C:\Program Files\Activision
2007-10-29 22:12 --------- d-----w C:\Program Files\AIM6
2007-10-29 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-09-22 21:02 107,888 ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 09:18]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 10:47]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2004-03-23 15:48]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-07-25 05:58]
"Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 15:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-08-27 11:09]
"ViewpointPhotosDeviceConnect"="C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\FotomatDeviceConnect.exe" [2006-11-01 13:19]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
REGSVR32.EXE /S CTASIO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-08-25 12:52 339968 --a------ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
2002-09-30 01:00 45056 --a------ C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 05:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-03-15 01:04 122933 --a------ C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-11 11:43 53248 --------- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2004-06-29 11:23 135168 --a------ C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-15 13:11 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-11 20:15 290816 --------- C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2005-09-05 15:55 339968 --a------ C:\WINDOWS\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 01:00 90112 --------- C:\WINDOWS\UpdReg.EXE

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys
R3 SBAPIFS;SBAPIFS;\??\C:\WINDOWS\system32\drivers\sbapifs.sys
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
*Newly Created Service* - SBAPIFS
.
Contents of the 'Scheduled Tasks' folder
"2007-12-07 02:27:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-13 03:52:55 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Will.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
"2007-12-12 01:35:18 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-11 22:28:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-11 22:29:49
.
2007-11-16 02:03:49 --- E O F ---
_________________________________________________________________________________________________________
_________________________________________________________________________________________________________


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:54 PM, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\FotomatDeviceConnect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/MD/?func=newreg&...;os=5&src=1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\FotomatDeviceConnect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153823822125
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9573 bytes

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:13 AM

Posted 12 December 2007 - 11:04 AM

Your clean. Those are just typical spams that you are receiving. I unfortunately get them too :thumbsup:

#6 SOKHRMAN

SOKHRMAN
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 12 December 2007 - 08:13 PM

Great thank you very much for everything.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users