Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This


  • This topic is locked This topic is locked
39 replies to this topic

#1 tutem

tutem

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 12 February 2007 - 10:03 AM

Hello Everyone
My xp has slowed down completely and my internet connection times out before a web page manages to load, I would appreciate some advice on what I can do.
I have run hijackthis and the log reads as follows:-

Logfile of HijackThis v1.99.1
Scan saved at 13:55:03, on 12/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINDOWS\system32\slmdmsr.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\APPS\EmailChecker\ech.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\TOOTOOSH\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.menara.ma/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Anonymizer Proxy - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\Hide Real IP\ProxyNew.dll
O2 - BHO: PBUKV2 - {4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - C:\WINDOWS\system32\pbukv2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: PBUKV2 - {4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - C:\WINDOWS\system32\pbukv2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{64A07A0B-E843-4E8C-BBFA-CDEDC5E47D2C}: NameServer = 212.217.0.3 196.217.246.210
O17 - HKLM\System\CS1\Services\Tcpip\..\{64A07A0B-E843-4E8C-BBFA-CDEDC5E47D2C}: NameServer = 212.217.0.3 196.217.246.210
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe


Lots of text, little meaning, well to me anyway.

Much appreciate some help..

Thanks''

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 12 February 2007 - 10:24 AM

Welcome tutem :thumbsup:

First,you have Norton Internet Security and Sophos Antivirus installed and active,that could lead to problems due to conflicts between the two.
It could cause system slowdowns,false virus alerts etc,you should uninstall one of them as soon as possible via Add/Remove Programs.
If you decide to uninstall Norton Internet Security,and you find there's no uninstaller in Add/Remove Programs,download and run the Norton Removal Tool:
http://service1.symantec.com/SUPPORT/tsgen...005033108162039

*****************************

Please make sure all hidden files are showing:

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

*****************************

Please download/install AVG Anti-Spyware 7.5.
Welcome Trailrider
Please follow these instructions carefully.
Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O2 - BHO: PBUKV2 - {4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - C:\WINDOWS\system32\pbukv2.dll
O3 - Toolbar: PBUKV2 - {4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - C:\WINDOWS\system32\pbukv2.dll
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe

Find and delete if present:
C:\WINDOWS\system32\pbukv2.dll
C:\WINDOWS\system32\drivers\Icon.exe

Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.
Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

*****************************

Please download Combofix and save to the desktop:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a log.
Post the C:\ComboFix.txt in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.



Post the AVG Anti Spyware report,the C:\ComboFix.txt, and a new Hijackthis log into your next reply please.
Let me know how your pc is running now please.

Edited by RichieUK, 12 February 2007 - 10:27 AM.

Posted Image
Posted Image

#3 tutem

tutem
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 12 February 2007 - 08:28 PM

Thanks for your help on this, I followed your instructions to the letter, and I attach the reports as requested.

TOOTOOSH" - 07-02-13 0:53:54 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\TOOTOOSH\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))


2007-02-12 22:44 <DIR> d-------- C:\DOCUME~1\ADMIN

#4 tutem

tutem
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 12 February 2007 - 08:32 PM

Thanks for your help on this, I followed your instructions to the letter, and I attach the reports as requested.

TOOTOOSH" - 07-02-13 0:53:54 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\TOOTOOSH\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))


2007-02-12 22:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Adobe
2007-02-12 19:26 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\You've Got Pictures Screensaver
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Symantec
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Sun
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Real
2007-02-12 16:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-12 16:05 <DIR> d-------- C:\Program Files\Grisoft
2007-02-12 15:24 <DIR> d-------- C:\Program Files\ACW
2007-02-11 19:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Sophos
2007-02-11 19:01 <DIR> d-------- C:\savxpsa
2007-02-10 14:46 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2007-02-10 14:46 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-02-10 14:32 <DIR> d-------- C:\DOCUME~1\TOOTOOSH\Application Data\Google
2007-02-10 14:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-02-10 14:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-02-10 14:14 <DIR> d-------- C:\Program Files\Softnik Technologies
2007-02-09 23:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-02-09 15:32 <DIR> d-------- C:\Program Files\Common Files\Adobe(2)
2007-02-09 15:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe(2)
2007-01-23 20:19 <DIR> d-------- C:\Program Files\Windows Defender


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-13 00:38 -------- d-------- C:\Program Files\norton internet security
2007-02-13 00:28 -------- d-------- C:\DOCUME~1\TOOTOOSH\Application Data\adobeum
2007-02-12 22:28 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-02-11 21:31 -------- d-------- C:\Program Files\menara
2007-02-11 21:08 -------- d-------- C:\Program Fil

Thanks for your help on this, I followed your instructions to the letter, and I attach the reports as requested.

TOOTOOSH" - 07-02-13 0:53:54 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\TOOTOOSH\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))


2007-02-12 22:44 <DIR> d-------- C:\DOCUME~1\ADMIN

#5 tutem

tutem
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 12 February 2007 - 08:39 PM

Thanks for your help on this, I followed your instructions to the letter, and I attach the reports as requested.

TOOTOOSH" - 07-02-13 0:53:54 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\TOOTOOSH\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))


2007-02-12 22:44 <DIR> d-------- C:\DOCUME~1\ADMIN

#6 tutem

tutem
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 12 February 2007 - 08:57 PM

Thanks for your help on this, I followed your instructions to the letter, and I attach the reports as requested.

TOOTOOSH" - 07-02-13 0:53:54 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\TOOTOOSH\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))


2007-02-12 22:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Adobe
2007-02-12 19:26 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\You've Got Pictures Screensaver
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Symantec
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Sun
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Real
2007-02-12 16:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-12 16:05 <DIR> d-------- C:\Program Files\Grisoft
2007-02-12 15:24 <DIR> d-------- C:\Program Files\ACW
2007-02-11 19:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Sophos
2007-02-11 19:01 <DIR> d-------- C:\savxpsa
2007-02-10 14:46 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2007-02-10 14:46 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-02-10 14:32 <DIR> d-------- C:\DOCUME~1\TOOTOOSH\Application Data\Google
2007-02-10 14:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-02-10 14:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-02-10 14:14 <DIR> d-------- C:\Program Files\Softnik Technologies
2007-02-09 23:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-02-09 15:32 <DIR> d-------- C:\Program Files\Common Files\Adobe(2)
2007-02-09 15:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe(2)
2007-01-23 20:19 <DIR> d-------- C:\Program Files\Windows Defender


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-13 00:38 -------- d-------- C:\Program Files\norton internet security
2007-02-13 00:28 -------- d-------- C:\DOCUME~1\TOOTOOSH\Application Data\adobeum
2007-02-12 22:28 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-02-11 21:31 -------- d-------- C:\Program Files\menara
2007-02-11 21:08 -------- d-------- C:\Program Files\spacenoid
2007-02-11 21:08 -------- d-------- C:\Program Files\globe7
2007-02-10 14:33 -------- d-------- C:\Program Files\yahoo! games
2007-02-10 14:18 -------- d-------- C:\Program Files\microsoft works
2007-02-10 14:14 -------- d-------- C:\Program Files\hide real ip
2007-02-10 14:14 -------- d-------- C:\Program Files\egames
2007-02-08 22:59 57344 --a------ C:\Program Files\paypal history.xls
2007-02-08 22:58 25949 --a------ C:\Program Files\paypal history.csv
2007-01-30 01:25 2545902 --a------ C:\Program Files\puppysnatcher-toocute.wmv
2007-01-29 00:10 17408 --a------ C:\Program Files\warehouse_and_bramhill_1_2.xls
2007-01-05 11:37 -------- d---s---- C:\DOCUME~1\TOOTOOSH\Application Data\microsoft
2006-12-29 22:36 -------- d--h----- C:\Program Files\installshield installation information
2006-12-27 22:12 -------- d-------- C:\Program Files\mfinstall
2006-12-20 23:29 -------- d-------- C:\DOCUME~1\TOOTOOSH\Application Data\autodesk
2006-12-20 23:13 -------- d-------- C:\Program Files\Common Files\autodesk shared
2006-12-20 23:12 -------- d-------- C:\Program Files\autocad 2006
2006-12-20 23:11 -------- d-------- C:\Program Files\answerworks 4.0
2006-12-20 22:59 -------- d-------- C:\Program Files\autodesk
2006-12-16 13:28 -------- d-------- C:\Program Files\sipphone
2006-12-07 06:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"VTTimer"="VTTimer.exe"
"VTTrayp"="VTtrayp.exe"
"STDSB"="C:\\WINDOWS\\system32\\drivers\\STDSB.exe"
"SoundMan"="SOUNDMAN.EXE"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\jusched.exe"
"PCMService"="\"c:\\Apps\\Powercinema\\PCMService.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"EmailChecker"="C:\\APPS\\EmailChecker\\ech.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"EPSON Stylus Photo RX520 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAGE.EXE /P31 \"EPSON Stylus Photo RX520 Series\" /O6 \"USB001\" /M \"Stylus Photo RX520\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ

#7 tutem

tutem
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 12 February 2007 - 09:07 PM

Thanks for your help on this, I followed your instructions to the letter, and I attach the reports as requested.

TOOTOOSH" - 07-02-13 0:53:54 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\TOOTOOSH\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))


2007-02-12 22:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Adobe
2007-02-12 19:26 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\You've Got Pictures Screensaver
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Symantec
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Sun
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Real
2007-02-12 16:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-12 16:05 <DIR> d-------- C:\Program Files\Grisoft
2007-02-12 15:24 <DIR> d-------- C:\Program Files\ACW
2007-02-11 19:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Sophos
2007-02-11 19:01 <DIR> d-------- C:\savxpsa
2007-02-10 14:46 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2007-02-10 14:46 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-02-10 14:32 <DIR> d-------- C:\DOCUME~1\TOOTOOSH\Application Data\Google
2007-02-10 14:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-02-10 14:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\

#8 tutem

tutem
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 12 February 2007 - 09:09 PM

Thanks for your help on this, I followed your instructions to the letter, and I attach the reports as requested.

TOOTOOSH" - 07-02-13 0:53:54 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\TOOTOOSH\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))


2007-02-12 22:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Adobe
2007-02-12 19:26 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\You've Got Pictures Screensaver
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Symantec
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Sun
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Real
2007-02-12 16:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-12 16:05 <DIR> d-------- C:\Program Files\Grisoft
2007-02-12 15:24 <DIR> d-------- C:\Program Files\ACW
2007-02-11 19:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Sophos
2007-02-11 19:01 <DIR> d-------- C:\savxpsa
2007-02-10 14:46 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2007-02-10 14:46 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-02-10 14:32 <DIR> d-------- C:\DOCUME~1\TOOTOOSH\Application Data\Google
2007-02-10 14:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-02-10 14:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-02-10 14:14 <DIR> d-------- C:\Program Files\Softnik Technologies
2007-02-09 23:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-02-09 15:32 <DIR> d-------- C:\Program Files\Common Files\Adobe(2)
2007-02-09 15:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe(2)
2007-01-23 20:19 <DIR> d-------- C:\Program Files\Windows Defender


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-13 00:38 -------- d-------- C:\Program Files\norton internet security
2007-02-13 00:28 -------- d-------- C:\DOCUME~1\TOOTOOSH\Application Data\adobeum
2007-02-12 22:28 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-02-11 21:31 -------- d-------- C:\Program Files\menara
2007-02-11 21:08 -------- d-------- C:\Program Files\spacenoid
2007-02-11 21:08 -------- d-------- C:\Program

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 13 February 2007 - 07:15 AM

Could you rescan with Combofix and then try to copy then paste the whole report in one go please.
Posted Image
Posted Image

#10 tutem

tutem
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 13 February 2007 - 09:52 AM

Hi, thanks again for all this help, sorry for the headache.

The file is quite large, but hope it means something to you.. :)

"TOOTOOSH" - 07-02-13 14:43:36 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\TOOTOOSH\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))


2007-02-13 04:45 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\NCH Swift Sound
2007-02-13 04:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\NCH Swift Sound
2007-02-13 04:20 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-02-13 04:20 <DIR> d-------- C:\DOCUME~1\TOOTOOSH\Application Data\NCH Swift Sound
2007-02-13 01:54 <DIR> d-------- C:\DOCUME~1\TOOTOOSH\Application Data\MSNInstaller
2007-02-12 22:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Adobe
2007-02-12 19:26 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\You've Got Pictures Screensaver
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Symantec
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Sun
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Real
2007-02-12 16:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-12 16:05 <DIR> d-------- C:\Program Files\Grisoft
2007-02-12 15:24 <DIR> d-------- C:\Program Files\ACW
2007-02-11 19:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Sophos
2007-02-11 19:01 <DIR> d-------- C:\savxpsa
2007-02-10 14:46 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2007-02-10 14:46 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-02-10 14:32 <DIR> d-------- C:\DOCUME~1\TOOTOOSH\Application Data\Google
2007-02-10 14:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-02-10 14:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-02-10 14:14 <DIR> d-------- C:\Program Files\Softnik Technologies
2007-02-09 23:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-02-09 15:32 <DIR> d-------- C:\Program Files\Common Files\Adobe(2)
2007-02-09 15:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe(2)
2007-01-23 20:19 <DIR> d-------- C:\Program Files\Windows Defender


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-13 11:15 -------- d-------- C:\DOCUME~1\TOOTOOSH\Application Data\adobeum
2007-02-13 04:46 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-02-13 01:53 -------- d--h----- C:\Program Files\installshield installation information
2007-02-13 01:52 -------- d-------- C:\Program Files\505 game collection
2007-02-13 01:47 -------- d-------- C:\Program Files\egames
2007-02-13 01:45 -------- d-------- C:\Program Files\officeforms
2007-02-13 01:45 -------- d-------- C:\Program Files\dynamic toolbar
2007-02-13 01:45 -------- d-------- C:\Program Files\Common Files\officeforms
2007-02-13 01:44 -------- d-------- C:\Program Files\hallisoft
2007-02-13 01:44 -------- d-------- C:\Program Files\epson
2007-02-13 01:39 -------- d-------- C:\Program Files\hide real ip
2007-02-13 00:38 -------- d-------- C:\Program Files\norton internet security
2007-02-11 21:31 -------- d-------- C:\Program Files\menara
2007-02-11 21:08 ---

#11 tutem

tutem
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 13 February 2007 - 09:53 AM

Hi, thanks again for all this help, sorry for the headache.

The file is quite large, but hope it means something to you.. :)

"TOOTOOSH" - 07-02-13 14:43:36 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\TOOTOOSH\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))


2007-02-13 04:45 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\NCH Swift Sound
2007-02-13 04:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\NCH Swift Sound
2007-02-13 04:20 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-02-13 04:20 <DIR> d-------- C:\DOCUME~1\TOOTOOSH\Application Data\NCH Swift Sound
2007-02-13 01:54 <DIR> d-------- C:\DOCUME~1\TOOTOOSH\Application Data\MSNInstaller
2007-02-12 22:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Adobe
2007-02-12 19:26 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\You've Got Pictures Screensaver
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Symantec
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Sun
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Real
2007-02-12 16:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-12 16:05 <DIR> d-------- C:\Program Files\Grisoft
2007-02-12 15:24 <DIR> d-------- C:\Program Files\ACW
2007-02-11 19:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Sophos
2007-02-11 19:01 <DIR> d-------- C:\savxpsa
2007-02-10 14:46 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2007-02-10 14:46 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-02-10 14:32 <DIR> d-------- C:\DOCUME~1\TOOTOOSH\Application Data\Google
2007-02-10 14:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-02-10 14:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-02-10 14:14 <DIR> d-------- C:\Program Files\Softnik Technologies
2007-02-09 23:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-02-09 15:32 <DIR> d-------- C:\Program Files\Common Files\Adobe(2)
2007-02-09 15:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe(2)
2007-01-23 20:19 <DIR> d-------- C:\Program Files\Windows Defender


((((((((((((((((((((((((((((((((((((((((((%2

#12 tutem

tutem
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 13 February 2007 - 09:56 AM

Hi, thanks again for all this help, sorry for the headache.

The file is quite large, but hope it means something to you.. :)

"TOOTOOSH" - 07-02-13 14:43:36 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\TOOTOOSH\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))


2007-02-13 04:45 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\NCH Swift Sound
2007-02-13 04:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\NCH Swift Sound
2007-02-13 04:20 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-02-13 04:20 <DIR> d-------- C:\DOCUME~1\TOOTOOSH\Application Data\NCH Swift Sound
2007-02-13 01:54 <DIR> d-------- C:\DOCUME~1\TOOTOOSH\Application Data\MSNInstaller
2007-02-12 22:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Adobe
2007-02-12 19:26 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\You've Got Pictures Screensaver
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Symantec
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Sun
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Real
2007-02-12 16:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-12 16:05 <DIR> d-------- C:\Program Files\Grisoft
2007-02-12 15:24 <DIR> d-------- C:\Program Files\ACW
2007-02-11 19:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Sophos
2007-02-11 19:01 <DIR> d-------- C:\savxpsa
2007-02-10 14:46 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2007-02-10 14:46 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-02-10 14:32 <DIR> d-------- C:\DOCUME~1\TOOTOOSH\Application Data\Google
2007-02-10 14:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-02-10 14:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-02-10 14:14 <DIR> d-------- C:\Program Files\Softnik Technologies
2007-02-09 23:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-02-09 15:32 <DIR> d-------- C:\Program Files\Common Files\Adobe(2)
2007-02-09 15:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe(2)
2007-01-23 20:19 <DIR> d-------- C:\Program Files\Windows Defender


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-13 11:15 -------- d-------- C:\DOCUME~1\TOOTOOSH\Application Data\adobeum
2007-02-13 04:46 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-02-13 01:53 -------- d--h----- C:\Program Files\installshield installation information
2007-02-13 01:52 -------- d-------- C:\Program Files\505 game collection
2007-02-13 01:47 -------- d-------- C:\Program Files\egames
2007-02-13 01:45 -------- d-------- C:\Program Files\officeforms
2007-02-13 01:45 -------- d-------- C:\Program Files\dynamic toolbar
2007-02-13 01:45 -------- d-------- C:\Program Files\Common Files\officeforms
2007-02-13 01:44 -------- d-------- C:\Program Files\hallisoft
2007-02-13 01:44 -------- d-------- C:\Program Files\epson
2007-02-13 01:39 -------- d-------- C:\Program Files\hide real ip
2007-02-13 00:38 -------- d-------- C:\Program Files\norton internet security
2007-02-11 21:31 -------- d-------- C:\Program Files\menara
2007-02-11 21:08 ---

#13 tutem

tutem
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 13 February 2007 - 09:58 AM

Hi, thanks again for all this help, sorry for the headache.

The file is quite large, but hope it means something to you.. :)

"TOOTOOSH" - 07-02-13 14:43:36 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\TOOTOOSH\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))


2007-02-13 04:45 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\NCH Swift Sound
2007-02-13 04:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\NCH Swift Sound
2007-02-13 04:20 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-02-13 04:20 <DIR> d-------- C:\DOCUME~1\TOOTOOSH\Application Data\NCH Swift Sound
2007-02-13 01:54 <DIR> d-------- C:\DOCUME~1\TOOTOOSH\Application Data\MSNInstaller
2007-02-12 22:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Adobe
2007-02-12 19:26 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\You've Got Pictures Screensaver
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Symantec
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Sun
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Real
2007-02-12 16:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-12 16:05 <DIR> d-------- C:\Program Files\G

#14 tutem

tutem
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 13 February 2007 - 10:02 AM

Hi, thanks again for all this help, sorry for the headache.

The file is quite large, but hope it means something to you.. :)

"TOOTOOSH" - 07-02-13 14:43:36 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\TOOTOOSH\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))


2007-02-13 04:45 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\NCH Swift Sound
2007-02-13 04:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\NCH Swift Sound
2007-02-13 04:20 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-02-13 04:20 <DIR> d-------- C:\DOCUME~1\TOOTOOSH\Application Data\NCH Swift Sound
2007-02-13 01:54 <DIR> d-------- C:\DOCUME~1\TOOTOOSH\Application Data\MSNInstaller
2007-02-12 22:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Adobe
2007-02-12 19:26 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\You've Got Pictures Screensaver
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Symantec
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Sun
2007-02-12 19:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Real
2007-02-12 16:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-12 16:05 <DIR> d-------- C:\Program Files\G

#15 tutem

tutem
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 14 February 2007 - 06:07 AM

I am having big problems sending the message to yourself, I attach the full copy of the combo report but it crashes and only sends half the message, hence multiple copies, sorry''

Any advice ??
:thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users