lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Iexplore.exe virus....please help!!!

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules

Register


 Default 

Iexplore.exe virus....please help!!!




Reply
Page 2 of 3 1 2 3
 
Thread Tools
  #11  
Old 21st Sep 2008, 18:06
New Member Group
  
ComboFix Log:

ComboFix 08-09-20.05 - Zachary 2008-09-21 20:48:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.165 [GMT -4:00]
Running from: C:\Documents and Settings\Zachary \Desktop\ComboFix.exe
* Created a new restore point
.
ADS - system32: deleted 12 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Compaq_Owner.ZACH\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Phillip\Cookies\phillip@insightexpressai[1].txt
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system\oeminfo.ini
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-08-22 to 2008-09-22 )))))))))))))))))))))))))))))))
.

2008-09-21 18:11 . 2008-09-21 18:11 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Verizon
2008-09-20 18:52 . 2008-09-20 18:52 <DIR> d-------- C:\Program Files\CCleaner
2008-09-20 18:48 . 2008-09-20 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-09-20 17:57 . 2008-09-20 17:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-20 17:57 . 2008-09-20 17:57 <DIR> d-------- C:\Documents and Settings\Zachary \Application Data\Malwarebytes
2008-09-20 17:57 . 2008-09-20 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-20 17:57 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-20 17:57 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-20 15:24 . 2008-09-20 15:24 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-09-20 00:05 . 2008-09-20 00:05 <DIR> d-------- C:\Program Files\AVG
2008-09-20 00:05 . 2008-09-20 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-19 22:46 . 2008-09-19 22:46 <DIR> d-------- C:\Program Files\Windows Defender
2008-09-19 22:31 . 2008-09-19 22:31 <DIR> d-------- C:\Program Files\Common Files\Gibinsoft Shared
2008-09-19 22:31 . 2008-09-20 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-09-19 22:30 . 2008-09-19 22:30 <DIR> d-------- C:\Documents and Settings\Zachary \Application Data\DivX
2008-09-19 22:29 . 2008-09-19 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-19 22:27 . 2008-09-19 22:27 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-19 22:27 . 2008-09-19 22:27 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-09-19 22:27 . 2008-09-19 22:27 <DIR> d-------- C:\WINDOWS\bin
2008-09-19 22:27 . 2008-09-19 22:27 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-09-19 22:27 . 2008-09-19 22:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-09-19 22:26 . 2008-09-20 00:15 <DIR> d-------- C:\WINDOWS\wt
2008-09-19 22:26 . 2008-09-19 22:26 <DIR> d-------- C:\Documents and Settings\Zachary \Application Data\AdobeUM
2008-09-19 05:32 . 2008-09-19 22:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-19 05:32 . 2008-09-20 18:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-19 04:50 . 2008-09-19 22:29 <DIR> d-------- C:\Program Files\iPod(3)
2008-09-19 04:21 . 2008-09-19 04:21 <DIR> d-------- C:\Program Files\GiPo@Utilities
2008-09-19 03:35 . 2008-09-19 03:30 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-19 03:30 . 2008-09-19 22:31 <DIR> d-------- C:\Documents and Settings\Zachary \.housecall6.6
2008-09-19 03:19 . 2008-09-19 03:19 106 --a------ C:\delete.bat
2008-09-19 01:24 . 2008-09-19 01:24 <DIR> d-------- C:\Documents and Settings\Zachary \Application Data\Webroot
2008-09-18 20:06 . 2008-07-23 12:50 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-09-18 20:06 . 2008-07-23 12:50 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-09-18 20:06 . 2008-07-23 12:50 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-09-18 20:05 . 2008-09-19 22:30 <DIR> d-------- C:\Program Files\DivX
2008-09-18 09:51 . 2008-09-19 22:30 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-18 01:40 . 2008-09-19 22:29 <DIR> d-------- C:\Program Files\iPod
2008-09-18 01:38 . 2008-09-19 22:29 <DIR> d-------- C:\Program Files\Bonjour
2008-09-18 01:34 . 2008-09-19 22:29 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-18 00:31 . 2008-09-18 00:31 <DIR> d-------- C:\Documents and Settings\Zachary \Application Data\acccore
2008-09-18 00:29 . 2008-09-18 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-09-18 00:27 . 2008-09-19 22:28 <DIR> d-------- C:\Program Files\AIM6
2008-09-18 00:27 . 2008-09-20 17:58 995 --ah----- C:\IPH.PH
2008-09-18 00:12 . 2008-09-18 00:12 <DIR> d--hs---- C:\Documents and Settings\Zachary \PrivacIE
2008-09-18 00:05 . 2008-09-19 22:28 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-09-17 22:35 . 2008-09-19 23:13 <DIR> d-------- C:\Documents and Settings\Zachary \Application Data\uTorrent
2008-09-17 22:15 . 2008-09-21 18:02 <DIR> d-------- C:\Documents and Settings\Zachary \Application Data\LimeWire
2008-09-17 21:33 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-09-17 21:33 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-17 21:21 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-09-17 21:21 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-09-17 21:21 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-17 20:50 . 2008-09-19 22:27 <DIR> d-------- C:\Documents and Settings\Zachary \Contacts
2008-09-17 20:19 . 2008-09-19 22:27 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-09-17 20:19 . 2008-09-17 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-09-17 19:43 . 2008-09-19 22:27 <DIR> d-------- C:\WINDOWS\DSL
2008-09-17 19:43 . 2008-09-17 19:43 <DIR> d-------- C:\Documents and Settings\Zachary \Application Data\Motive
2008-09-17 19:24 . 2008-09-17 19:24 <DIR> d-------- C:\Documents and Settings\Zachary \Application Data\Verizon
2008-09-17 19:24 . 2008-09-20 07:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Verizon
2008-09-17 19:12 . 2008-09-20 15:24 <DIR> d-------- C:\Program Files\Verizon
2008-09-17 18:51 . 2008-09-17 18:51 61,224 --a------ C:\Documents and Settings\Zachary \GoToAssistDownloadHelper.exe
2008-09-16 18:18 . 2008-09-18 00:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-16 18:18 . 2008-09-16 18:18 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-16 16:58 . 2008-09-16 19:12 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Apple Computer
2008-09-16 15:41 . 2008-09-16 16:46 <DIR> d-------- C:\Documents and Settings\Zachary \Application Data\Apple Computer
2008-09-16 15:25 . 2006-05-26 23:56 <DIR> d-------- C:\Documents and Settings\Zachary \WINDOWS
2008-09-16 15:25 . 2006-05-26 23:57 <DIR> d-------- C:\Documents and Settings\Zachary \Application Data\Intuit
2008-09-16 15:25 . 2008-09-21 18:04 <DIR> d-------- C:\Documents and Settings\Zachary
2008-09-16 13:36 . 2008-09-19 22:27 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-09-14 01:51 . 2008-02-24 19:59 1,872,666 --a------ C:\WINDOWS\system32\cygwin1.dll
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll
2008-08-22 12:44 . 2008-08-22 12:44 <DIR> d-------- C:\Documents and Settings\Phillip\Application Data\Sonic
2008-08-22 12:43 . 2008-08-22 12:43 <DIR> d-------- C:\Documents and Settings\Phillip\Application Data\Leadertech
2008-08-22 03:05 . 2008-08-22 03:05 48,640 --------- C:\WINDOWS\system32\PrivacIE.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-09-20 22:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-20 22:35 --------- d-----w C:\Program Files\Viewpoint
2008-09-20 22:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-20 20:54 --------- d-----w C:\Program Files\Common Files\Scanner
2008-09-20 19:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-20 02:30 --------- d-----w C:\Program Files\LimeWire
2008-09-20 02:30 --------- d-----w C:\Program Files\iTunes
2008-09-20 02:29 --------- d-----w C:\Program Files\QuickTime
2008-09-20 02:28 --------- d-----w C:\Program Files\PeoplePC
2008-09-20 02:27 --------- d-----w C:\Program Files\MSN Messenger
2008-09-18 05:37 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-18 04:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-09-16 19:56 --------- d-----w C:\Program Files\aircrack-ng-0.9.3-win
2008-08-19 02:22 --------- d-----w C:\Documents and Settings\Phillip\Application Data\SodaBush
2008-08-14 02:36 --------- d-----w C:\Program Files\Yahoo!
2008-08-14 02:35 --------- d-----w C:\Documents and Settings\Phillip\Application Data\Yahoo!
2008-08-14 02:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-14 02:23 --------- d-----w C:\Documents and Settings\Phillip\Application Data\LimeWire
2008-08-13 20:07 --------- d-----w C:\Program Files\CommViewWiFi
2008-08-12 03:16 --------- d-----w C:\Program Files\Makayama Interactive
2008-08-04 22:21 --------- d-----w C:\Documents and Settings\Phillip\Application Data\HPQ
2008-07-31 16:23 --------- d-----w C:\Documents and Settings\Phillip\Application Data\PlayFirst
2008-07-29 16:50 344 ----a-w C:\Documents and Settings\Phillip\Application Data\wklnhst.dat
2008-07-23 16:50 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-08-19 01:24 1,072 ----a-w C:\Documents and Settings\Compaq_Owner.ZACH\Application Data\wklnhst.dat
2007-01-09 19:36 5,971,432 ----a-w C:\Program Files\Firefox Setup 2.0.0.1.exe
2006-10-12 02:53 3,496,097 -c--a-w C:\Program Files\AVICodecPackPlus21.exe
2006-08-21 13:36 31,749,253 -c--a-w C:\Program Files\FinNPWin2k6.exe
.

------- Sigcheck -------

2008-04-13 20:12 111104 ed7262e52c31cf1625b65039102bc16c C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e 88561d2ddb53e183dc05c3e\wuauclt.exe
2008-07-18 22:10 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-08-06 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-09-28 936960]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Phillip^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Phillip\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-08-06 11:21 50472 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler]
--a------ 2007-01-25 17:34 8784 C:\Program Files\Common Files\AOL\1177132967\ee\services\safetyCore\ver210 _5_4_1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 07:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 20:52 50736 C:\Program Files\Common Files\AOL\1177132967\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 00:11 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2006-02-16 01:34 249856 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 17:40 289576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 19:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-07-23 01:14 237568 C:\WINDOWS\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2005-07-06 16:16 2972672 C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sscRun]
--a------ 2007-01-25 17:34 153168 C:\Program Files\Common Files\AOL\1177132967\ee\sscRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 04:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-03-08 07:54 16010240 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\1177132967\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"17298:TCP"= 17298:TCP:BitComet 17298 TCP
"17298:UDP"= 17298:UDP:BitComet 17298 UDP
"15158:TCP"= 15158:TCP:PORT_15158

R3 Belkin700F;Belkin Wireless G Desktop Card Service v7;C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys [2006-10-18 303616]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-ccApp - c:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Zachary \Application Data\Mozilla\Firefox\Profiles\t8t6k42b.default\
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 20:54:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\ComboFix\pv.cfexe
.
************************************************** ************************
.
Completion time: 2008-09-21 21:02:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-22 01:02:45

Pre-Run: 83,712,569,344 bytes free
Post-Run: 83,697,352,704 bytes free

268 --- E O F --- 2008-09-18 13:53:59


HiJack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:06 PM, on 9/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Zachary Merrick\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Surround - {6A166C8C-66D5-41B5-88CE-ACE7AF5F79DA} - http://wapp.verizon.net/bookmarks/bm...bm=wl_surround (file missing) (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...0Installer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

--
End of file - 7258 bytes

Thanks!
  #12  
Old 21st Sep 2008, 18:36
New Member Group
  
It seems as though my post didn't go through, so I'll post it again.

ComboFix:

ComboFix 08-09-20.05 - Zachary 2008-09-21 20:48:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.165 [GMT -4:00]
Running from: C:\Documents and Settings\Zachary \Desktop\ComboFix.exe
* Created a new restore point
.
ADS - system32: deleted 12 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Compaq_Owner.ZACH\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Phillip\Cookies\phillip@insightexpressai[1].txt
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system\oeminfo.ini
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-08-22 to 2008-09-22 )))))))))))))))))))))))))))))))
.

2008-09-21 18:11 . 2008-09-21 18:11 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Verizon
2008-09-20 18:52 . 2008-09-20 18:52 <DIR> d-------- C:\Program Files\CCleaner
2008-09-20 18:48 . 2008-09-20 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-09-20 17:57 . 2008-09-20 17:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-20 17:57 . 2008-09-20 17:57 <DIR> d-------- C:\Documents and Settings\Zachary \Application Data\Malwarebytes
2008-09-20 17:57 . 2008-09-20 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-20 17:57 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-20 17:57 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-20 15:24 . 2008-09-20 15:24 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-09-20 00:05 . 2008-09-20 00:05 <DIR> d-------- C:\Program Files\AVG
2008-09-20 00:05 . 2008-09-20 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-19 22:46 . 2008-09-19 22:46 <DIR> d-------- C:\Program Files\Windows Defender
2008-09-19 22:31 . 2008-09-19 22:31 <DIR> d-------- C:\Program Files\Common Files\Gibinsoft Shared
2008-09-19 22:31 . 2008-09-20 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-09-19 22:30 . 2008-09-19 22:30 <DIR> d-------- C:\Documents and Settings\Zachary \Application Data\DivX
2008-09-19 22:29 . 2008-09-19 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-19 22:27 . 2008-09-19 22:27 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-19 22:27 . 2008-09-19 22:27 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-09-19 22:27 . 2008-09-19 22:27 <DIR> d-------- C:\WINDOWS\bin
2008-09-19 22:27 . 2008-09-19 22:27 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-09-19 22:27 . 2008-09-19 22:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-09-19 22:26 . 2008-09-20 00:15 <DIR> d-------- C:\WINDOWS\wt
2008-09-19 22:26 . 2008-09-19 22:26 <DIR> d-------- C:\Documents and Settings\Zachary \Application Data\AdobeUM
2008-09-19 05:32 . 2008-09-19 22:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-19 05:32 . 2008-09-20 18:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-19 04:50 . 2008-09-19 22:29 <DIR> d-------- C:\Program Files\iPod(3)
2008-09-19 04:21 . 2008-09-19 04:21 <DIR> d-------- C:\Program Files\GiPo@Utilities
2008-09-19 03:35 . 2008-09-19 03:30 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-19 03:30 . 2008-09-19 22:31 <DIR> d-------- C:\Documents and Settings\Zachary \.housecall6.6
2008-09-19 03:19 . 2008-09-19 03:19 106 --a------ C:\delete.bat
2008-09-19 01:24 . 2008-09-19 01:24 <DIR> d-------- C:\Documents and Settings\Zachary \Application Data\Webroot
2008-09-18 20:06 . 2008-07-23 12:50 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-09-18 20:06 . 2008-07-23 12:50 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-09-18 20:06 . 2008-07-23 12:50 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-09-18 20:05 . 2008-09-19 22:30 <DIR> d-------- C:\Program Files\DivX
2008-09-18 09:51 . 2008-09-19 22:30 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-18 01:40 . 2008-09-19 22:29 <DIR> d-------- C:\Program Files\iPod
2008-09-18 01:38 . 2008-09-19 22:29 <DIR> d-------- C:\Program Files\Bonjour
2008-09-18 01:34 . 2008-09-19 22:29 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-18 00:31 . 2008-09-18 00:31 <DIR> d-------- C:\Documents and Settings\Zachary \Application Data\acccore
2008-09-18 00:29 . 2008-09-18 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-09-18 00:27 . 2008-09-19 22:28 <DIR> d-------- C:\Program Files\AIM6
2008-09-18 00:27 . 2008-09-20 17:58 995 --ah----- C:\IPH.PH
2008-09-18 00:12 . 2008-09-18 00:12 <DIR> d--hs---- C:\Documents and Settings\Zachary \PrivacIE
2008-09-18 00:05 . 2008-09-19 22:28 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-09-17 22:35 . 2008-09-19 23:13 <DIR> d-------- C:\Documents and Settings\Zachary \Application Data\uTorrent
2008-09-17 22:15 . 2008-09-21 18:02 <DIR> d-------- C:\Documents and Settings\Zachary \Application Data\LimeWire
2008-09-17 21:33 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-09-17 21:33 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-17 21:21 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-09-17 21:21 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-09-17 21:21 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-17 20:50 . 2008-09-19 22:27 <DIR> d-------- C:\Documents and Settings\Zachary \Contacts
2008-09-17 20:19 . 2008-09-19 22:27 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-09-17 20:19 . 2008-09-17 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-09-17 19:43 . 2008-09-19 22:27 <DIR> d-------- C:\WINDOWS\DSL
2008-09-17 19:43 . 2008-09-17 19:43 <DIR> d-------- C:\Documents and Settings\Zachary \Application Data\Motive
2008-09-17 19:24 . 2008-09-17 19:24 <DIR> d-------- C:\Documents and Settings\Zachary \Application Data\Verizon
2008-09-17 19:24 . 2008-09-20 07:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Verizon
2008-09-17 19:12 . 2008-09-20 15:24 <DIR> d-------- C:\Program Files\Verizon
2008-09-17 18:51 . 2008-09-17 18:51 61,224 --a------ C:\Documents and Settings\Zachary \GoToAssistDownloadHelper.exe
2008-09-16 18:18 . 2008-09-18 00:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-16 18:18 . 2008-09-16 18:18 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-16 16:58 . 2008-09-16 19:12 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Apple Computer
2008-09-16 15:41 . 2008-09-16 16:46 <DIR> d-------- C:\Documents and Settings\Zachary \Application Data\Apple Computer
2008-09-16 15:25 . 2006-05-26 23:56 <DIR> d-------- C:\Documents and Settings\Zachary \WINDOWS
2008-09-16 15:25 . 2006-05-26 23:57 <DIR> d-------- C:\Documents and Settings\Zachary \Application Data\Intuit
2008-09-16 15:25 . 2008-09-21 18:04 <DIR> d-------- C:\Documents and Settings\Zachary
2008-09-16 13:36 . 2008-09-19 22:27 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-09-14 01:51 . 2008-02-24 19:59 1,872,666 --a------ C:\WINDOWS\system32\cygwin1.dll
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll
2008-08-22 12:44 . 2008-08-22 12:44 <DIR> d-------- C:\Documents and Settings\Phillip\Application Data\Sonic
2008-08-22 12:43 . 2008-08-22 12:43 <DIR> d-------- C:\Documents and Settings\Phillip\Application Data\Leadertech
2008-08-22 03:05 . 2008-08-22 03:05 48,640 --------- C:\WINDOWS\system32\PrivacIE.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-09-20 22:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-20 22:35 --------- d-----w C:\Program Files\Viewpoint
2008-09-20 22:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-20 20:54 --------- d-----w C:\Program Files\Common Files\Scanner
2008-09-20 19:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-20 02:30 --------- d-----w C:\Program Files\LimeWire
2008-09-20 02:30 --------- d-----w C:\Program Files\iTunes
2008-09-20 02:29 --------- d-----w C:\Program Files\QuickTime
2008-09-20 02:28 --------- d-----w C:\Program Files\PeoplePC
2008-09-20 02:27 --------- d-----w C:\Program Files\MSN Messenger
2008-09-18 05:37 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-18 04:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-09-16 19:56 --------- d-----w C:\Program Files\aircrack-ng-0.9.3-win
2008-08-19 02:22 --------- d-----w C:\Documents and Settings\Phillip\Application Data\SodaBush
2008-08-14 02:36 --------- d-----w C:\Program Files\Yahoo!
2008-08-14 02:35 --------- d-----w C:\Documents and Settings\Phillip\Application Data\Yahoo!
2008-08-14 02:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-14 02:23 --------- d-----w C:\Documents and Settings\Phillip\Application Data\LimeWire
2008-08-13 20:07 --------- d-----w C:\Program Files\CommViewWiFi
2008-08-12 03:16 --------- d-----w C:\Program Files\Makayama Interactive
2008-08-04 22:21 --------- d-----w C:\Documents and Settings\Phillip\Application Data\HPQ
2008-07-31 16:23 --------- d-----w C:\Documents and Settings\Phillip\Application Data\PlayFirst
2008-07-29 16:50 344 ----a-w C:\Documents and Settings\Phillip\Application Data\wklnhst.dat
2008-07-23 16:50 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-08-19 01:24 1,072 ----a-w C:\Documents and Settings\Compaq_Owner.ZACH\Application Data\wklnhst.dat
2007-01-09 19:36 5,971,432 ----a-w C:\Program Files\Firefox Setup 2.0.0.1.exe
2006-10-12 02:53 3,496,097 -c--a-w C:\Program Files\AVICodecPackPlus21.exe
2006-08-21 13:36 31,749,253 -c--a-w C:\Program Files\FinNPWin2k6.exe
.

------- Sigcheck -------

2008-04-13 20:12 111104 ed7262e52c31cf1625b65039102bc16c C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e 88561d2ddb53e183dc05c3e\wuauclt.exe
2008-07-18 22:10 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-08-06 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-09-28 936960]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Phillip^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Phillip\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-08-06 11:21 50472 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler]
--a------ 2007-01-25 17:34 8784 C:\Program Files\Common Files\AOL\1177132967\ee\services\safetyCore\ver210 _5_4_1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 07:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 20:52 50736 C:\Program Files\Common Files\AOL\1177132967\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 00:11 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2006-02-16 01:34 249856 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 17:40 289576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 19:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-07-23 01:14 237568 C:\WINDOWS\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2005-07-06 16:16 2972672 C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sscRun]
--a------ 2007-01-25 17:34 153168 C:\Program Files\Common Files\AOL\1177132967\ee\sscRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 04:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-03-08 07:54 16010240 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\1177132967\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"17298:TCP"= 17298:TCP:BitComet 17298 TCP
"17298:UDP"= 17298:UDP:BitComet 17298 UDP
"15158:TCP"= 15158:TCP:PORT_15158

R3 Belkin700F;Belkin Wireless G Desktop Card Service v7;C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys [2006-10-18 303616]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-ccApp - c:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Zachary \Application Data\Mozilla\Firefox\Profiles\t8t6k42b.default\
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 20:54:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\ComboFix\pv.cfexe
.
************************************************** ************************
.
Completion time: 2008-09-21 21:02:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-22 01:02:45

Pre-Run: 83,712,569,344 bytes free
Post-Run: 83,697,352,704 bytes free

268 --- E O F --- 2008-09-18 13:53:59

HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:15 PM, on 9/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Zachary Merrick\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Surround - {6A166C8C-66D5-41B5-88CE-ACE7AF5F79DA} - http://wapp.verizon.net/bookmarks/bm...bm=wl_surround (file missing) (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...0Installer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

--
End of file - 7365 bytes
  #13  
Old 21st Sep 2008, 19:01
Moderator Group
  
Download OTMoveIt2 by OldTimerand save it to your Desktop.

Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.

1. Double-click OTMoveIt2.exe to run it.
2. Copy the lines in the codebox below.

Code:
[kill explorer]
C:\Program Files\CA
C:\Program Files\Webroot
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall
EmptyTemp
[start explorer]
3. Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste
4. Click the red Moveit! button.
5. Copy everything in the Results window (under the green bar) and paste it in your next reply.
6. Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

----------

How is everything now?
__________________
  #14  
Old 21st Sep 2008, 19:07
New Member Group
  
Unable to kill explorer.exe
Folder move failed. C:\Program Files\CA\PPRT\logs scheduled to be moved on reboot.
Folder move failed. C:\Program Files\CA\PPRT\bin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\CA\PPRT scheduled to be moved on reboot.
Folder move failed. C:\Program Files\CA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Webroot\Spy Sweeper\Quarantine scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Webroot\Spy Sweeper\Masters scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Webroot\Spy Sweeper scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Webroot scheduled to be moved on reboot.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper >
Unable to delete registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper\\ .
< HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall >
Unable to delete registry key HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall\\ .
< EmptyTemp >
File delete failed. C:\WINDOWS\temp\MpCmdRun.log scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09212008_220552

I'm am about to restart my comp now.
  #15  
Old 21st Sep 2008, 19:14
New Member Group
  
I'm still getting two IEXPLORE.exe processes one using 24000 mem and one using 16000 mem. Hmm...can you suggest anything else?
  #16  
Old 21st Sep 2008, 19:21
Moderator Group
  
  • Click START then RUN
  • Now type Combofix /u in the runbox
  • Make sure there's a space between Combofix and /u
  • Then hit Enter.

  • The above procedure will:
  • Delete the following:
  • ComboFix and its associated files and folders.
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.

----------

1. Double click OTMoveIt2.exe to launch it.
If using Vista Right-Click OTMoveIt and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
  • When finished exit out of OTMoveIt2

----------

Download DrWeb CureIt & save it to your desktop.

Scan with DrWeb-CureIt as follows:
  • Double-click on drweb-cureit.exe and then click Start.
  • An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now Click OK to start.
    • This is a short scan that will scan the files currently running in memory.
    • If or when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis and click OK
  • Back at the main window, select the Complete scan button.
  • Then click the Green Arrow Start Scanning button on the right and the scan will start.
    • Click Yes to all if it asks if you want to cure/move any file(s).
  • When the scan is done.
  • In the Dr.Web CureIt menu on top left, click File and choose Save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
  • Copy and paste that log in the next reply
__________________
  #17  
Old 22nd Sep 2008, 16:25
New Member Group
  
RegUBP2b-Zachary Merrick.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;



MIRCSETUP.EXE\data001;C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~AceTemp\XP_Vista_UWI_Edition\I386\S VCPACK\MIRCSETUP.EXE;Program.mIRC.617;;

MIRCSETUP.EXE;C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~AceTemp\XP_Vista_UWI_Edition\I386\S VCPACK;Archive contains infected objects;Moved.;

C2152591d01\32788R22FWJFW\psexec.cfexe;C:\Document s and Settings\Zachary Merrick\Local Settings\Application Data\Mozilla\Firefox\Profiles\t8t6k42b.default\Cac he\C2152;Program.PsExec.171;; C2152591d01;C:\Documents and Settings\Zachary Merrick\Local Settings\Application Data\Mozilla\Firefox\Profiles\t8t6k42b.default\Cac he;Archive contains infected objects;Moved.;

KillWind.exe;C:\hp\bin;Tool.ProcessKill;Incurable. Deleted.;












GTDownAO_106.ocx;C:\Program Files\Common Files\AolCoach\en_en;Adware.Gdown;Incurable.Delete d.;








inetchk.exe;C:\Program Files\music_now;Trojan.Click.2093;Deleted.;











AOLCINST.EXE\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH\AOLCINST.EXE;Adware.Gdown ;;



AOLCINST.EXE;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH;Archive contains infected objects;Moved.;





A0091552.reg;C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP285;Trojan.StartPage.1505;Deleted. ;





aolconnfix.exe;C:\WINDOWS;Trojan.PWS.Gamania.origi n;Incurable.Moved.;











data016\data001;D:\I386\APPS\APP24073\src\CompaqPr esario_Spring06.exe\data016;Adware.Msearch;;








data016\data005;D:\I386\APPS\APP24073\src\CompaqPr esario_Spring06.exe\data016;Adware.Msearch;;








data016;D:\I386\APPS\APP24073\src\CompaqPresario_S pring06.exe;Archive contains infected objects;;








CompaqPresario_Spring06.exe;D:\I386\APPS\APP24073\ src;Archive contains infected objects;Moved.;








data016\data001;D:\I386\APPS\APP24073\src\HPPavill ion_Spring06.exe\data016;Adware.Msearch;;








data016\data005;D:\I386\APPS\APP24073\src\HPPavill ion_Spring06.exe\data016;Adware.Msearch;;








data016;D:\I386\APPS\APP24073\src\HPPavillion_Spri ng06.exe;Archive contains infected objects;;








HPPavillion_Spring06.exe;D:\I386\APPS\APP24073\src ;Archive contains infected objects;Moved.;









data016\data001;D:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP285\A0091553.exe\data016;Adware.Ms earch;;




data016\data005;D:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP285\A0091553.exe\data016;Adware.Ms earch;;




data016;D:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP285\A0091553.exe;Archive contains infected objects;;




A0091553.exe;D:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP285;Archive contains infected objects;Moved.;




data016\data001;D:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP285\A0091554.exe\data016;Adware.Ms earch;;




data016\data005;D:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP285\A0091554.exe\data016;Adware.Ms earch;;




data016;D:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP285\A0091554.exe;Archive contains infected objects;;

This is how the log came out. Thanks
  #18  
Old 22nd Sep 2008, 16:49
Moderator Group
  
How is everything now?
__________________
  #19  
Old 22nd Sep 2008, 17:13
New Member Group
  
they are still popping up!!! Dag nabbit!
  #20  
Old 22nd Sep 2008, 17:21
Moderator Group
  
I think I have tracked it down.

Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:
KillAll::

Driver::
NPF
NPF
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
__________________
Reply
Page 2 of 3 1 2 3

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.