Please Help!!!!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.
B

bkevinb

Thread Starter
Joined
Apr 9, 2008
Messages
37
Hello, i need some help with this. I have some spyware or a virus, but every scan i do comes up nothing. Whatever i did find, i deleted but my computer is running so slow and keeps rebooting. The computer restarts itself every 20 mins or so, and takes 12 mins to reboot. I had popups at start up and even when idle asking me to download Ultimate Defender. Ive been trying to remove Ultimate defender for a while now using the steps listed in forums. When it starts up now, it gives me an error message "The system has recovered from a serious error." When i am searching for things on google, and click the link provided, it redirects me to a diffrent site. I can now only access the net through pages in my favorites. Can someone PLEASE help me? I am running Xp sp2 Is there any other information than can be helpful in solving this Problem? Here are some of the scans i have tryed, Ad-Aware SE Professional, Spybot - Search & Destroy, AVG 7.5, AVG Anti-Spyware, Spyware Doctor, CCleaner, avast! Antivirus, Malwarebytes' Anti-Malware, SmitfraudFix.exe, SUPERAntiSpyware Free Edition.
 
B

bkevinb

Thread Starter
Joined
Apr 9, 2008
Messages
37
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:34 PM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168238282679
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168239578662
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: SetupComponent - {15dacb26-d8cd-4a7d-b710-f290d7fe81de} - (no file)
O21 - SSODL: DrvVolume - {9c382772-49be-445f-b33a-1aab4f32b5f4} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7804 bytes
 
B

bkevinb

Thread Starter
Joined
Apr 9, 2008
Messages
37
Something added a file to my desktop, the name of the file is:
New Microsoft Office Access Application.mdb
I did not open this file, i do not know what or where it came from.
 
Cookiegal

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,046
Please visit Combofix Guide & Instructions for instructions for downloading and running ComboFix:

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

Combofix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.

Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.
 
B

bkevinb

Thread Starter
Joined
Apr 9, 2008
Messages
37
ComboFix 08-04-13.3 - New User 2008-04-14 20:40:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.182 [GMT -4:00]
Running from: C:\Documents and Settings\New User\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\wsystmp_wvk.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSUPDATE


((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-13 10:34 . 2008-04-13 10:38 <DIR> d-------- C:\Program Files\Panda Security
2008-04-10 21:43 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-10 21:43 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-10 21:43 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-10 21:43 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-10 21:43 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-10 21:43 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-10 21:43 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-10 19:10 . 2008-04-10 19:10 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-10 19:10 . 2008-04-10 19:10 <DIR> d-------- C:\Documents and Settings\New User\Application Data\SUPERAntiSpyware.com
2008-04-10 19:10 . 2008-04-10 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-09 22:33 . 2008-04-09 22:33 <DIR> d-------- C:\Documents and Settings\New User\Application Data\Uniblue
2008-04-09 21:04 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-09 20:50 . 2008-04-09 20:50 <DIR> d-------- C:\Program Files\CCleaner
2008-04-08 20:53 . 2008-03-29 14:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-04-08 20:53 . 2008-03-29 14:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-04-08 20:53 . 2008-01-17 11:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-04-08 20:53 . 2008-03-29 14:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-08 20:53 . 2008-03-29 14:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-04-08 20:53 . 2008-03-29 14:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-04-08 20:53 . 2008-03-29 14:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-04-08 20:53 . 2008-03-29 14:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-08 20:52 . 2008-04-08 20:52 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-08 20:52 . 2008-03-29 14:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-04-08 20:52 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-04-08 06:58 . 2008-04-08 06:58 <DIR> d-------- C:\Deckard
2008-04-07 23:36 . 2008-04-07 23:36 <DIR> d-------- C:\Documents and Settings\New User\Application Data\Apple Computer
2008-04-07 22:38 . 2008-04-07 22:52 <DIR> d-------- C:\fixwareout
2008-04-07 22:10 . 2008-04-10 22:42 1,600 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-07 22:02 . 2008-04-07 22:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-07 22:02 . 2008-04-07 22:02 <DIR> d-------- C:\Documents and Settings\New User\Application Data\Malwarebytes
2008-04-07 22:02 . 2008-04-07 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-07 22:00 . 2008-04-07 22:00 <DIR> d-------- C:\_OTMoveIt
2008-04-07 21:35 . 2008-04-07 21:36 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-07 21:21 . 2008-04-07 21:21 <DIR> d-------- C:\Documents and Settings\Administrator.NEW
2008-04-07 20:37 . 2008-04-07 20:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-05 21:14 . 2008-04-11 23:32 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-04-05 21:14 . 2008-04-05 21:14 <DIR> d-------- C:\Documents and Settings\New User\Application Data\PC Tools
2008-04-05 21:14 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-05 21:14 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-05 21:14 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-05 21:14 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-02 22:33 . 2005-10-20 21:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-02 22:33 . 2005-10-20 21:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-02 22:31 . 2008-04-02 22:31 <DIR> d-------- C:\Program Files\MS Extra links
2008-03-30 20:07 . 2007-01-18 08:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-03-30 20:01 . 2008-03-30 20:01 <DIR> d-------- C:\Documents and Settings\New User\Application Data\Grisoft
2008-03-30 20:01 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-30 19:45 . 2008-04-07 19:50 <DIR> d-------- C:\Documents and Settings\New User\Application Data\AVG7
2008-03-30 19:44 . 2008-03-30 19:44 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-30 19:44 . 2008-03-30 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-30 19:44 . 2008-03-30 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-30 17:10 . 2008-04-13 10:14 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-30 17:09 . 2008-03-30 17:09 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-30 17:08 . 2008-04-14 20:37 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-23 19:42 . 2008-03-23 19:42 <DIR> d-------- C:\Documents and Settings\Administrator
2008-03-21 21:38 . 2008-03-21 21:58 <DIR> d-------- C:\kav
2008-03-21 19:14 . 2008-03-30 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-19 20:10 . 2008-03-19 19:33 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-19 20:10 . 2008-03-19 20:10 2,541 --a------ C:\WINDOWS\unins000.dat
2008-03-17 22:42 . 2008-03-17 22:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 15:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-13 01:21 1,899,520 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-04-12 03:33 1,899,008 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-04-12 03:33 1,864,192 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-04-12 02:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-11 03:01 --------- d-----w C:\Program Files\PokerStars
2008-04-10 23:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 01:04 --------- d-----w C:\Program Files\Java
2008-04-07 03:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-07 03:50 --------- d-----w C:\Documents and Settings\New User\Application Data\RipIt4Me
2008-04-03 02:33 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-01 00:03 1,557,504 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-03-30 22:47 174,592 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-03-30 22:39 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-03-28 00:24 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-26 01:04 --------- d-----w C:\Program Files\PCPitstop
2008-03-24 20:44 --------- d-----w C:\Documents and Settings\New User\Application Data\Canon
2008-03-22 01:40 --------- d-----w C:\Program Files\Symantec
2008-03-22 01:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-20 00:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-07 13:24 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-03-06 00:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-03-05 23:30 --------- d-----w C:\Program Files\SlySoft
2007-12-03 02:10 24,328 ----a-w C:\Documents and Settings\New User\Application Data\info.dat
2007-12-02 22:50 2,619 ----a-w C:\Documents and Settings\New User\Application Data\39315.exe
2004-10-01 19:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 13:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 13:33 892928]
"Ad-watch"="C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe" [2003-01-27 06:15 396800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-30 19:44 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\kav\\kav7\\setup.exe"=
"C:\\kav\\kis\\setup.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
R2 FPMSNT;FPMSNT;C:\WINDOWS\system32\drivers\FPMSNT.sys [2000-06-06 16:47]
R2 Sdselect;Sdselect;C:\WINDOWS\system32\drivers\Sdselect.sys [2000-11-14 11:54]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 08:00]
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2001-09-27 00:32]
S3 EPUSBDSK;EPSON USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\EPUSBDSK.sys [2000-02-15 20:00]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-01 18:13]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-03-28 22:28:25 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 20:55:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fdc]
"ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
"SDImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
--

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Flpydisk]
"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\flpydisk.sys\00"
"SDImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fdc]
"ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fdc]
"ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\fdc.sys\00"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fdc]
"ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
"SDImagePath"=multi:"system32\DRIVERS\fdc.sys\00"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Flpydisk]
"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Flpydisk]
"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\flpydisk.sys\00"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Flpydisk]
"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\flpydisk.sys\00"
"SDImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
.
**************************************************************************
.
Completion time: 2008-04-14 20:58:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-15 00:58:11

Pre-Run: 33,632,915,456 bytes free
Post-Run: 33,543,266,304 bytes free
.
2007-12-01 01:43:24 --- E O F ---




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:24 PM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168238282679
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168239578662
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: SetupComponent - {15dacb26-d8cd-4a7d-b710-f290d7fe81de} - (no file)
O21 - SSODL: DrvVolume - {9c382772-49be-445f-b33a-1aab4f32b5f4} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7728 bytes
 
Cookiegal

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,046
Please go to the following link and upload the following file(s) for analysis and let me know what the results are please:

http://virusscan.jotti.org/

C:\Documents and Settings\New User\Application Data\39315.exe


Open Notepad and copy and paste the text in the code box below into it:

Code: 
DirLook::
C:\Documents and Settings\Administrator.NEW
C:\Documents and Settings\Administrator
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.




This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
 
Cookiegal

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,046
Also, I see you're running both Avast and AVG and also an entry for Norton. It's not good to have more than one anti-virus program installed as they will conflict and cause problems. Please decided which one you want to keep and completely uninstall the others.
 
B

bkevinb

Thread Starter
Joined
Apr 9, 2008
Messages
37
Here are the 2 logs, and the virus scan too.
The virus scan of C:\Documents and Settings\New User\Application Data\39315.exe
at http://virusscan.jotti.org/

Service load: 0% 100%

File: 39315.exe
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 2f501741705321418d8692e9ed9f75ac
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 16 Apr 2008 22:40:20 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


The Combofix Log:


ComboFix 08-04-13.3 - New User 2008-04-16 18:48:33.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.274 [GMT -4:00]
Running from: C:\Documents and Settings\New User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\New User\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.

2008-04-15 18:50 . 2007-04-26 08:55 528,797 --a------ C:\WINDOWS\_detmp.1
2008-04-15 18:50 . 2002-08-29 04:00 128,000 --a------ C:\WINDOWS\_detmp.2
2008-04-15 18:36 . 2008-04-15 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-13 10:34 . 2008-04-13 10:38 <DIR> d-------- C:\Program Files\Panda Security
2008-04-10 21:43 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-10 21:43 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-10 21:43 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-10 21:43 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-10 21:43 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-10 21:43 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-10 21:43 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-10 19:10 . 2008-04-10 19:10 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-10 19:10 . 2008-04-10 19:10 <DIR> d-------- C:\Documents and Settings\New User\Application Data\SUPERAntiSpyware.com
2008-04-10 19:10 . 2008-04-10 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-09 22:33 . 2008-04-09 22:33 <DIR> d-------- C:\Documents and Settings\New User\Application Data\Uniblue
2008-04-09 21:04 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-09 20:50 . 2008-04-09 20:50 <DIR> d-------- C:\Program Files\CCleaner
2008-04-08 20:53 . 2008-03-29 14:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-04-08 20:53 . 2008-03-29 14:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-04-08 20:53 . 2008-01-17 11:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-04-08 20:53 . 2008-03-29 14:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-08 20:53 . 2008-03-29 14:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-04-08 20:53 . 2008-03-29 14:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-04-08 20:53 . 2008-03-29 14:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-04-08 20:53 . 2008-03-29 14:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-08 20:52 . 2008-04-08 20:52 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-08 20:52 . 2008-03-29 14:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-04-08 20:52 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-04-08 06:58 . 2008-04-08 06:58 <DIR> d-------- C:\Deckard
2008-04-07 23:36 . 2008-04-07 23:36 <DIR> d-------- C:\Documents and Settings\New User\Application Data\Apple Computer
2008-04-07 22:38 . 2008-04-07 22:52 <DIR> d-------- C:\fixwareout
2008-04-07 22:10 . 2008-04-10 22:42 1,600 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-07 22:02 . 2008-04-07 22:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-07 22:02 . 2008-04-07 22:02 <DIR> d-------- C:\Documents and Settings\New User\Application Data\Malwarebytes
2008-04-07 22:02 . 2008-04-07 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-07 22:00 . 2008-04-07 22:00 <DIR> d-------- C:\_OTMoveIt
2008-04-07 21:35 . 2008-04-07 21:36 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-07 21:21 . 2008-04-07 21:21 <DIR> d-------- C:\Documents and Settings\Administrator.NEW
2008-04-07 20:37 . 2008-04-07 20:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-05 21:14 . 2008-04-11 23:32 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-04-05 21:14 . 2008-04-05 21:14 <DIR> d-------- C:\Documents and Settings\New User\Application Data\PC Tools
2008-04-05 21:14 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-05 21:14 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-05 21:14 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-05 21:14 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-02 22:33 . 2005-10-20 21:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-02 22:33 . 2005-10-20 21:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-02 22:31 . 2008-04-02 22:31 <DIR> d-------- C:\Program Files\MS Extra links
2008-03-30 19:44 . 2008-04-15 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-30 17:10 . 2008-04-16 18:33 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-30 17:09 . 2008-03-30 17:09 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-30 17:08 . 2008-04-16 18:39 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-23 19:42 . 2008-03-23 19:42 <DIR> d-------- C:\Documents and Settings\Administrator
2008-03-21 21:38 . 2008-03-21 21:58 <DIR> d-------- C:\kav
2008-03-21 19:14 . 2008-03-30 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-19 20:10 . 2008-03-19 19:33 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-19 20:10 . 2008-03-19 20:10 2,541 --a------ C:\WINDOWS\unins000.dat
2008-03-17 22:42 . 2008-03-17 22:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 00:31 --------- d-----w C:\Program Files\WinFax
2008-04-13 15:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-13 01:21 1,899,520 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-04-12 03:33 1,899,008 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-04-12 03:33 1,864,192 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-04-12 02:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-11 03:01 --------- d-----w C:\Program Files\PokerStars
2008-04-10 23:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 01:04 --------- d-----w C:\Program Files\Java
2008-04-07 03:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-07 03:50 --------- d-----w C:\Documents and Settings\New User\Application Data\RipIt4Me
2008-04-03 02:33 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-01 00:03 1,557,504 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-03-30 22:47 174,592 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-03-30 22:39 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-03-28 00:24 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-26 01:04 --------- d-----w C:\Program Files\PCPitstop
2008-03-24 20:44 --------- d-----w C:\Documents and Settings\New User\Application Data\Canon
2008-03-22 01:40 --------- d-----w C:\Program Files\Symantec
2008-03-22 01:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-20 00:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-07 13:24 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-03-06 00:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-03-05 23:30 --------- d-----w C:\Program Files\SlySoft
2007-12-03 02:10 24,328 ----a-w C:\Documents and Settings\New User\Application Data\info.dat
2007-12-02 22:50 2,619 ----a-w C:\Documents and Settings\New User\Application Data\39315.exe
2004-10-01 19:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\Administrator ----

2008-04-14 20:33 1024 --ah----- C:\Documents and Settings\Administrator\NtUser.dat.LOG
2008-04-05 18:39 1572864 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-23 19:44 16384 --a------ C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
2008-03-23 19:42 8192 --ah----- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
2008-03-23 19:42 62 --ahs---- C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2008-03-23 19:42 262144 ---h----- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
2008-03-23 19:42 20 --ahs---- C:\Documents and Settings\Administrator\ntuser.ini
2007-01-07 23:30 67 --ahs---- C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini
2007-01-07 23:30 113 --ahs---- C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini
2007-01-07 23:30 113 --ahs---- C:\Documents and Settings\Administrator\Local Settings\History\desktop.ini
2007-01-07 23:25 84 --ahs---- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
2007-01-07 23:25 84 --ahs---- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\desktop.ini
2007-01-07 23:25 804 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk
2007-01-07 23:25 792 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2007-01-07 23:25 720896 --a------ C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb
2007-01-07 23:25 498 --a------ C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD
2007-01-07 23:25 482 --ahs---- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\desktop.ini
2007-01-07 23:25 386 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk
2007-01-07 23:25 348 --ahs---- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\desktop.ini
2007-01-07 23:25 1599 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2007-01-07 23:25 1555 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk
2007-01-07 23:25 1539 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk
2007-01-07 23:25 1532 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
2007-01-07 23:25 1527 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Tour Windows XP.lnk
2007-01-07 23:25 1525 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk
2007-01-07 23:25 1519 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Synchronize.lnk
2007-01-07 23:25 1519 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk
2007-01-07 23:25 1501 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
2007-01-07 23:25 148 --ahs---- C:\Documents and Settings\Administrator\Start Menu\Programs\desktop.ini
2007-01-07 23:25 141 --a------ C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt
2007-01-07 23:25 12784 --a------ C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML
2007-01-07 23:25 113 --a------ C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak
2007-01-07 23:24 181 --ahs---- C:\Documents and Settings\Administrator\SendTo\desktop.ini
2007-01-07 23:24 0 --a------ C:\Documents and Settings\Administrator\SendTo\Mail Recipient.MAPIMail
2007-01-07 23:24 0 --a------ C:\Documents and Settings\Administrator\SendTo\Desktop (create shortcut).DeskLink
2007-01-07 23:24 0 --a------ C:\Documents and Settings\Administrator\SendTo\Compressed (zipped) Folder.ZFSendToTarget
2007-01-07 23:23 1487 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.lnk
2007-01-07 15:05 62 --ahs---- C:\Documents and Settings\Administrator\Start Menu\desktop.ini
2007-01-07 15:05 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2004-08-04 08:00 58 --a------ C:\Documents and Settings\Administrator\Templates\sndrec.wav
2004-08-04 08:00 57 -ra------ C:\Documents and Settings\Administrator\Templates\wordpfct.wpg
2004-08-04 08:00 5632 --a------ C:\Documents and Settings\Administrator\Templates\excel.xls
2004-08-04 08:00 461 --a------ C:\Documents and Settings\Administrator\Templates\presenta.shw
2004-08-04 08:00 4608 --a------ C:\Documents and Settings\Administrator\Templates\winword.doc
2004-08-04 08:00 4570 --a------ C:\Documents and Settings\Administrator\Templates\amipro.sam
2004-08-04 08:00 4017 --a------ C:\Documents and Settings\Administrator\Templates\quattro.wb2
2004-08-04 08:00 30 -ra------ C:\Documents and Settings\Administrator\Templates\wordpfct.wpd
2004-08-04 08:00 2448 --a------ C:\Documents and Settings\Administrator\Templates\lotus.wk4
2004-08-04 08:00 1769 --a------ C:\Documents and Settings\Administrator\Templates\winword2.doc
2004-08-04 08:00 1518 --a------ C:\Documents and Settings\Administrator\Templates\excel4.xls
2004-08-04 08:00 12288 --a------ C:\Documents and Settings\Administrator\Templates\powerpnt.ppt

---- Directory of C:\Documents and Settings\Administrator.NEW ----

2008-04-15 18:36 1024 --ah----- C:\Documents and Settings\Administrator.NEW\NtUser.dat.LOG
2008-04-07 21:42 786432 --ah----- C:\Documents and Settings\Administrator.NEW\NTUSER.DAT
2008-04-07 21:42 1024 --ah----- C:\Documents and Settings\Administrator.NEW\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
2008-04-07 21:35 26 --ah----- C:\Documents and Settings\Administrator.NEW\My Documents\My Logitech Pictures\Pictures and Videos\folder.dat
2008-04-07 21:34 62 --ahs---- C:\Documents and Settings\Administrator.NEW\Local Settings\desktop.ini
2008-04-07 21:34 2528 --a------ C:\Documents and Settings\Administrator.NEW\Application Data\$_hpcst$.hpc
2008-04-07 21:34 16384 --a------ C:\Documents and Settings\Administrator.NEW\Local Settings\History\History.IE5\index.dat
2008-04-07 21:34 1488 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Windows Explorer.lnk
2008-04-07 21:23 4240656 --ah----- C:\Documents and Settings\Administrator.NEW\Local Settings\Application Data\IconCache.db
2008-04-07 21:23 262144 --ah----- C:\Documents and Settings\Administrator.NEW\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
2008-04-07 21:23 178 ---hs---- C:\Documents and Settings\Administrator.NEW\ntuser.ini
2007-01-07 23:30 67 --ahs---- C:\Documents and Settings\Administrator.NEW\Local Settings\Temporary Internet Files\desktop.ini
2007-01-07 23:30 113 --ahs---- C:\Documents and Settings\Administrator.NEW\Local Settings\History\History.IE5\desktop.ini
2007-01-07 23:30 113 --ahs---- C:\Documents and Settings\Administrator.NEW\Local Settings\History\desktop.ini
2007-01-07 23:25 84 --ahs---- C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Startup\desktop.ini
2007-01-07 23:25 84 --ahs---- C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Entertainment\desktop.ini
2007-01-07 23:25 804 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk
2007-01-07 23:25 792 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Windows Media Player.lnk
2007-01-07 23:25 720896 --a------ C:\Documents and Settings\Administrator.NEW\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb
2007-01-07 23:25 498 --a------ C:\Documents and Settings\Administrator.NEW\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD
2007-01-07 23:25 482 --ahs---- C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\desktop.ini
2007-01-07 23:25 386 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk
2007-01-07 23:25 348 --ahs---- C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Accessibility\desktop.ini
2007-01-07 23:25 1599 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Remote Assistance.lnk
2007-01-07 23:25 1555 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Command Prompt.lnk
2007-01-07 23:25 1539 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk
2007-01-07 23:25 1532 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
2007-01-07 23:25 1527 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Tour Windows XP.lnk
2007-01-07 23:25 1525 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk
2007-01-07 23:25 1519 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Synchronize.lnk
2007-01-07 23:25 1519 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Notepad.lnk
2007-01-07 23:25 1501 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
2007-01-07 23:25 148 --ahs---- C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\desktop.ini
2007-01-07 23:25 141 --a------ C:\Documents and Settings\Administrator.NEW\Application Data\Microsoft\Internet Explorer\brndlog.txt
2007-01-07 23:25 12784 --a------ C:\Documents and Settings\Administrator.NEW\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML
2007-01-07 23:25 113 --a------ C:\Documents and Settings\Administrator.NEW\Application Data\Microsoft\Internet Explorer\brndlog.bak
2007-01-07 23:24 181 --ahs---- C:\Documents and Settings\Administrator.NEW\SendTo\desktop.ini
2007-01-07 23:24 0 --a------ C:\Documents and Settings\Administrator.NEW\SendTo\Mail Recipient.MAPIMail
2007-01-07 23:24 0 --a------ C:\Documents and Settings\Administrator.NEW\SendTo\Desktop (create shortcut).DeskLink
2007-01-07 23:24 0 --a------ C:\Documents and Settings\Administrator.NEW\SendTo\Compressed (zipped) Folder.ZFSendToTarget
2007-01-07 15:05 62 --ahs---- C:\Documents and Settings\Administrator.NEW\Start Menu\desktop.ini
2007-01-07 15:05 62 --ahs---- C:\Documents and Settings\Administrator.NEW\Application Data\desktop.ini
2004-08-04 08:00 58 --a------ C:\Documents and Settings\Administrator.NEW\Templates\sndrec.wav
2004-08-04 08:00 57 -ra------ C:\Documents and Settings\Administrator.NEW\Templates\wordpfct.wpg
2004-08-04 08:00 5632 --a------ C:\Documents and Settings\Administrator.NEW\Templates\excel.xls
2004-08-04 08:00 461 --a------ C:\Documents and Settings\Administrator.NEW\Templates\presenta.shw
2004-08-04 08:00 4608 --a------ C:\Documents and Settings\Administrator.NEW\Templates\winword.doc
2004-08-04 08:00 4570 --a------ C:\Documents and Settings\Administrator.NEW\Templates\amipro.sam
2004-08-04 08:00 4017 --a------ C:\Documents and Settings\Administrator.NEW\Templates\quattro.wb2
2004-08-04 08:00 30 -ra------ C:\Documents and Settings\Administrator.NEW\Templates\wordpfct.wpd
2004-08-04 08:00 2448 --a------ C:\Documents and Settings\Administrator.NEW\Templates\lotus.wk4
2004-08-04 08:00 1769 --a------ C:\Documents and Settings\Administrator.NEW\Templates\winword2.doc
2004-08-04 08:00 1518 --a------ C:\Documents and Settings\Administrator.NEW\Templates\excel4.xls
2004-08-04 08:00 12288 --a------ C:\Documents and Settings\Administrator.NEW\Templates\powerpnt.ppt


((((((((((((((((((((((((((((( [email protected]_20.57.05.88 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-15 00:51:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-16 22:33:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-16 22:34:02 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_770.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 13:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 13:33 892928]
"Ad-watch"="C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe" [2003-01-27 06:15 396800]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\kav\\kav7\\setup.exe"=
"C:\\kav\\kis\\setup.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
R2 FPMSNT;FPMSNT;C:\WINDOWS\system32\drivers\FPMSNT.sys [2000-06-06 16:47]
R2 Sdselect;Sdselect;C:\WINDOWS\system32\drivers\Sdselect.sys [2000-11-14 11:54]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 08:00]
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2001-09-27 00:32]
S3 EPUSBDSK;EPSON USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\EPUSBDSK.sys [2000-02-15 20:00]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-01 18:13]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-03-28 22:28:25 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 18:52:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Fdc]
"ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
"SDImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
--

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Flpydisk]
"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\flpydisk.sys\00"
"SDImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Fdc]
"ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Fdc]
"ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\fdc.sys\00"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Fdc]
"ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
"SDImagePath"=multi:"system32\DRIVERS\fdc.sys\00"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Flpydisk]
"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Flpydisk]
"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\flpydisk.sys\00"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Flpydisk]
"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\flpydisk.sys\00"
"SDImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
.
Completion time: 2008-04-16 18:53:52
ComboFix-quarantined-files.txt 2008-04-15 00:58:11

Pre-Run: 33,556,713,472 bytes free
Post-Run: 33,533,169,664 bytes free
.
2007-12-01 01:43:24 --- E O F ---
 
B

bkevinb

Thread Starter
Joined
Apr 9, 2008
Messages
37
And the HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:36 PM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168238282679
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168239578662
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: SetupComponent - {15dacb26-d8cd-4a7d-b710-f290d7fe81de} - (no file)
O21 - SSODL: DrvVolume - {9c382772-49be-445f-b33a-1aab4f32b5f4} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6610 bytes
 
Cookiegal

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,046
Did you just create this new account?

Administrator.NEW
 
Cookiegal

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,046
No. The following line in ComboFix indicates this folder was created on April 7, 2008 yet it looks like a valid account by the contents:

2008-04-07 21:21 . 2008-04-07 21:21 <DIR> d-------- C:\Documents and Settings\Administrator.NEW


Do you see that account when you log in? Can you log into it?
 
B

bkevinb

Thread Starter
Joined
Apr 9, 2008
Messages
37
If you mean by going to >start, >Log Off New User, >Switch User, there are no other names to log in as. I also looked into the Administrator.NEW folders, and they are empty.
 
Cookiegal

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,046
They shouldn't all be empty but it looks like a legitimate account.

Please run Kaspersky online virus scan Kaspersky Online Scanner.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from the Kaspersky scan.
 
B

bkevinb

Thread Starter
Joined
Apr 9, 2008
Messages
37
Friday, April 18, 2008 10:20:23 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/04/2008
Kaspersky Anti-Virus database records: 714799


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
K:\

Scan Statistics
Total number of scanned objects 42348
Number of viruses found 2
Number of infected objects 7
Number of suspicious objects 0
Duration of the scan process 02:15:09

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD40000.VBN Infected: Trojan-Dropper.Win32.Agent.qfy skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD40001.VBN Infected: Trojan-Dropper.Win32.Agent.qfy skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD40002.VBN Infected: Trojan-Dropper.Win32.Agent.qfy skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\New User\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\New User\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\New User\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\New User\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped

C:\Documents and Settings\New User\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped

C:\Documents and Settings\New User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\New User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\New User\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\New User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\New User\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\New User\ntuser.dat.LOG Object is locked skipped

C:\itouch_crash_info.txt Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{174E6BA6-FCA9-490B-80ED-432F2F59CB73}\RP11\change.log Object is locked skipped

C:\System Volume Information\_restore{174E6BA6-FCA9-490B-80ED-432F2F59CB73}\RP4\A0011367.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\NEW.ldb Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\S1AFC92D6.tmp Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\System Volume Information\_restore{174E6BA6-FCA9-490B-80ED-432F2F59CB73}\RP11\change.log Object is locked skipped

Scan process completed.

HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:33 PM, on 4/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168238282679
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168239578662
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: SetupComponent - {15dacb26-d8cd-4a7d-b710-f290d7fe81de} - (no file)
O21 - SSODL: DrvVolume - {9c382772-49be-445f-b33a-1aab4f32b5f4} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6852 bytes
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

No members online now.
Total: 380 (members: 1, guests: 379)
Top