1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please Help!!!!

Discussion in 'Virus & Other Malware Removal' started by bkevinb, Apr 13, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. bkevinb

    bkevinb Thread Starter

    Joined:
    Apr 9, 2008
    Messages:
    37
    Hello, i need some help with this. I have some spyware or a virus, but every scan i do comes up nothing. Whatever i did find, i deleted but my computer is running so slow and keeps rebooting. The computer restarts itself every 20 mins or so, and takes 12 mins to reboot. I had popups at start up and even when idle asking me to download Ultimate Defender. Ive been trying to remove Ultimate defender for a while now using the steps listed in forums. When it starts up now, it gives me an error message "The system has recovered from a serious error." When i am searching for things on google, and click the link provided, it redirects me to a diffrent site. I can now only access the net through pages in my favorites. Can someone PLEASE help me? I am running Xp sp2 Is there any other information than can be helpful in solving this Problem? Here are some of the scans i have tryed, Ad-Aware SE Professional, Spybot - Search & Destroy, AVG 7.5, AVG Anti-Spyware, Spyware Doctor, CCleaner, avast! Antivirus, Malwarebytes' Anti-Malware, SmitfraudFix.exe, SUPERAntiSpyware Free Edition.
     
  2. bkevinb

    bkevinb Thread Starter

    Joined:
    Apr 9, 2008
    Messages:
    37
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:15:34 PM, on 4/13/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168238282679
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168239578662
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O21 - SSODL: SetupComponent - {15dacb26-d8cd-4a7d-b710-f290d7fe81de} - (no file)
    O21 - SSODL: DrvVolume - {9c382772-49be-445f-b33a-1aab4f32b5f4} - (no file)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 7804 bytes
     
  3. bkevinb

    bkevinb Thread Starter

    Joined:
    Apr 9, 2008
    Messages:
    37
    Something added a file to my desktop, the name of the file is:
    New Microsoft Office Access Application.mdb
    I did not open this file, i do not know what or where it came from.
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,184
    Please visit Combofix Guide & Instructions for instructions for downloading and running ComboFix:

    Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    Combofix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.

    Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

    Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.
     
  5. bkevinb

    bkevinb Thread Starter

    Joined:
    Apr 9, 2008
    Messages:
    37
    ComboFix 08-04-13.3 - New User 2008-04-14 20:40:29.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.182 [GMT -4:00]
    Running from: C:\Documents and Settings\New User\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\Downloaded Program Files\setup.inf
    C:\WINDOWS\wsystmp_wvk.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MSUPDATE


    ((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
    .

    2008-04-13 10:34 . 2008-04-13 10:38 <DIR> d-------- C:\Program Files\Panda Security
    2008-04-10 21:43 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-04-10 21:43 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-04-10 21:43 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-04-10 21:43 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-04-10 21:43 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-04-10 21:43 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-04-10 21:43 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-04-10 19:10 . 2008-04-10 19:10 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2008-04-10 19:10 . 2008-04-10 19:10 <DIR> d-------- C:\Documents and Settings\New User\Application Data\SUPERAntiSpyware.com
    2008-04-10 19:10 . 2008-04-10 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-04-09 22:33 . 2008-04-09 22:33 <DIR> d-------- C:\Documents and Settings\New User\Application Data\Uniblue
    2008-04-09 21:04 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-04-09 20:50 . 2008-04-09 20:50 <DIR> d-------- C:\Program Files\CCleaner
    2008-04-08 20:53 . 2008-03-29 14:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-04-08 20:53 . 2008-03-29 14:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-04-08 20:53 . 2008-01-17 11:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-04-08 20:53 . 2008-03-29 14:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
    2008-04-08 20:53 . 2008-03-29 14:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-04-08 20:53 . 2008-03-29 14:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-04-08 20:53 . 2008-03-29 14:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-04-08 20:53 . 2008-03-29 14:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2008-04-08 20:52 . 2008-04-08 20:52 <DIR> d-------- C:\Program Files\Alwil Software
    2008-04-08 20:52 . 2008-03-29 14:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-04-08 20:52 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-04-08 06:58 . 2008-04-08 06:58 <DIR> d-------- C:\Deckard
    2008-04-07 23:36 . 2008-04-07 23:36 <DIR> d-------- C:\Documents and Settings\New User\Application Data\Apple Computer
    2008-04-07 22:38 . 2008-04-07 22:52 <DIR> d-------- C:\fixwareout
    2008-04-07 22:10 . 2008-04-10 22:42 1,600 --a------ C:\WINDOWS\system32\tmp.reg
    2008-04-07 22:02 . 2008-04-07 22:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-07 22:02 . 2008-04-07 22:02 <DIR> d-------- C:\Documents and Settings\New User\Application Data\Malwarebytes
    2008-04-07 22:02 . 2008-04-07 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-07 22:00 . 2008-04-07 22:00 <DIR> d-------- C:\_OTMoveIt
    2008-04-07 21:35 . 2008-04-07 21:36 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-04-07 21:21 . 2008-04-07 21:21 <DIR> d-------- C:\Documents and Settings\Administrator.NEW
    2008-04-07 20:37 . 2008-04-07 20:37 <DIR> d-------- C:\Program Files\Trend Micro
    2008-04-05 21:14 . 2008-04-11 23:32 <DIR> d-------- C:\Program Files\Spyware Doctor
    2008-04-05 21:14 . 2008-04-05 21:14 <DIR> d-------- C:\Documents and Settings\New User\Application Data\PC Tools
    2008-04-05 21:14 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-04-05 21:14 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-04-05 21:14 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-04-05 21:14 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-04-02 22:33 . 2005-10-20 21:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
    2008-04-02 22:33 . 2005-10-20 21:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
    2008-04-02 22:31 . 2008-04-02 22:31 <DIR> d-------- C:\Program Files\MS Extra links
    2008-03-30 20:07 . 2007-01-18 08:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
    2008-03-30 20:01 . 2008-03-30 20:01 <DIR> d-------- C:\Documents and Settings\New User\Application Data\Grisoft
    2008-03-30 20:01 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-03-30 19:45 . 2008-04-07 19:50 <DIR> d-------- C:\Documents and Settings\New User\Application Data\AVG7
    2008-03-30 19:44 . 2008-03-30 19:44 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-03-30 19:44 . 2008-03-30 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-03-30 19:44 . 2008-03-30 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2008-03-30 17:10 . 2008-04-13 10:14 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-03-30 17:09 . 2008-03-30 17:09 <DIR> d-------- C:\Program Files\Zone Labs
    2008-03-30 17:08 . 2008-04-14 20:37 <DIR> d-------- C:\WINDOWS\Internet Logs
    2008-03-23 19:42 . 2008-03-23 19:42 <DIR> d-------- C:\Documents and Settings\Administrator
    2008-03-21 21:38 . 2008-03-21 21:58 <DIR> d-------- C:\kav
    2008-03-21 19:14 . 2008-03-30 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-03-19 20:10 . 2008-03-19 19:33 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-03-19 20:10 . 2008-03-19 20:10 2,541 --a------ C:\WINDOWS\unins000.dat
    2008-03-17 22:42 . 2008-03-17 22:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-13 15:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-13 01:21 1,899,520 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
    2008-04-12 03:33 1,899,008 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
    2008-04-12 03:33 1,864,192 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
    2008-04-12 02:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-11 03:01 --------- d-----w C:\Program Files\PokerStars
    2008-04-10 23:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-10 01:04 --------- d-----w C:\Program Files\Java
    2008-04-07 03:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-04-07 03:50 --------- d-----w C:\Documents and Settings\New User\Application Data\RipIt4Me
    2008-04-03 02:33 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2008-04-01 00:03 1,557,504 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
    2008-03-30 22:47 174,592 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
    2008-03-30 22:39 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe
    2008-03-28 00:24 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-03-26 01:04 --------- d-----w C:\Program Files\PCPitstop
    2008-03-24 20:44 --------- d-----w C:\Documents and Settings\New User\Application Data\Canon
    2008-03-22 01:40 --------- d-----w C:\Program Files\Symantec
    2008-03-22 01:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-03-20 00:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-03-07 13:24 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
    2008-03-06 00:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
    2008-03-05 23:30 --------- d-----w C:\Program Files\SlySoft
    2007-12-03 02:10 24,328 ----a-w C:\Documents and Settings\New User\Application Data\info.dat
    2007-12-02 22:50 2,619 ----a-w C:\Documents and Settings\New User\Application Data\39315.exe
    2004-10-01 19:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 13:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 13:33 892928]
    "Ad-watch"="C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe" [2003-01-27 06:15 396800]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-30 19:44 219136]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
    "LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    "AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\kav\\kav7\\setup.exe"=
    "C:\\kav\\kis\\setup.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
    R2 FPMSNT;FPMSNT;C:\WINDOWS\system32\drivers\FPMSNT.sys [2000-06-06 16:47]
    R2 Sdselect;Sdselect;C:\WINDOWS\system32\drivers\Sdselect.sys [2000-11-14 11:54]
    R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 08:00]
    R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2001-09-27 00:32]
    S3 EPUSBDSK;EPSON USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\EPUSBDSK.sys [2000-02-15 20:00]
    S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-01 18:13]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-28 22:28:25 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-14 20:55:04
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fdc]
    "ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
    "KeepImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
    "SDImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
    --

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Flpydisk]
    "ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
    "KeepImagePath"=multi:"system32\DRIVERS\flpydisk.sys\00"
    "SDImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fdc]
    "ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fdc]
    "ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
    "KeepImagePath"=multi:"system32\DRIVERS\fdc.sys\00"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fdc]
    "ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
    "KeepImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
    "SDImagePath"=multi:"system32\DRIVERS\fdc.sys\00"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Flpydisk]
    "ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Flpydisk]
    "ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
    "KeepImagePath"=multi:"system32\DRIVERS\flpydisk.sys\00"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Flpydisk]
    "ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
    "KeepImagePath"=multi:"system32\DRIVERS\flpydisk.sys\00"
    "SDImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
    .
    **************************************************************************
    .
    Completion time: 2008-04-14 20:58:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-15 00:58:11

    Pre-Run: 33,632,915,456 bytes free
    Post-Run: 33,543,266,304 bytes free
    .
    2007-12-01 01:43:24 --- E O F ---




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:02:24 PM, on 4/14/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168238282679
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168239578662
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O21 - SSODL: SetupComponent - {15dacb26-d8cd-4a7d-b710-f290d7fe81de} - (no file)
    O21 - SSODL: DrvVolume - {9c382772-49be-445f-b33a-1aab4f32b5f4} - (no file)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 7728 bytes
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,184
    Please go to the following link and upload the following file(s) for analysis and let me know what the results are please:

    http://virusscan.jotti.org/

    C:\Documents and Settings\New User\Application Data\39315.exe


    Open Notepad and copy and paste the text in the code box below into it:

    Code:
    DirLook::
    C:\Documents and Settings\Administrator.NEW
    C:\Documents and Settings\Administrator
    
    Save the file to your desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]


    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,184
    Also, I see you're running both Avast and AVG and also an entry for Norton. It's not good to have more than one anti-virus program installed as they will conflict and cause problems. Please decided which one you want to keep and completely uninstall the others.
     
  8. bkevinb

    bkevinb Thread Starter

    Joined:
    Apr 9, 2008
    Messages:
    37
    Here are the 2 logs, and the virus scan too.
    The virus scan of C:\Documents and Settings\New User\Application Data\39315.exe
    at http://virusscan.jotti.org/

    Service load: 0% 100%

    File: 39315.exe
    Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
    MD5: 2f501741705321418d8692e9ed9f75ac
    Packers detected: -
    Bit9 reports: File not found

    Scanner results
    Scan taken on 16 Apr 2008 22:40:20 (GMT)
    A-Squared Found nothing
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    CPsecure Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Ikarus Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing


    The Combofix Log:


    ComboFix 08-04-13.3 - New User 2008-04-16 18:48:33.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.274 [GMT -4:00]
    Running from: C:\Documents and Settings\New User\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\New User\Desktop\CFScript.txt
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
    .

    2008-04-15 18:50 . 2007-04-26 08:55 528,797 --a------ C:\WINDOWS\_detmp.1
    2008-04-15 18:50 . 2002-08-29 04:00 128,000 --a------ C:\WINDOWS\_detmp.2
    2008-04-15 18:36 . 2008-04-15 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
    2008-04-13 10:34 . 2008-04-13 10:38 <DIR> d-------- C:\Program Files\Panda Security
    2008-04-10 21:43 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-04-10 21:43 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-04-10 21:43 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-04-10 21:43 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-04-10 21:43 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-04-10 21:43 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-04-10 21:43 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-04-10 19:10 . 2008-04-10 19:10 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2008-04-10 19:10 . 2008-04-10 19:10 <DIR> d-------- C:\Documents and Settings\New User\Application Data\SUPERAntiSpyware.com
    2008-04-10 19:10 . 2008-04-10 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-04-09 22:33 . 2008-04-09 22:33 <DIR> d-------- C:\Documents and Settings\New User\Application Data\Uniblue
    2008-04-09 21:04 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-04-09 20:50 . 2008-04-09 20:50 <DIR> d-------- C:\Program Files\CCleaner
    2008-04-08 20:53 . 2008-03-29 14:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-04-08 20:53 . 2008-03-29 14:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-04-08 20:53 . 2008-01-17 11:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-04-08 20:53 . 2008-03-29 14:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
    2008-04-08 20:53 . 2008-03-29 14:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-04-08 20:53 . 2008-03-29 14:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-04-08 20:53 . 2008-03-29 14:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-04-08 20:53 . 2008-03-29 14:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2008-04-08 20:52 . 2008-04-08 20:52 <DIR> d-------- C:\Program Files\Alwil Software
    2008-04-08 20:52 . 2008-03-29 14:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-04-08 20:52 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-04-08 06:58 . 2008-04-08 06:58 <DIR> d-------- C:\Deckard
    2008-04-07 23:36 . 2008-04-07 23:36 <DIR> d-------- C:\Documents and Settings\New User\Application Data\Apple Computer
    2008-04-07 22:38 . 2008-04-07 22:52 <DIR> d-------- C:\fixwareout
    2008-04-07 22:10 . 2008-04-10 22:42 1,600 --a------ C:\WINDOWS\system32\tmp.reg
    2008-04-07 22:02 . 2008-04-07 22:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-07 22:02 . 2008-04-07 22:02 <DIR> d-------- C:\Documents and Settings\New User\Application Data\Malwarebytes
    2008-04-07 22:02 . 2008-04-07 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-07 22:00 . 2008-04-07 22:00 <DIR> d-------- C:\_OTMoveIt
    2008-04-07 21:35 . 2008-04-07 21:36 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-04-07 21:21 . 2008-04-07 21:21 <DIR> d-------- C:\Documents and Settings\Administrator.NEW
    2008-04-07 20:37 . 2008-04-07 20:37 <DIR> d-------- C:\Program Files\Trend Micro
    2008-04-05 21:14 . 2008-04-11 23:32 <DIR> d-------- C:\Program Files\Spyware Doctor
    2008-04-05 21:14 . 2008-04-05 21:14 <DIR> d-------- C:\Documents and Settings\New User\Application Data\PC Tools
    2008-04-05 21:14 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-04-05 21:14 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-04-05 21:14 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-04-05 21:14 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-04-02 22:33 . 2005-10-20 21:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
    2008-04-02 22:33 . 2005-10-20 21:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
    2008-04-02 22:31 . 2008-04-02 22:31 <DIR> d-------- C:\Program Files\MS Extra links
    2008-03-30 19:44 . 2008-04-15 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-03-30 17:10 . 2008-04-16 18:33 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-03-30 17:09 . 2008-03-30 17:09 <DIR> d-------- C:\Program Files\Zone Labs
    2008-03-30 17:08 . 2008-04-16 18:39 <DIR> d-------- C:\WINDOWS\Internet Logs
    2008-03-23 19:42 . 2008-03-23 19:42 <DIR> d-------- C:\Documents and Settings\Administrator
    2008-03-21 21:38 . 2008-03-21 21:58 <DIR> d-------- C:\kav
    2008-03-21 19:14 . 2008-03-30 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-03-19 20:10 . 2008-03-19 19:33 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-03-19 20:10 . 2008-03-19 20:10 2,541 --a------ C:\WINDOWS\unins000.dat
    2008-03-17 22:42 . 2008-03-17 22:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-16 00:31 --------- d-----w C:\Program Files\WinFax
    2008-04-13 15:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-13 01:21 1,899,520 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
    2008-04-12 03:33 1,899,008 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
    2008-04-12 03:33 1,864,192 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
    2008-04-12 02:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-11 03:01 --------- d-----w C:\Program Files\PokerStars
    2008-04-10 23:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-10 01:04 --------- d-----w C:\Program Files\Java
    2008-04-07 03:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-04-07 03:50 --------- d-----w C:\Documents and Settings\New User\Application Data\RipIt4Me
    2008-04-03 02:33 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2008-04-01 00:03 1,557,504 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
    2008-03-30 22:47 174,592 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
    2008-03-30 22:39 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe
    2008-03-28 00:24 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-03-26 01:04 --------- d-----w C:\Program Files\PCPitstop
    2008-03-24 20:44 --------- d-----w C:\Documents and Settings\New User\Application Data\Canon
    2008-03-22 01:40 --------- d-----w C:\Program Files\Symantec
    2008-03-22 01:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-03-20 00:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-03-07 13:24 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
    2008-03-06 00:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
    2008-03-05 23:30 --------- d-----w C:\Program Files\SlySoft
    2007-12-03 02:10 24,328 ----a-w C:\Documents and Settings\New User\Application Data\info.dat
    2007-12-02 22:50 2,619 ----a-w C:\Documents and Settings\New User\Application Data\39315.exe
    2004-10-01 19:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ---- Directory of C:\Documents and Settings\Administrator ----

    2008-04-14 20:33 1024 --ah----- C:\Documents and Settings\Administrator\NtUser.dat.LOG
    2008-04-05 18:39 1572864 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
    2008-03-23 19:44 16384 --a------ C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
    2008-03-23 19:42 8192 --ah----- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
    2008-03-23 19:42 62 --ahs---- C:\Documents and Settings\Administrator\Local Settings\desktop.ini
    2008-03-23 19:42 262144 ---h----- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
    2008-03-23 19:42 20 --ahs---- C:\Documents and Settings\Administrator\ntuser.ini
    2007-01-07 23:30 67 --ahs---- C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini
    2007-01-07 23:30 113 --ahs---- C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini
    2007-01-07 23:30 113 --ahs---- C:\Documents and Settings\Administrator\Local Settings\History\desktop.ini
    2007-01-07 23:25 84 --ahs---- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
    2007-01-07 23:25 84 --ahs---- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\desktop.ini
    2007-01-07 23:25 804 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk
    2007-01-07 23:25 792 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
    2007-01-07 23:25 720896 --a------ C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb
    2007-01-07 23:25 498 --a------ C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD
    2007-01-07 23:25 482 --ahs---- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\desktop.ini
    2007-01-07 23:25 386 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk
    2007-01-07 23:25 348 --ahs---- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\desktop.ini
    2007-01-07 23:25 1599 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
    2007-01-07 23:25 1555 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk
    2007-01-07 23:25 1539 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk
    2007-01-07 23:25 1532 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
    2007-01-07 23:25 1527 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Tour Windows XP.lnk
    2007-01-07 23:25 1525 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk
    2007-01-07 23:25 1519 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Synchronize.lnk
    2007-01-07 23:25 1519 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk
    2007-01-07 23:25 1501 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
    2007-01-07 23:25 148 --ahs---- C:\Documents and Settings\Administrator\Start Menu\Programs\desktop.ini
    2007-01-07 23:25 141 --a------ C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt
    2007-01-07 23:25 12784 --a------ C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML
    2007-01-07 23:25 113 --a------ C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak
    2007-01-07 23:24 181 --ahs---- C:\Documents and Settings\Administrator\SendTo\desktop.ini
    2007-01-07 23:24 0 --a------ C:\Documents and Settings\Administrator\SendTo\Mail Recipient.MAPIMail
    2007-01-07 23:24 0 --a------ C:\Documents and Settings\Administrator\SendTo\Desktop (create shortcut).DeskLink
    2007-01-07 23:24 0 --a------ C:\Documents and Settings\Administrator\SendTo\Compressed (zipped) Folder.ZFSendToTarget
    2007-01-07 23:23 1487 --a------ C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.lnk
    2007-01-07 15:05 62 --ahs---- C:\Documents and Settings\Administrator\Start Menu\desktop.ini
    2007-01-07 15:05 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
    2004-08-04 08:00 58 --a------ C:\Documents and Settings\Administrator\Templates\sndrec.wav
    2004-08-04 08:00 57 -ra------ C:\Documents and Settings\Administrator\Templates\wordpfct.wpg
    2004-08-04 08:00 5632 --a------ C:\Documents and Settings\Administrator\Templates\excel.xls
    2004-08-04 08:00 461 --a------ C:\Documents and Settings\Administrator\Templates\presenta.shw
    2004-08-04 08:00 4608 --a------ C:\Documents and Settings\Administrator\Templates\winword.doc
    2004-08-04 08:00 4570 --a------ C:\Documents and Settings\Administrator\Templates\amipro.sam
    2004-08-04 08:00 4017 --a------ C:\Documents and Settings\Administrator\Templates\quattro.wb2
    2004-08-04 08:00 30 -ra------ C:\Documents and Settings\Administrator\Templates\wordpfct.wpd
    2004-08-04 08:00 2448 --a------ C:\Documents and Settings\Administrator\Templates\lotus.wk4
    2004-08-04 08:00 1769 --a------ C:\Documents and Settings\Administrator\Templates\winword2.doc
    2004-08-04 08:00 1518 --a------ C:\Documents and Settings\Administrator\Templates\excel4.xls
    2004-08-04 08:00 12288 --a------ C:\Documents and Settings\Administrator\Templates\powerpnt.ppt

    ---- Directory of C:\Documents and Settings\Administrator.NEW ----

    2008-04-15 18:36 1024 --ah----- C:\Documents and Settings\Administrator.NEW\NtUser.dat.LOG
    2008-04-07 21:42 786432 --ah----- C:\Documents and Settings\Administrator.NEW\NTUSER.DAT
    2008-04-07 21:42 1024 --ah----- C:\Documents and Settings\Administrator.NEW\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
    2008-04-07 21:35 26 --ah----- C:\Documents and Settings\Administrator.NEW\My Documents\My Logitech Pictures\Pictures and Videos\folder.dat
    2008-04-07 21:34 62 --ahs---- C:\Documents and Settings\Administrator.NEW\Local Settings\desktop.ini
    2008-04-07 21:34 2528 --a------ C:\Documents and Settings\Administrator.NEW\Application Data\$_hpcst$.hpc
    2008-04-07 21:34 16384 --a------ C:\Documents and Settings\Administrator.NEW\Local Settings\History\History.IE5\index.dat
    2008-04-07 21:34 1488 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Windows Explorer.lnk
    2008-04-07 21:23 4240656 --ah----- C:\Documents and Settings\Administrator.NEW\Local Settings\Application Data\IconCache.db
    2008-04-07 21:23 262144 --ah----- C:\Documents and Settings\Administrator.NEW\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
    2008-04-07 21:23 178 ---hs---- C:\Documents and Settings\Administrator.NEW\ntuser.ini
    2007-01-07 23:30 67 --ahs---- C:\Documents and Settings\Administrator.NEW\Local Settings\Temporary Internet Files\desktop.ini
    2007-01-07 23:30 113 --ahs---- C:\Documents and Settings\Administrator.NEW\Local Settings\History\History.IE5\desktop.ini
    2007-01-07 23:30 113 --ahs---- C:\Documents and Settings\Administrator.NEW\Local Settings\History\desktop.ini
    2007-01-07 23:25 84 --ahs---- C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Startup\desktop.ini
    2007-01-07 23:25 84 --ahs---- C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Entertainment\desktop.ini
    2007-01-07 23:25 804 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk
    2007-01-07 23:25 792 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Windows Media Player.lnk
    2007-01-07 23:25 720896 --a------ C:\Documents and Settings\Administrator.NEW\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb
    2007-01-07 23:25 498 --a------ C:\Documents and Settings\Administrator.NEW\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD
    2007-01-07 23:25 482 --ahs---- C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\desktop.ini
    2007-01-07 23:25 386 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk
    2007-01-07 23:25 348 --ahs---- C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Accessibility\desktop.ini
    2007-01-07 23:25 1599 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Remote Assistance.lnk
    2007-01-07 23:25 1555 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Command Prompt.lnk
    2007-01-07 23:25 1539 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk
    2007-01-07 23:25 1532 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
    2007-01-07 23:25 1527 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Tour Windows XP.lnk
    2007-01-07 23:25 1525 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk
    2007-01-07 23:25 1519 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Synchronize.lnk
    2007-01-07 23:25 1519 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Notepad.lnk
    2007-01-07 23:25 1501 --a------ C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
    2007-01-07 23:25 148 --ahs---- C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\desktop.ini
    2007-01-07 23:25 141 --a------ C:\Documents and Settings\Administrator.NEW\Application Data\Microsoft\Internet Explorer\brndlog.txt
    2007-01-07 23:25 12784 --a------ C:\Documents and Settings\Administrator.NEW\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML
    2007-01-07 23:25 113 --a------ C:\Documents and Settings\Administrator.NEW\Application Data\Microsoft\Internet Explorer\brndlog.bak
    2007-01-07 23:24 181 --ahs---- C:\Documents and Settings\Administrator.NEW\SendTo\desktop.ini
    2007-01-07 23:24 0 --a------ C:\Documents and Settings\Administrator.NEW\SendTo\Mail Recipient.MAPIMail
    2007-01-07 23:24 0 --a------ C:\Documents and Settings\Administrator.NEW\SendTo\Desktop (create shortcut).DeskLink
    2007-01-07 23:24 0 --a------ C:\Documents and Settings\Administrator.NEW\SendTo\Compressed (zipped) Folder.ZFSendToTarget
    2007-01-07 15:05 62 --ahs---- C:\Documents and Settings\Administrator.NEW\Start Menu\desktop.ini
    2007-01-07 15:05 62 --ahs---- C:\Documents and Settings\Administrator.NEW\Application Data\desktop.ini
    2004-08-04 08:00 58 --a------ C:\Documents and Settings\Administrator.NEW\Templates\sndrec.wav
    2004-08-04 08:00 57 -ra------ C:\Documents and Settings\Administrator.NEW\Templates\wordpfct.wpg
    2004-08-04 08:00 5632 --a------ C:\Documents and Settings\Administrator.NEW\Templates\excel.xls
    2004-08-04 08:00 461 --a------ C:\Documents and Settings\Administrator.NEW\Templates\presenta.shw
    2004-08-04 08:00 4608 --a------ C:\Documents and Settings\Administrator.NEW\Templates\winword.doc
    2004-08-04 08:00 4570 --a------ C:\Documents and Settings\Administrator.NEW\Templates\amipro.sam
    2004-08-04 08:00 4017 --a------ C:\Documents and Settings\Administrator.NEW\Templates\quattro.wb2
    2004-08-04 08:00 30 -ra------ C:\Documents and Settings\Administrator.NEW\Templates\wordpfct.wpd
    2004-08-04 08:00 2448 --a------ C:\Documents and Settings\Administrator.NEW\Templates\lotus.wk4
    2004-08-04 08:00 1769 --a------ C:\Documents and Settings\Administrator.NEW\Templates\winword2.doc
    2004-08-04 08:00 1518 --a------ C:\Documents and Settings\Administrator.NEW\Templates\excel4.xls
    2004-08-04 08:00 12288 --a------ C:\Documents and Settings\Administrator.NEW\Templates\powerpnt.ppt


    ((((((((((((((((((((((((((((( [email protected]_20.57.05.88 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-15 00:51:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-16 22:33:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-16 22:34:02 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_770.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 13:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 13:33 892928]
    "Ad-watch"="C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe" [2003-01-27 06:15 396800]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
    "LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    "AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\kav\\kav7\\setup.exe"=
    "C:\\kav\\kis\\setup.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
    R2 FPMSNT;FPMSNT;C:\WINDOWS\system32\drivers\FPMSNT.sys [2000-06-06 16:47]
    R2 Sdselect;Sdselect;C:\WINDOWS\system32\drivers\Sdselect.sys [2000-11-14 11:54]
    R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 08:00]
    R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2001-09-27 00:32]
    S3 EPUSBDSK;EPSON USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\EPUSBDSK.sys [2000-02-15 20:00]
    S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-01 18:13]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-28 22:28:25 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-16 18:52:17
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Fdc]
    "ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
    "KeepImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
    "SDImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
    --

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Flpydisk]
    "ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
    "KeepImagePath"=multi:"system32\DRIVERS\flpydisk.sys\00"
    "SDImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Fdc]
    "ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Fdc]
    "ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
    "KeepImagePath"=multi:"system32\DRIVERS\fdc.sys\00"

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Fdc]
    "ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
    "KeepImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
    "SDImagePath"=multi:"system32\DRIVERS\fdc.sys\00"

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Flpydisk]
    "ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Flpydisk]
    "ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
    "KeepImagePath"=multi:"system32\DRIVERS\flpydisk.sys\00"

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Flpydisk]
    "ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
    "KeepImagePath"=multi:"system32\DRIVERS\flpydisk.sys\00"
    "SDImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
    .
    Completion time: 2008-04-16 18:53:52
    ComboFix-quarantined-files.txt 2008-04-15 00:58:11

    Pre-Run: 33,556,713,472 bytes free
    Post-Run: 33,533,169,664 bytes free
    .
    2007-12-01 01:43:24 --- E O F ---
     
  9. bkevinb

    bkevinb Thread Starter

    Joined:
    Apr 9, 2008
    Messages:
    37
    And the HJT Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:55:36 PM, on 4/16/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168238282679
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168239578662
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O21 - SSODL: SetupComponent - {15dacb26-d8cd-4a7d-b710-f290d7fe81de} - (no file)
    O21 - SSODL: DrvVolume - {9c382772-49be-445f-b33a-1aab4f32b5f4} - (no file)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 6610 bytes
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,184
    Did you just create this new account?

    Administrator.NEW
     
  11. bkevinb

    bkevinb Thread Starter

    Joined:
    Apr 9, 2008
    Messages:
    37
    No i didn't, was i supposed to?
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,184
    No. The following line in ComboFix indicates this folder was created on April 7, 2008 yet it looks like a valid account by the contents:

    2008-04-07 21:21 . 2008-04-07 21:21 <DIR> d-------- C:\Documents and Settings\Administrator.NEW


    Do you see that account when you log in? Can you log into it?
     
  13. bkevinb

    bkevinb Thread Starter

    Joined:
    Apr 9, 2008
    Messages:
    37
    If you mean by going to >start, >Log Off New User, >Switch User, there are no other names to log in as. I also looked into the Administrator.NEW folders, and they are empty.
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,184
    They shouldn't all be empty but it looks like a legitimate account.

    Please run Kaspersky online virus scan Kaspersky Online Scanner.

    After the updates have downloaded, click on the "Scan Settings" button.
    Choose the "Extended database" for the scan.
    Under "Please select a target to scan", click "My Computer".
    When the scan is finished, Save the results from the scan!

    Note: You have to use Internet Explorer to do the online scan.

    Post a new HiJackThis log along with the results from the Kaspersky scan.
     
  15. bkevinb

    bkevinb Thread Starter

    Joined:
    Apr 9, 2008
    Messages:
    37
    Friday, April 18, 2008 10:20:23 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 18/04/2008
    Kaspersky Anti-Virus database records: 714799


    Scan Settings
    Scan using the following antivirus database extended
    Scan Archives true
    Scan Mail Bases true

    Scan Target My Computer
    A:\
    C:\
    D:\
    E:\
    K:\

    Scan Statistics
    Total number of scanned objects 42348
    Number of viruses found 2
    Number of infected objects 7
    Number of suspicious objects 0
    Duration of the scan process 02:15:09

    Infected Object Name Virus Name Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD40000.VBN Infected: Trojan-Dropper.Win32.Agent.qfy skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD40001.VBN Infected: Trojan-Dropper.Win32.Agent.qfy skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD40002.VBN Infected: Trojan-Dropper.Win32.Agent.qfy skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\New User\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\New User\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

    C:\Documents and Settings\New User\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

    C:\Documents and Settings\New User\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped

    C:\Documents and Settings\New User\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped

    C:\Documents and Settings\New User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\New User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\New User\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\New User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\New User\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\New User\ntuser.dat.LOG Object is locked skipped

    C:\itouch_crash_info.txt Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    C:\System Volume Information\_restore{174E6BA6-FCA9-490B-80ED-432F2F59CB73}\RP11\change.log Object is locked skipped

    C:\System Volume Information\_restore{174E6BA6-FCA9-490B-80ED-432F2F59CB73}\RP4\A0011367.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

    C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

    C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

    C:\WINDOWS\Internet Logs\NEW.ldb Object is locked skipped

    C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

    C:\WINDOWS\S1AFC92D6.tmp Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\default Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\system Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    E:\System Volume Information\_restore{174E6BA6-FCA9-490B-80ED-432F2F59CB73}\RP11\change.log Object is locked skipped

    Scan process completed.

    HJT LOG

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:22:33 PM, on 4/18/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168238282679
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168239578662
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O21 - SSODL: SetupComponent - {15dacb26-d8cd-4a7d-b710-f290d7fe81de} - (no file)
    O21 - SSODL: DrvVolume - {9c382772-49be-445f-b33a-1aab4f32b5f4} - (no file)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 6852 bytes
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/703470

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice