We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Hijack this help
Comments
-
As before CF Script - your choice
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:File::
C:\WINDOWS\SYSTEM32\dwzyzabo.exe
Folder::
C:\Documents and Settings\All Users\Application Data\iniloxsb
C:\Program Files\xjdzuqd
C:\Documents and Settings\All Users\Application Data\udixcxof
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\!!7bef049a-2c00-11dc-a1ea-000e505b3b81}]
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.0 -
Thanks again for your prompt response. The computer has now been returned to it's home as I needed to connect to the internet to do the online scans. I will go back round there over the weekend sometime to run the latest set of instructions.
There is now virus scanner / spyware scanner and firewall in place on the computer so what (if any) is the risk of doing online transactions / banking with the malware that remains?
And a final query well for the time being
when I reconnected the optical mouse (USB port) the system said it had found new hardware and tried to automatically install the hardware but failed? It also gave the same error when trying to install the software for my USB drive. The USB port seems fine as we plugged the modem into it and that worked ok? Any thoughts on why that might be? It's easier to get forgiveness than to ask permission
0 -
could be a flash drive infection.
There is a tool that was designed for similar problems - I have never used it, so am a little reluctant to unleash it.0 -
Reluctant_spender wrote: »could be a flash drive infection.
There is a tool that was designed for similar problems - I have never used it, so am a little reluctant to unleash it.
How can I tell if it is a flash drive infection? Is it likely that the script with combofix will sort it?It's easier to get forgiveness than to ask permission
0 -
I think so - the registry entry is the one I have been debating over.
it was a toss up between a CF Script or CF Script and Flash disinfestor.
Have a look at this - http://experi3nc3.wordpress.com/2007/05/10/flash-disinfector-by-subs/ Directions on how to run etc...0 -
Ok thanks for that, I will run combofix with the script as you suggested and if that does not clear the registry entry I can look at the flash-disinfector.
Thanks again
It's easier to get forgiveness than to ask permission
0 -
No worries - In fact I think I would run it anyway. It adds a protective file to all flash drives anyway.
Your call.0 -
Hi there
Here is the latest combofix log - in two parts as it is too long!
ComboFix 08-10-10.09 - another 2008-10-18 11:09:06.3 - NTFSx86
Running from: C:\Documents and Settings\another\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\another\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\SYSTEM32\dwzyzabo.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\iniloxsb
C:\Documents and Settings\All Users\Application Data\udixcxof
C:\Documents and Settings\All Users\Application Data\udixcxof\ujijaren.exe
C:\Program Files\xjdzuqd
C:\WINDOWS\SYSTEM32\dwzyzabo.exe
.
((((((((((((((((((((((((( Files Created from 2008-09-18 to 2008-10-18 )))))))))))))))))))))))))))))))
.
2008-10-16 22:22 . 2008-10-17 22:49 1,393 --a
C:\WINDOWS\imsins.BAK
2008-10-14 22:47 . 2008-10-14 22:47 <DIR> d
C:\WINDOWS\ERUNT
2008-10-14 22:42 . 2008-10-15 20:04 <DIR> d
C:\SDFix
2008-10-13 22:36 . 2008-10-13 23:11 <DIR> d--h
C:\$AVG8.VAULT$
2008-10-11 12:19 . 2008-10-11 12:19 <DIR> d
C:\Documents and Settings\NetworkService\Application Data\yahoo!
2008-10-11 12:06 . 2008-10-11 12:09 <DIR> d
C:\WINDOWS\SYSTEM32\DRIVERS\Avg
2008-10-11 12:06 . 2008-10-11 12:06 <DIR> d
C:\Program Files\AVG
2008-10-11 12:06 . 2008-10-11 12:06 <DIR> d
C:\Documents and Settings\All Users\Application Data\avg8
2008-10-11 12:06 . 2008-10-11 12:06 97,928 --a
C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys
2008-10-11 12:06 . 2008-10-11 12:06 76,040 --a
C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys
2008-10-11 12:06 . 2008-10-11 12:06 10,520 --a
C:\WINDOWS\SYSTEM32\avgrsstx.dll
2008-10-11 12:00 . 2004-10-15 18:32 83,096 --a
C:\WINDOWS\SYSTEM32\SSSensor.dll
2008-10-11 12:00 . 2004-10-15 18:17 60,496 --a
C:\WINDOWS\SYSTEM32\DRIVERS\Teefer.sys
2008-10-11 12:00 . 2004-10-15 18:18 21,075 --a
C:\WINDOWS\SYSTEM32\DRIVERS\wpsdrvnt.sys
2008-10-11 12:00 . 2004-10-15 18:32 14,568 --a
C:\WINDOWS\SYSTEM32\DRIVERS\wg6n.sys
2008-10-11 12:00 . 2004-10-15 18:32 14,568 --a
C:\WINDOWS\SYSTEM32\DRIVERS\wg5n.sys
2008-10-11 12:00 . 2004-10-15 18:32 14,568 --a
C:\WINDOWS\SYSTEM32\DRIVERS\wg4n.sys
2008-10-11 12:00 . 2004-10-15 18:32 14,568 --a
C:\WINDOWS\SYSTEM32\DRIVERS\wg3n.sys
2008-10-11 11:59 . 2008-10-11 11:59 <DIR> d
C:\Program Files\Sygate
2008-10-11 11:50 . 2008-10-11 11:50 <DIR> d
C:\Program Files\Lavasoft
2008-10-11 11:50 . 2008-10-11 11:53 <DIR> d
C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-11 11:48 . 2008-10-11 11:59 <DIR> d
C:\Program Files\Common Files\Wise Installation Wizard
2008-10-11 11:33 . 2008-10-15 23:57 <DIR> d-a
C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-11 11:32 . 2008-10-11 11:32 <DIR> d
C:\Program Files\SpywareBlaster
2008-10-11 11:23 . 2008-10-11 11:25 <DIR> d
C:\Program Files\Spybot - Search & Destroy
2008-10-11 11:23 . 2008-10-15 19:05 <DIR> d
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-11 10:41 . 2008-10-11 10:41 <DIR> d
C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-10-11 10:39 . 2004-09-24 17:05 <DIR> d
C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-10-11 10:39 . 2004-09-24 17:07 <DIR> d
C:\Documents and Settings\Administrator\Application Data\Sonic
2008-10-11 10:39 . 2004-09-24 17:02 <DIR> d
C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-10-11 10:39 . 2004-09-24 17:07 <DIR> d
C:\Documents and Settings\Administrator\Application Data\AOL
2008-10-11 10:39 . 2008-10-11 10:39 <DIR> d
C:\Documents and Settings\Administrator
2008-10-11 10:35 . 2008-10-15 21:53 <DIR> d
C:\Program Files\Malwarebytes' Anti-Malware
2008-10-11 10:35 . 2008-10-11 10:35 <DIR> d
C:\Documents and Settings\another\Application Data\Malwarebytes
2008-10-11 10:35 . 2008-10-11 10:35 <DIR> d
C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-11 10:35 . 2008-09-10 00:07 38,528 --a
C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-10-11 10:35 . 2008-09-10 00:07 17,200 --a
C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-10-11 10:32 . 2008-10-11 10:32 <DIR> d
C:\Program Files\Trend Micro
2008-09-30 21:51 . 2008-09-30 21:51 <DIR> d
C:\Program Files\Samsung
2008-09-30 21:03 . 2006-10-04 15:06 1,197,294
C:\WINDOWS\SYSTEM32\DLLCACHE\sysmain.sdb
2008-09-30 21:03 . 2006-10-04 15:06 764,868
C:\WINDOWS\SYSTEM32\DLLCACHE\apph_sp.sdb
2008-09-30 21:03 . 2006-10-04 15:06 217,118
C:\WINDOWS\SYSTEM32\DLLCACHE\apphelp.sdb
2008-09-30 21:02 . 2008-09-30 21:02 <DIR> d
C:\Program Files\Windows Media Connect 2
2008-09-30 21:00 . 2008-09-30 21:00 <DIR> d
C:\WINDOWS\SYSTEM32\LogFiles
2008-09-30 21:00 . 2008-09-30 21:01 <DIR> d
C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2008-09-30 20:15 . 2006-05-03 22:53 174,592 --a
C:\WINDOWS\SYSTEM32\framedyn.dll
2008-09-30 20:14 . 2008-09-30 20:15 <DIR> d
C:\WINDOWS\SYSTEM32\Samsung_USB_Drivers
2008-09-30 20:14 . 2006-07-24 16:05 5,632 --a
C:\WINDOWS\SYSTEM32\DRIVERS\StarOpen.sys
2008-09-30 20:14 . 2005-08-28 20:51 766 --a
C:\WINDOWS\SYSTEM32\Uninstall.ico
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 19:01
d--h--w C:\Program Files\InstallShield Installation Information
2008-09-01 19:13
d
w C:\Documents and Settings\another\Application Data\AdobeUM
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
.
((((((((((((((((((((((((((((( snapshot@2008-10-13_20.18.14.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-26 09:08:35 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll
+ 2008-08-26 09:08:36 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll
+ 2008-08-26 09:08:36 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll
+ 2008-08-26 09:08:36 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll
+ 2008-08-26 09:08:36 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll
+ 2008-08-25 08:43:21 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe
+ 2008-08-26 09:08:36 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll
+ 2008-08-26 09:08:36 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll
+ 2008-08-23 05:54:50 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:28:12 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat
+ 2008-08-26 09:08:36 380,928 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll
+ 2008-08-26 09:08:37 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-03 17:26:50 6,068,224 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll
+ 2008-08-26 09:08:39 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll
+ 2008-08-26 09:08:39 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll
+ 2008-08-25 08:43:21 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe
+ 2008-08-23 05:56:16 635,848 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
+ 2008-08-26 09:08:40 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll
+ 2008-08-26 09:08:40 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll
+ 2008-08-26 09:08:40 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll
+ 2008-08-26 09:08:43 3,594,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
+ 2008-08-26 09:08:43 477,696 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll
+ 2008-08-26 09:08:44 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll
+ 2008-08-26 09:08:44 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll
+ 2008-08-26 09:08:44 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll
+ 2008-08-26 09:08:44 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll
+ 2008-08-26 09:08:44 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\url.dll
+ 2008-08-26 09:08:45 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll
+ 2008-08-26 09:08:45 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll
+ 2008-08-26 09:08:45 827,904 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\updspapi.dll
- 2007-02-28 09:08:48 2,136,064
w C:\WINDOWS\Driver Cache\I386\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064
w C:\WINDOWS\Driver Cache\I386\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600
w C:\WINDOWS\Driver Cache\I386\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728
w C:\WINDOWS\Driver Cache\I386\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744
w C:\WINDOWS\Driver Cache\I386\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744
w C:\WINDOWS\Driver Cache\I386\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352
w C:\WINDOWS\Driver Cache\I386\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352
w C:\WINDOWS\Driver Cache\I386\ntoskrnl.exe
+ 2008-08-07 15:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-10-15 18:48:50 8,835,072 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-10-15 18:48:50 36,864 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 15:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-10-14 21:47:32 712,704 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-10-14 21:47:32 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-06-23 16:57:27 124,928 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:57:27 347,136 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:57:27 214,528 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:57:27 133,120 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:57:28 63,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 09:20:25 70,656 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:57:29 153,088 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:57:29 230,400 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:57:29 383,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:57:29 384,512 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:57:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:57:33 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:57:34 267,776 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 09:20:52 625,664 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:57:35 27,648 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:57:36 459,264 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:57:36 52,224 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-24 09:57:40 3,592,192 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:57:39 477,696 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:57:39 193,024 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 16:57:40 671,232 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:57:40 102,912 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:57:40 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:57:40 105,984 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:57:40 1,159,680 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:57:41 233,472 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:57:41 826,368 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll
- 2008-06-23 16:57:27 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
+ 2008-08-26 07:24:28 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
- 2008-06-23 16:57:27 124,928
w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
+ 2008-08-26 07:24:28 124,928
w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
- 2008-06-20 10:44:38 138,368
w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
+ 2008-08-14 09:51:43 138,368
w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
- 2008-06-23 16:57:27 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2008-06-23 16:57:27 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
- 2008-06-23 16:57:27 133,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
- 2008-06-23 16:57:28 63,488
w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
+ 2008-08-26 07:24:28 63,488
w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
- 2008-06-23 09:20:25 70,656
w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656
w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
- 2008-06-23 16:57:29 153,088
w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2008-08-26 07:24:28 153,088
w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
- 2008-06-23 16:57:29 230,400
w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2008-08-26 07:24:28 230,400
w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
- 2008-06-21 05:23:54 161,792
w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
+ 2008-08-23 05:54:51 161,792
w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
- 2008-06-23 16:57:29 383,488
w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488
w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2008-06-23 16:57:29 384,512
w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512
w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2008-06-23 16:57:33 6,066,176
w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176
w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
- 2008-06-23 16:57:33 44,544
w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
+ 2008-08-26 07:24:29 44,544
w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
- 2008-06-23 16:57:34 267,776
w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
+ 2008-08-26 07:24:29 267,776
w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
- 2008-06-23 09:20:26 13,824
w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
+ 2008-08-25 08:38:00 13,824
w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
- 2008-06-23 09:20:52 625,664
w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
+ 2008-08-23 05:56:15 635,848
w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
- 2008-06-23 16:57:35 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
- 2008-06-23 16:57:36 459,264
w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2008-08-26 07:24:30 459,264
w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
- 2008-06-23 16:57:36 52,224
w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224
w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2008-06-24 09:57:40 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
- 2008-06-23 16:57:39 477,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
- 2008-06-23 16:57:39 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-08-26 07:24:30 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
- 2008-06-23 16:57:40 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-08-26 07:24:30 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
- 2007-02-28 09:08:48 2,136,064
w C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064
w C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600
w C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728
w C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744
w C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744
w C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352
w C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352
w C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe
- 2008-06-23 16:57:40 102,912
w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
+ 2008-08-26 07:24:30 102,912
w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
- 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
- 2006-08-14 10:34:41 332,928
w C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys
+ 2008-08-28 10:04:17 333,056
w C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys
- 2008-06-23 16:57:40 105,984
w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
+ 2008-08-26 07:24:30 105,984
w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
- 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
- 2008-06-23 16:57:41 233,472
w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
+ 2008-08-26 07:24:31 233,472
w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
- 2008-03-19 09:47:00 1,845,248
w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
+ 2008-09-15 11:57:41 1,846,016
w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
- 2008-06-23 16:57:41 826,368 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
+ 2008-08-26 07:24:31 826,368 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
- 2008-06-20 10:44:38 138,368 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\afd.sys
- 2008-06-23 16:57:27 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
- 2008-06-23 16:57:27 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
- 2008-06-23 16:57:27 133,120 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
- 2008-04-12 02:10:43 219,248 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2008-10-17 18:19:44 219,248 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
- 2008-06-23 16:57:28 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
+ 2008-08-26 07:24:28 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
- 2008-06-23 09:20:25 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
- 2008-06-23 16:57:29 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
- 2008-06-23 16:57:29 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
- 2008-06-21 05:23:54 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
- 2008-06-23 16:57:29 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
- 2008-06-23 16:57:29 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
- 2008-06-23 16:57:33 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
- 2008-06-23 16:57:33 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
+ 2008-08-26 07:24:29 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
- 2008-06-23 16:57:34 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
+ 2008-08-26 07:24:29 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
- 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
- 2008-06-23 16:57:35 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
- 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2008-10-07 19:19:40 16,721,856 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
- 2008-06-23 16:57:36 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
- 2008-06-23 16:57:36 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
- 2008-06-24 09:57:40 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
- 2008-06-23 16:57:39 477,696 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
- 2008-06-23 16:57:39 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
+ 2008-08-26 07:24:30 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
- 2008-06-23 16:57:40 671,232 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
+ 2008-08-26 07:24:30 671,232 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
- 2007-02-28 08:38:55 2,057,600 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
- 2007-02-28 09:10:57 2,180,352 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
- 2008-06-23 16:57:40 102,912 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
+ 2008-08-26 07:24:30 102,912 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
- 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
- 2007-07-27 09:41:40 16,760
w C:\WINDOWS\SYSTEM32\spmsg.dll
+ 2007-11-30 11:18:51 17,272
w C:\WINDOWS\SYSTEM32\spmsg.dll
- 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
+ 2008-08-26 07:24:30 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
- 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
- 2008-06-23 16:57:41 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
+ 2008-08-26 07:24:31 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
- 2008-03-19 09:47:00 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
- 2008-06-23 16:57:41 826,368 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2008-08-26 07:24:31 826,368 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
.It's easier to get forgiveness than to ask permission
0 -
And now part two
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"STManager"="C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-10-16 118784]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 2478080]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 1871872]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-02-25 496752]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-24 98304]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-02-16 147456]
"EPSON Stylus C64 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2004-03-10 406016]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-07-16 180269]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2005-03-09 98304]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-11 1234712]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-15 113664]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2004-09-24 156784]
BT Yahoo! Help.lnk - C:\Program Files\BT Yahoo\BT Yahoo Help\bin\matcli.exe [2005-05-21 217088]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2002-01-09 200704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-11 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-11 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-11 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-11 76040]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!7bef049a-2c00-11dc-a1ea-000e505b3b81}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-18 11:15:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-10-18 11:21:43
ComboFix-quarantined-files.txt 2008-10-18 10:21:37
ComboFix2.txt 2008-10-15 22:04:55
ComboFix3.txt 2008-10-13 19:19:12
Pre-Run: 12,374,663,168 bytes free
Post-Run: 12,391,776,256 bytes free
382 --- E O F --- 2008-10-17 21:50:10It's easier to get forgiveness than to ask permission
0 -
Here is the latest Hijack This log too
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:17, on 18/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - !!3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - !!53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo\BT Yahoo Help\bin\matcli.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: BT Yahoo! Services - !!5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: BT - !!69CF4E2C-CA90-40BF-9834-D902C337474B} - http://www.bt.com (file missing) (HKCU)
O9 - Extra button: Homepage - {AC795FE4-7900-434E-B6BF-D02DA157509E} - http://bt.yahoo.com (file missing) (HKCU)
O16 - DPF: !!406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\!!9438C8D9-FE51-4406-9C6E-FFBDBEB7C514}: NameServer = 194.74.65.69 62.6.40.178
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
--
End of file - 8515 bytesIt's easier to get forgiveness than to ask permission
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.2K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.3K Work, Benefits & Business
- 601K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards