Jump to content

NascarFan19

Anti-Spyware Brigade
  • Content Count

    910
  • Joined

  • Last visited

Everything posted by NascarFan19

  1. Some weeks back, I posted a question in U2U. I never saw a reply, and I have just spent 20 minutes going through my old posts, looking for it. Please allow the re-asking. I have tried accessing an area on an online site, and get the following message. You may be trying to access a private offer or shopping area on nextel.com. Please confirm that the link you entered is correct. We apologize for the inconvenience. If you feel you have received this message in error, please contact us at 1-877-618-5606. NOTE: If your computer is running an Antivirus software package, such as Norton Internet Security Pro® or Zone Alarm Pro®, you may choose to follow these steps to adjust your privacy settings to gain access to this website. I have made all the adjustments suggested in the message. I am using ZA, but no Norton. I called the help number listed there, and they tried accessing the same area, using my password and account for logging on. I was told that they could sign into the area with no problem, that it had to be a security issue on my computer. I have nothing running or any settings that should keep me from logging onto any site. Thanks for any suggestions PEACE WILL 23 TO GO
  2. Gardener, I never thought of it like you just said, and it makes sense. Thank you for shedding a different light on what I was trying to say. To Doug: "As a significant contributor to the off-topic content in this thread, I apologize to you". Doug, certainly no apology to me is needed, but the fact you thought to offered one says a lot about the kind of person you are. For THAT, I thank you. 32 To Go
  3. I started this thread, and I think it has served a purpose. My original intent was to think and pray for the families of ALL involved......even the shooter's family. His family must be going through a living hell as well. For all intents and purposes, they have lost him for the rest of their lives. Gun control and people control are all well and good, but this thread has turned into something I had no intent on starting. PEACE WILL
  4. What is this world coming to? http://www.cnn.com/2007/US/04/16/vtech.shooting/index.html
  5. It is a picture of my Granddaughter. It did the same thing on an earlier scan. It is easily put back up. No big deal. One of the instructions using the AVG Scan was to go to Display and click on Desktop....then Customize Desktop button...then click on Web tab. In there is where it took it off. Again, no problem adding it back now that I have a clean bill of health from Doc Jacee. Also, everything seems to be fine now. Nothing popping up or acting weird. Are all cleansings as complicated as mine was? Seems like I have done HJTlogs before that were simpler. I must have had a few "meanies" on board. Thank you very much for your devoted and time and knowledge. You are an asset to the PIT! Have one on me.
  6. Here I Is!! --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 3:29:54 AM 4/15/2007 + Scan result: Nothing found. ::Report end Logfile of HijackThis v1.99.1 Scan saved at 10:32:35 AM, on 4/15/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\HJT Log\HJT Log.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.pcpitstop.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O8 - Extra context menu item: Save to &Xdrive - res://C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe/std.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.xdrive.com/downloads/std_install/setup.exe O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Xdrive Service - Xdrive LLC - C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe The AVG scan removed my wallpaper, Is it ok to put it back yet?
  7. When I boot into Safe Mode, I execute the SDFix and run it. It then posts a report called Catchme something. I SWEAR I do. I wonder what the blazes I am doing wrong.
  8. I knew that catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Dang!! I did it again!! BRB Hey....this IS the SDFix file. no?
  9. Errrrrah This be the one? catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0
  10. catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 "Cecil" - 07-04-11 23:28:20 Service Pack 2 ComboFix 07-04-05 - Running from: "C:\Documents and Settings\Cecil\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Cecil\Desktop.\internet explorer.lnk ((((((((((((((((((((((((((((((( Files Created from 2007-03-11 to 2007-04-11 )))))))))))))))))))))))))))))))))) 2007-04-09 22:22 <DIR> d-------- C:\Program Files\IrfanView 2007-04-08 18:07 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-04-08 01:15 796 --a------ C:\WINDOWS\system32\tmp.reg 2007-04-08 01:14 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-04-08 01:14 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-04-08 01:14 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-04-08 01:14 40,960 --a------ C:\WINDOWS\system32\swsc.exe 2007-04-08 01:14 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-04-08 01:14 135,168 --a------ C:\WINDOWS\system32\swreg.exe 2007-04-07 20:55 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-04-07 16:04 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-04-07 16:04 <DIR> d-------- C:\a9de6da54b6c4e208c48 2007-04-07 15:16 <DIR> d-------- C:\DOCUME~1\Cecil\APPLIC~1\Xdrive 2007-04-06 23:33 4,992 --a------ C:\WINDOWS\system32\drivers\loop.sys 2007-04-06 23:30 <DIR> d-------- C:\Program Files\Common Files\Merge Modules 2007-04-06 23:29 55,808 --a------ C:\WINDOWS\system32\zlib1.dll 2007-04-06 23:29 <DIR> d-------- C:\Program Files\Xdrive 2007-04-06 23:29 <DIR> d-------- C:\DOCUME~1\Cecil\APPLIC~1\InstallShield 2007-04-06 21:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-04-01 22:24 <DIR> d-------- C:\VundoFix Backups 2007-04-01 00:37 <DIR> d-------- C:\HJT Log 2007-03-27 23:16 <DIR> d-------- C:\Program Files\Common Files\DriveCleaner Free 2007-03-27 23:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2007-03-27 23:05 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-03-27 21:16 0 --a------ C:\WINDOWS\system32\taskkill.exe 2007-03-25 20:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-03-25 20:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-03-16 20:00 <DIR> d-------- C:\e4d93996ebf690fc2a909c5a7c 2007-03-15 22:09 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys 2007-03-15 22:09 <DIR> d-------- C:\My Music 2007-03-15 22:08 <DIR> d-------- C:\Program Files\Real 2007-03-12 23:37 <DIR> d-------- C:\DOCUME~1\Cecil\APPLIC~1\Real 2007-03-12 23:32 <DIR> d-------- C:\My Downloads 2007-03-11 13:28 <DIR> dr------- C:\2006 Tax Returns 2007-03-11 12:24 <DIR> d-------- C:\help (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-10 21:33 -------- d-------- C:\Program Files\pcpitstop 2007-04-08 18:08 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-04-06 23:29 -------- d--h----- C:\Program Files\installshield installation information 2007-04-06 09:54 -------- d-------- C:\DOCUME~1\Cecil\APPLIC~1\weatherbug 2007-04-05 21:34 -------- d-------- C:\Program Files\java 2007-03-31 22:00 -------- d-------- C:\Program Files\spywareblaster 2007-03-22 00:16 -------- d-------- C:\Program Files\partygaming.net 2007-03-17 09:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-15 22:09 -------- d-------- C:\Program Files\Common Files\real 2007-03-08 22:18 -------- d-------- C:\Program Files\wavman 11 2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys 2007-03-04 02:57 -------- d-------- C:\Program Files\nch swift sound 2007-03-04 02:57 -------- d-------- C:\DOCUME~1\Cecil\APPLIC~1\nch swift sound 2007-02-24 13:25 -------- d-------- C:\Program Files\eusing free registry cleaner 2007-02-17 13:21 -------- d-------- C:\Program Files\gimpshop 2007-02-11 20:13 -------- d-------- C:\Program Files\limewire 2007-02-05 16:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll 2007-01-14 19:55 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll 2007-01-14 19:55 118784 --a------ C:\WINDOWS\system32\pdfmona.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Weather"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "WinPatrol"="C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\winpatrol.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{4D7C8A39-430F-4091-B9BF-3173DFA06DA0}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=dword:00000000 "NoResolveSearch"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job C:\WINDOWS\tasks\Xdrive Backup - Backup Set 1.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-11 23:33:28 C:\ComboFix-quarantined-files.txt ... 07-04-11 23:33 C:\ComboFix2.txt ... 07-04-11 23:10 C:\ComboFix3.txt ... 07-04-08 19:27 Logfile of HijackThis v1.99.1 Scan saved at 11:34:24 PM, on 4/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\HJT Log\Nascarfan.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.pcpitstop.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O8 - Extra context menu item: Save to &Xdrive - res://C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe/std.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.xdrive.com/downloads/std_install/setup.exe O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Xdrive Service - Xdrive LLC - C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe
  11. http://download.bleepingcomputer.com/sUBs/combofix.exe I got a 404 Error on that link.
  12. I had no clue my bleeping machine was so bad that it would take all these little proggies to fix it. You are both very patient, and very kind. C:\WINDOWS\system32\mljjg.exe moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\WinFlyer32.dll C:\WINDOWS\system32\WinFlyer32.dll NOT unregistered. C:\WINDOWS\system32\WinFlyer32.dll moved successfully. C:\DOCUME~1\Cecil\APPLIC~1\.wyzo moved successfully. File/Folder not found. File/Folder not found. Created on 04/10/2007 21:28:11
  13. Gonna steal this thread to say Hey Ax!!! Long Time No Read its good to see you back here. and Go Mark Martin!
  14. VirusTotalVirusTotal is a free file analisys service that works using several antivirus engines. Select file : DistributeSSL Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.Menu: News Hot news in the virus/antivirus sector. Estadisticas Statistics of VirusTotal procesing. Virustotal More info about Virustotal. STATUS: FINISHEDComplete scanning result of "MFC71.dll", received in VirusTotal at 04.10.2007, 05:13:43 (CET). Antivirus Version Update Result AhnLab-V3 2007.4.10.0 04.09.2007 no virus found AntiVir 7.3.1.48 04.09.2007 no virus found Authentium 4.93.8 04.09.2007 no virus found Avast 4.7.936.0 04.08.2007 no virus found AVG 7.5.0.447 04.10.2007 no virus found BitDefender 7.2 04.10.2007 no virus found CAT-QuickHeal 9.00 04.09.2007 no virus found ClamAV devel-20070312 04.09.2007 no virus found DrWeb 4.33 04.09.2007 no virus found eSafe 7.0.15.0 04.09.2007 no virus found eTrust-Vet 30.7.3556 04.09.2007 no virus found Ewido 4.0 04.09.2007 no virus found FileAdvisor 1 04.10.2007 No threat detected Fortinet 2.85.0.0 04.10.2007 no virus found F-Prot 4.3.1.45 04.08.2007 no virus found F-Secure 6.70.13030.0 04.09.2007 no virus found Ikarus T3.1.1.3 04.09.2007 no virus found Kaspersky 4.0.2.24 04.10.2007 no virus found McAfee 5004 04.09.2007 no virus found Microsoft 1.2405 04.10.2007 no virus found NOD32v2 2175 04.09.2007 no virus found Norman 5.80.02 04.09.2007 no virus found Panda 9.0.0.4 04.09.2007 no virus found Prevx1 V2 04.10.2007 no virus found Sophos 4.16.0 04.06.2007 no virus found Sunbelt 2.2.907.0 04.07.2007 no virus found Symantec 10 04.10.2007 no virus found TheHacker 6.1.6.088 04.09.2007 no virus found VBA32 3.11.3 04.09.2007 no virus found VirusBuster 4.3.7:9 04.09.2007 no virus found Webwasher-Gateway 6.0.1 04.10.2007 no virus found Aditional Information File size: 1060864 bytes MD5: 1fd3f9722119bdf7b8cff0ecd1e84ea6 SHA1: 9a4faa258b375e173feaca91a8bd920baf1091eb Bit9 info: http://fileadvisor.bit9.com/services/extin...8cff0ecd1e84ea6 VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. > Go to: Home Contactar En Español -------------------------------------------------------------------------------- www.virustotal.com :: ©Hispasec Sistemas 2004-07:: e-mail [email protected]
  15. NascarFan19

    how do i

    Speaking of which.....where IS Donna? Havent seen her in a while.
  16. ComboScan v20070306.20 run by Cecil on 2007-04-09 at 18:59:50 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created ComboScan Restore Point. -- Last 5 Restore Point(s) -- 15: 2007-04-09 23:00:03 UTC - RP265 - ComboScan Restore Point 14: 2007-04-08 22:35:50 UTC - RP264 - System Checkpoint 13: 2007-04-07 20:03:44 UTC - RP263 - Software Distribution Service 2.0 12: 2007-04-07 03:30:02 UTC - RP262 - Installed Xdrive Desktop 11: 2007-04-07 03:29:29 UTC - RP261 - Installed Xdrive Desktop -- First Restore Point -- 1: 2007-04-03 03:20:05 UTC - RP251 - System Checkpoint Performed disk cleanup. -- HijackThis (run as Cecil.exe) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 7:42:02 PM, on 4/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Common Files\AOL\ACS\acsd.exe C:\WINDOWS\explorer.exe C:\Program Executes\comboscan.exe C:\HJTLOG~1\Cecil.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.pcpitstop.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O8 - Extra context menu item: Save to &Xdrive - res://C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe/std.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.xdrive.com/downloads/std_install/setup.exe O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Xdrive Service - Xdrive LLC - C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe -- HijackThis Fixed Entries (C:\HJTLOG~1\backups\) ----------------------------- backup-20070404-214711-233 O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file) backup-20070404-214711-275 O2 - BHO: (no name) - {6E45F391-5AEC-4A9D-86BE-6183BB7CACBf} - C:\WINDOWS\system32\qqjjqvpy.dll (file missing) backup-20070404-214711-365 O2 - BHO: (no name) - {D5324462-C090-40EE-9A8C-9F80DBB8507F} - C:\WINDOWS\system32\pmkhf.dll (file missing) backup-20070404-214711-461 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) backup-20070404-214711-535 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = backup-20070404-214711-564 O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 backup-20070404-214711-755 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = backup-20070404-214711-838 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = backup-20070404-214712-670 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) backup-20070404-214712-986 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) -- File Associations ----------------------------------------------------------- .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .cmd - cmdfile - "%1" %* .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2R ASCTRM - C:\WINDOWS\system32\drivers\asctrm.sys 1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys 1R Avg7Core (AVG7 Kernel) - C:\WINDOWS\system32\drivers\avg7core.sys 1R Avg7RsW (AVG7 Wrap Driver) - C:\WINDOWS\system32\drivers\avg7rsw.sys 1R Avg7RsXP (AVG7 Resident Driver XP) - C:\WINDOWS\system32\drivers\avg7rsxp.sys 1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys 1R AvgClean (AVG7 Clean Driver) - C:\WINDOWS\system32\drivers\avgclean.sys 2R AvgTdi (AVG Network Redirector) - C:\WINDOWS\system32\drivers\avgtdi.sys 1R BANTExt (Belarc SMBios Access) - C:\WINDOWS\system32\drivers\BANTExt.sys 3R HSFHWBS2 - C:\WINDOWS\system32\drivers\hsfbs2s2.sys 3R HSF_DP - C:\WINDOWS\system32\drivers\hsfdpsp2.sys 3R ialm - C:\WINDOWS\system32\drivers\ialmnt5.sys 4S InCDFs (InCD File System) - C:\WINDOWS\system32\drivers\InCDFs.sys (not found) 1S InCDPass - C:\WINDOWS\system32\drivers\InCDPass.sys (not found) 1S InCDRm (InCD Reader) - C:\WINDOWS\system32\drivers\InCDRm.sys (not found) 1S intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys 3S L8042Kbd (Logitech SetPoint Keyboard Driver) - C:\WINDOWS\system32\drivers\L8042Kbd.sys 3S L8042mou (SetPoint PS/2 Mouse Filter Driver) - C:\WINDOWS\system32\drivers\L8042mou.Sys 3S LMouKE (SetPoint Mouse Filter Driver) - C:\WINDOWS\system32\drivers\LMouKE.Sys 2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys 3R msloop (Microsoft Loopback Adapter Driver) - C:\WINDOWS\system32\drivers\loop.sys 3R ms_mpu401 (Microsoft MPU-401 MIDI UART Driver) - C:\WINDOWS\system32\drivers\msmpu401.sys 3R ousb2hub (OrangeWare USB 2.0 Root Hub Support) - C:\WINDOWS\system32\drivers\ousb2hub.sys 2R ousbehci (OrangeWare USB Enhanced Host Controller Service) - C:\WINDOWS\system32\drivers\ousbehci.sys 0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys 3R rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - C:\WINDOWS\system32\drivers\rtl8139.sys 3S SABProcEnum - C:\Program Files\Internet Explorer\SABProcEnum.sys (not found) 0R srescan - C:\WINDOWS\system32\ZoneLabs\srescan.sys 3S usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys 3R usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys 1R vsdatant - C:\WINDOWS\system32\vsdatant.sys 3R wanatw (WAN Miniport (ATW)) - C:\WINDOWS\system32\drivers\wanatw4.sys 3S wg111nd5 (NETGEAR WG111 802.11g Wireless USB Adapter Driver) - C:\WINDOWS\system32\drivers\wg111nd5.sys 3R winachsf - C:\WINDOWS\system32\drivers\hsfcxts2.sys 3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys 3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys 3R {6080A529-897E-4629-A488-ABA0C29B635E} (Intel® Graphics Platform (SoftBIOS) Driver) - C:\WINDOWS\system32\drivers\ialmsbw.sys 3R {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (Intel® Graphics Chipset (KCH) Driver) - C:\WINDOWS\system32\drivers\ialmkchw.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 4S AOL ACS (AOL Connectivity Service) - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe 2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe 2R Avg7Alrt (AVG7 Alert Manager Server) - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe 2R Avg7UpdSvc (AVG7 Update Service) - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe 2R AVGEMS (AVG E-mail Scanner) - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe 4S UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe 2R vsmon (TrueVector Internet Monitor) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service 2R WANMiniportService (WAN Miniport (ATW) Service) - "C:\WINDOWS\wanmpsvc.exe" 2R Xdrive Service - "C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe" -- Scheduled Tasks ------------------------------------------------------------- 2007-04-09 05:00:00 306 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job<SPYBOT~1.JOB> 2007-04-07 15:25:29 548 --a------ C:\WINDOWS\Tasks\Xdrive Backup - Backup Set 1.job<XDRIVE~1.JOB> -- Files created between 2007-03-09 and 2007-04-09 ----------------------------- 2007-04-08 18:07:42 1087216 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-04-08 01:15:06 796 --a------ C:\WINDOWS\system32\tmp.reg 2007-04-08 01:14:31 79360 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-04-08 01:14:30 40960 --a------ C:\WINDOWS\system32\swsc.exe 2007-04-08 01:14:30 135168 --a------ C:\WINDOWS\system32\swreg.exe 2007-04-08 01:14:30 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-04-08 01:14:30 53248 --a------ C:\WINDOWS\system32\Process.exe 2007-04-08 01:14:30 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-04-07 20:55:52 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1> 2007-04-07 16:04:21 0 d-------- C:\a9de6da54b6c4e208c48<A9DE6D~1> 2007-04-07 16:04:12 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0> 2007-04-07 15:16:52 0 d-------- C:\Documents and Settings\Cecil\Application Data\Xdrive 2007-04-06 23:33:07 4992 --a------ C:\WINDOWS\system32\drivers\loop.sys 2007-04-06 23:30:04 0 d-------- C:\Program Files\Common Files\Merge Modules<MERGEM~1> 2007-04-06 23:29:39 55808 --a------ C:\WINDOWS\system32\zlib1.dll 2007-04-06 23:29:32 0 d-------- C:\Program Files\Xdrive 2007-04-06 23:29:01 0 d-------- C:\Documents and Settings\Cecil\Application Data\InstallShield<INSTAL~1> 2007-04-06 21:05:53 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-04-01 22:24:17 0 d-------- C:\VundoFix Backups<VUNDOF~1> 2007-04-01 00:37:05 0 d-------- C:\HJT Log<HJTLOG~1> 2007-03-27 23:16:59 0 d-------- C:\Program Files\Common Files\DriveCleaner Free<DRIVEC~1> 2007-03-27 23:05:31 1060864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-03-27 23:05:31 89088 --a------ C:\WINDOWS\system32\atl71.dll 2007-03-27 21:16:02 0 --a------ C:\WINDOWS\system32\taskkill.exe 2007-03-27 20:37:40 31844 -----n--- C:\WINDOWS\system32\mljjg.exe 2007-03-25 22:05:37 98304 --a------ C:\WINDOWS\system32\WinFlyer32.dll<WINFLY~1.DLL> 2007-03-25 22:04:29 0 d-------- C:\Documents and Settings\Cecil\Application Data\.wyzo<WYZO~1> 2007-03-25 20:53:39 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM> 2007-03-25 20:53:21 0 d-------- C:\Program Files\SUPERAntiSpyware<SUPERA~1> 2007-03-16 20:00:55 0 d-------- C:\e4d93996ebf690fc2a909c5a7c<E4D939~1> 2007-03-15 22:09:14 0 d-------- C:\My Music<MYMUSI~1> 2007-03-15 22:09:12 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys 2007-03-15 22:08:52 0 d-------- C:\Program Files\Real 2007-03-12 23:37:32 0 d-------- C:\Documents and Settings\Cecil\Application Data\Real 2007-03-12 23:32:45 0 d-------- C:\My Downloads<MYDOWN~1> 2007-03-11 13:28:48 0 dr------- C:\2006 Tax Returns<2006TA~1> 2007-03-11 12:24:24 0 d-------- C:\help -- Find3M Report --------------------------------------------------------------- 2007-04-08 18:08:34 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-04-06 23:32:16 0 d-------- C:\Program Files\Common Files\AOL 2007-04-06 23:29:29 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-04-06 21:41:24 0 d-------- C:\Documents and Settings\Cecil\Application Data\LimeWire 2007-04-06 21:05:47 0 d-------- C:\Program Files\Grisoft 2007-04-06 20:44:41 0 d---s---- C:\Documents and Settings\Cecil\Application Data\Microsoft<MICROS~1> 2007-04-06 09:54:25 0 d-------- C:\Documents and Settings\Cecil\Application Data\WeatherBug<WEATHE~1> 2007-04-05 21:34:57 0 d-------- C:\Program Files\Java 2007-03-31 22:00:01 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1> 2007-03-28 22:30:39 0 d-------- C:\Program Files\PCPitstop<PCPITS~1> 2007-03-22 00:16:40 0 d-------- C:\Program Files\PartyGaming.Net<PARTYG~1.NET> 2007-03-15 22:09:12 0 d-------- C:\Program Files\Common Files\Real 2007-03-08 22:18:14 0 d-------- C:\Program Files\WavMan 11<WAVMAN~1> 2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 11:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 11:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 09:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys 2007-03-04 02:57:37 0 d-------- C:\Program Files\NCH Swift Sound<NCHSWI~1> 2007-03-04 02:57:36 0 d-------- C:\Documents and Settings\Cecil\Application Data\NCH Swift Sound<NCHSWI~1> 2007-02-26 00:42:09 0 d-------- C:\Program Files\Camtech 2007-02-24 13:25:00 0 d-------- C:\Program Files\Eusing Free Registry Cleaner<EUSING~1> 2007-02-17 13:21:06 0 d-------- C:\Program Files\GIMPshop 2007-02-11 20:13:15 0 d-------- C:\Program Files\LimeWire 2007-02-09 00:14:26 0 d-------- C:\Documents and Settings\Cecil\Application Data\Viewpoint<VIEWPO~1> 2007-01-29 04:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe 2007-01-14 19:55:21 118784 --a------ C:\WINDOWS\system32\pdfmona.dll 2007-01-14 19:55:20 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll<PDF995~1.DLL> -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Weather"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "WinPatrol"="C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\winpatrol.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{4D7C8A39-430F-4091-B9BF-3173DFA06DA0}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=dword:00000000 "NoResolveSearch"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 -- Hosts ----------------------------------------------------------------------- 10.254.254.253 Xdrive -- End of ComboScan: finished at 2007-04-09 at 19:43:00 ------------------------ ComboScan v20070306.20 run by Cecil on 2007-04-09 at 18:59:50 Supplementary logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Celeron® CPU 1.80GHz Percentage of Memory in Use: 74% Physical Memory (total/avail): 381.98 MiB / 97.99 MiB Pagefile Memory (total/avail): 920.79 MiB / 645.36 MiB Virtual Memory (total/avail): 2047.88 MiB / 1999.38 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 37.27 GiB total, 10.93 GiB free. D: is CDROM (No Media) E: is CDROM (No Media) -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FW: ZoneAlarm Pro Firewall v7.0.337.000 (Check Point, LTD.) AV: AVG 7.5.446 v7.5.446 (GRISOFT) -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Cecil\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=YOUR-1RNFG39627 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Cecil LOGONSERVER=\\YOUR-1RNFG39627 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 3, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0103 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Cecil\LOCALS~1\Temp TMP=C:\DOCUME~1\Cecil\LOCALS~1\Temp tvdumpflags=8 USERDOMAIN=YOUR-1RNFG39627 USERNAME=Cecil USERPROFILE=C:\Documents and Settings\Cecil windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Owner (admin) Cecil (admin) -- Add/Remove Programs --------------------------------------------------------- --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Advanced WindowsCare V2 Beta 3.62 --> "C:\Program Files\IObit\Advanced WindowsCare V2\unins000.exe" America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe AOL Coach Version 1.0(Build:20030807.3) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe AusLogics Disk Defrag --> "C:\Program Files\AusLogics Disk Defrag\unins000.exe" AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll" CDCheck --> "C:\Program Files\CDCheck\uninst.exe" Easy Thumbnails (Remove only) --> "C:\Program Files\Easy Thumbnails\unins000.exe" EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 EPSON ESPR220 Reference Guide --> C:\Program Files\epson\guide\spr220_e\uninstall.exe EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\setup.exe" -l0x9 -SYSTEM EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R Eusing Free Registry Cleaner --> C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe Free Audio Tag --> "C:\Program Files\Free Audio Tag\unins000.exe" GIMPshop 2.2.8 --> C:\Program Files\GIMPshop\uninst.exe GoldWave v5.13 --> "C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.13" "C:\Program Files\GoldWave\unstall.log" Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly Hidden Utilities XP --> MsiExec.exe /I{E4E3B247-9A66-45B0-A624-278A0606B896} HijackThis 1.99.1 --> C:\HJT Log\HijackThis.exe /uninstall Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562 Java SE Development Kit 6 Update 1 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160010} Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} jv16 PowerTools 1.3 --> "C:\Program Files\jv16 PowerTools 2006\unins000.exe" LimeWire PRO 4.12.3 --> "C:\Program Files\LimeWire\uninstall.exe" MP3-tag --> "C:\Program Files\MP3-tag\Uninstall.exe" "C:\Program Files\MP3-tag\install.log" MP3 CD Ripper --> "C:\Program Files\MP3 CD Ripper\unins000.exe" Nero 6 Ultra Edition --> NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL Netscape 6 (6.2.1) --> C:\WINDOWS\N6Uninst.exe /ua "6.2.1 (en)" Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan PartyPokerNet --> "C:\Program Files\PartyGaming.Net\PartyPokerNet\Uninstall.exe" "C:\Program Files\PartyGaming.Net\PartyPokerNet\install.log" PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0 Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE Road Runner Medic 5.4 --> "C:\WINDOWS\unins000.exe" Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" TaxCut Premium 2006 --> C:\TaxCut06\Program\removetc.exe Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u WavMan 11.x --> C:\PROGRA~1\WAVMAN~1\UNWISE.EXE C:\PROGRA~1\WAVMAN~1\INSTALL.LOG WeatherBug --> C:\PROGRA~1\AWS\WEATHE~1\REMOVE.EXE C:\PROGRA~1\AWS\WEATHE~1\INSTALL.LOG WebFldrs XP --> Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE} WinFlyer --> "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,UnInstall WinPatrol --> C:\WINDOWS\uninst.exe -f"C:\Program Files\BillP Studios\WinPatrol\DeIsL1.isu" -c"C:\Program Files\BillP Studios\WinPatrol\_ISREG32.DLL" Xdrive Desktop --> C:\Program Files\InstallShield Installation Information\{3FFE825D-777C-4786-855C-C61DFB5591AF}\setup.exe -runfromtemp -l0x0009 -removeonly Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG ZoneAlarm Pro --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe -- End of ComboScan: finished at 2007-04-09 at 19:43:00 ------------------------
  17. Antivirus Version Update Result AhnLab-V3 2007.4.10.0 04.09.2007 no virus found AntiVir 7.3.1.48 04.09.2007 no virus found Authentium 4.93.8 04.09.2007 no virus found Avast 4.7.936.0 04.08.2007 no virus found AVG 7.5.0.447 04.10.2007 no virus found BitDefender 7.2 04.10.2007 no virus found CAT-QuickHeal 9.00 04.09.2007 no virus found ClamAV devel-20070312 04.09.2007 no virus found DrWeb 4.33 04.09.2007 no virus found eSafe 7.0.15.0 04.09.2007 no virus found eTrust-Vet 30.7.3556 04.09.2007 no virus found Ewido 4.0 04.09.2007 no virus found FileAdvisor 1 04.10.2007 No threat detected Fortinet 2.85.0.0 04.09.2007 no virus found F-Prot 4.3.1.45 04.08.2007 no virus found F-Secure 6.70.13030.0 04.09.2007 no virus found Ikarus T3.1.1.3 04.09.2007 no virus found Kaspersky 4.0.2.24 04.10.2007 no virus found McAfee 5004 04.09.2007 no virus found Microsoft 1.2405 04.10.2007 no virus found NOD32v2 2175 04.09.2007 no virus found Norman 5.80.02 04.09.2007 no virus found Panda 9.0.0.4 04.09.2007 no virus found Prevx1 V2 04.10.2007 no virus found Sophos 4.16.0 04.06.2007 no virus found Sunbelt 2.2.907.0 04.07.2007 no virus found Symantec 10 04.10.2007 no virus found TheHacker 6.1.6.088 04.09.2007 no virus found VBA32 3.11.3 04.09.2007 no virus found VirusBuster 4.3.7:9 04.09.2007 no virus found Webwasher-Gateway 6.0.1 04.09.2007 no virus found Aditional Information File size: 1060864 bytes MD5: 1fd3f9722119bdf7b8cff0ecd1e84ea6 SHA1: 9a4faa258b375e173feaca91a8bd920baf1091eb Bit9 info: http://fileadvisor.bit9.com/services/extin...8cff0ecd1e84ea6 The following is the scan of Taskill.exe 0 bytes size received / Se ha recibido un archivo vacio VirusTotalVirusTotal is a free file analisys service that works using several antivirus engines. Select file : DistributeSSL Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.Menu: News Hot news in the virus/antivirus sector. Estadisticas Statistics of VirusTotal procesing. Virustotal More info about Virustotal. STATUS: FINISHEDComplete scanning result of "mrtstub.exe", received in VirusTotal at 04.10.2007, 02:26:35 (CET). Antivirus Version Update Result AhnLab-V3 2007.4.10.0 04.09.2007 no virus found AntiVir 7.3.1.48 04.09.2007 no virus found Authentium 4.93.8 04.09.2007 no virus found Avast 4.7.936.0 04.08.2007 no virus found AVG 7.5.0.447 04.10.2007 no virus found BitDefender 7.2 04.10.2007 no virus found CAT-QuickHeal 9.00 04.09.2007 no virus found ClamAV devel-20070312 04.09.2007 no virus found DrWeb 4.33 04.09.2007 no virus found eSafe 7.0.15.0 04.09.2007 no virus found eTrust-Vet 30.7.3556 04.09.2007 no virus found Ewido 4.0 04.09.2007 no virus found FileAdvisor 1 04.10.2007 Not analyzed yet Fortinet 2.85.0.0 04.09.2007 no virus found F-Prot 4.3.1.45 04.08.2007 no virus found F-Secure 6.70.13030.0 04.09.2007 no virus found Ikarus T3.1.1.3 04.09.2007 no virus found Kaspersky 4.0.2.24 04.10.2007 no virus found McAfee 5004 04.09.2007 no virus found Microsoft 1.2405 04.10.2007 no virus found NOD32v2 2175 04.09.2007 no virus found Norman 5.80.02 04.09.2007 no virus found Panda 9.0.0.4 04.09.2007 no virus found Prevx1 V2 04.10.2007 no virus found Sophos 4.16.0 04.06.2007 no virus found Sunbelt 2.2.907.0 04.07.2007 no virus found Symantec 10 04.10.2007 no virus found TheHacker 6.1.6.088 04.09.2007 no virus found VBA32 3.11.3 04.09.2007 no virus found VirusBuster 4.3.7:9 04.09.2007 no virus found Webwasher-Gateway 6.0.1 04.09.2007 no virus found Aditional Information File size: 89560 bytes MD5: 8306dc1ed34f62d7e6abd1b0cdd145fe SHA1: 6e2da2b664110ddc9e6a259eecde190384abe73b Bit9 info: http://fileadvisor.bit9.com/services/extin...6abd1b0cdd145fe VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. > Go to: Home Contactar En Español -------------------------------------------------------------------------------- www.virustotal.com :: ©Hispasec Sistemas 2004-07:: e-mail [email protected]
  18. I know you aint gonna believe this. I scanned and copied to a post and then closed the FREAKING WINDOW!!!!!!!!! I DID look at each as they scanned, and I can assure you, that they all came up clean. If you wish, I will do another scan at VirusTotal and post it. Otherwise, I will post the rest of the scans you requested.
  19. It seems to be nuch better now, Jacee. The pop ups are gone. I havent a clue where they came from, since I use a pop up blocker. "Cecil" - 07-04-08 18:55:02 Service Pack 2 ComboFix 07-04-04.5 - Running from: "C:\Program Executes" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Cecil\Desktop.\internet explorer.lnk ((((((((((((((((((((((((((((((( Files Created from 2007-03-08 to 2007-04-08 )))))))))))))))))))))))))))))))))) 2007-04-08 18:07 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-04-08 01:15 796 --a------ C:\WINDOWS\system32\tmp.reg 2007-04-08 01:14 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-04-08 01:14 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-04-08 01:14 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-04-08 01:14 40,960 --a------ C:\WINDOWS\system32\swsc.exe 2007-04-08 01:14 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-04-08 01:14 135,168 --a------ C:\WINDOWS\system32\swreg.exe 2007-04-07 20:55 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-04-07 16:04 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-04-07 16:04 <DIR> d-------- C:\a9de6da54b6c4e208c48 2007-04-07 15:16 <DIR> d-------- C:\DOCUME~1\Cecil\APPLIC~1\Xdrive 2007-04-06 23:33 4,992 --a------ C:\WINDOWS\system32\drivers\loop.sys 2007-04-06 23:30 <DIR> d-------- C:\Program Files\Common Files\Merge Modules 2007-04-06 23:29 55,808 --a------ C:\WINDOWS\system32\zlib1.dll 2007-04-06 23:29 <DIR> d-------- C:\Program Files\Xdrive 2007-04-06 23:29 <DIR> d-------- C:\DOCUME~1\Cecil\APPLIC~1\InstallShield 2007-04-06 21:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-04-01 22:24 <DIR> d-------- C:\VundoFix Backups 2007-04-01 00:37 <DIR> d-------- C:\HJT Log 2007-03-27 23:16 <DIR> d-------- C:\Program Files\Common Files\DriveCleaner Free 2007-03-27 23:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2007-03-27 23:05 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-03-27 21:16 0 --a------ C:\WINDOWS\system32\taskkill.exe 2007-03-27 20:37 31,844 --------- C:\WINDOWS\system32\mljjg.exe 2007-03-25 22:05 98,304 --a------ C:\WINDOWS\system32\WinFlyer32.dll 2007-03-25 22:04 <DIR> d-------- C:\DOCUME~1\Cecil\APPLIC~1\.wyzo 2007-03-25 20:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-03-25 20:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-03-16 20:00 <DIR> d-------- C:\e4d93996ebf690fc2a909c5a7c 2007-03-15 22:09 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys 2007-03-15 22:09 <DIR> d-------- C:\My Music 2007-03-15 22:08 <DIR> d-------- C:\Program Files\Real 2007-03-12 23:37 <DIR> d-------- C:\DOCUME~1\Cecil\APPLIC~1\Real 2007-03-12 23:32 <DIR> d-------- C:\My Downloads 2007-03-11 13:28 <DIR> dr------- C:\2006 Tax Returns 2007-03-11 12:24 <DIR> d-------- C:\help (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-08 18:08 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-04-06 23:29 -------- d--h----- C:\Program Files\installshield installation information 2007-04-06 21:41 -------- d-------- C:\DOCUME~1\Cecil\APPLIC~1\limewire 2007-04-06 09:54 -------- d-------- C:\DOCUME~1\Cecil\APPLIC~1\weatherbug 2007-04-05 21:34 -------- d-------- C:\Program Files\java 2007-03-31 22:00 -------- d-------- C:\Program Files\spywareblaster 2007-03-28 22:30 -------- d-------- C:\Program Files\pcpitstop 2007-03-22 00:16 -------- d-------- C:\Program Files\partygaming.net 2007-03-15 22:09 -------- d-------- C:\Program Files\Common Files\real 2007-03-08 22:18 -------- d-------- C:\Program Files\wavman 11 2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys 2007-03-04 02:57 -------- d-------- C:\Program Files\nch swift sound 2007-03-04 02:57 -------- d-------- C:\DOCUME~1\Cecil\APPLIC~1\nch swift sound 2007-02-24 13:25 -------- d-------- C:\Program Files\eusing free registry cleaner 2007-02-17 13:21 -------- d-------- C:\Program Files\gimpshop 2007-02-11 20:13 -------- d-------- C:\Program Files\limewire 2007-02-09 00:14 -------- d-------- C:\DOCUME~1\Cecil\APPLIC~1\viewpoint 2007-01-14 19:55 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll 2007-01-14 19:55 118784 --a------ C:\WINDOWS\system32\pdfmona.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Weather"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "WinPatrol"="C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\winpatrol.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{4D7C8A39-430F-4091-B9BF-3173DFA06DA0}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=dword:00000000 "NoResolveSearch"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job C:\WINDOWS\tasks\Xdrive Backup - Backup Set 1.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-08 19:27:05 C:\ComboFix-quarantined-files.txt ... 07-04-08 19:27 C:\ComboFix2.txt ... 07-04-07 15:40 C:\ComboFix3.txt ... 07-04-04 22:26
  20. Jacee, I got no warnings that these logs were too long for space available here. I hope they are in their entirety. SmitFraudFix v2.166 Scan done at 13:32:57.62, Sun 04/08/2007 Run from C:\Program Executes\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost 10.254.254.253 Xdrive »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\Program Files\MMediaCodec\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{A3CEEB48-05BC-466B-8F9B-959B8BC866D9}: DhcpNameServer=24.25.5.150 24.25.5.149 HKLM\SYSTEM\CS1\Services\Tcpip\..\{A3CEEB48-05BC-466B-8F9B-959B8BC866D9}: DhcpNameServer=24.25.5.150 24.25.5.149 HKLM\SYSTEM\CS3\Services\Tcpip\..\{A3CEEB48-05BC-466B-8F9B-959B8BC866D9}: DhcpNameServer=24.25.5.150 24.25.5.149 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.25.5.150 24.25.5.149 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 2:33:57 AM 4/7/2007 + Scan result: HKLM\SOFTWARE\Classes\CLSID\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5} -> Adware.Generic : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\CLSID\{d869742a-e5d2-4624-96c7-aae26170665e} -> Adware.HQVideoCodec : Cleaned with backup (quarantined). HKU\S-1-5-21-3942243025-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D869742A-E5D2-4624-96C7-AAE26170665E} -> Adware.HQVideoCodec : Cleaned with backup (quarantined). C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP250\A0084683.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP250\A0084685.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\VundoFix Backups\ssqroll.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\VundoFix Backups\tuvwuts.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\Program Executes\Nero\Nero 7.0.1.2 Ultra Edition with Keygen.zip/Nero 7 Keygen from Paradox/Nero7Keygen.exe -> Backdoor.Hupigon : Cleaned with backup (quarantined). C:\Program Executes\Nero\Nero 7.0.1.2 Ultra Edition with Keygen\Nero 7 Keygen from Paradox\Nero7Keygen.exe -> Backdoor.Hupigon : Cleaned with backup (quarantined). C:\Program Executes\Nero\Nero7Keygen.exe -> Backdoor.Hupigon : Cleaned with backup (quarantined). C:\Documents and Settings\Cecil\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned. C:\Documents and Settings\Cecil\Cookies\[email protected][2].txt -> TrackingCookie.Cnn : Cleaned. C:\Documents and Settings\Cecil\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned. C:\Documents and Settings\Cecil\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\Cecil\Cookies\[email protected][2].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Cecil\Cookies\[email protected][2].txt -> TrackingCookie.Msn : Cleaned. C:\Documents and Settings\Cecil\Cookies\[email protected][1].txt -> TrackingCookie.Netflame : Cleaned. C:\Documents and Settings\Cecil\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned. C:\Documents and Settings\Cecil\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\Cecil\Cookies\[email protected][2].txt -> TrackingCookie.Revsci : Cleaned. C:\Program Executes\WinRAR[1].v3.51.WinALL.Cracked-CORE.ZIP/WinRAR.v3.51.WinALL.Cracked-CORE/crack.exe -> Trojan.Small : Cleaned with backup (quarantined). ::Report end Logfile of HijackThis v1.99.1 Scan saved at 5:55:59 PM, on 4/8/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\HJT Log\Nascarfan.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.pcpitstop.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O8 - Extra context menu item: Save to &Xdrive - res://C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe/std.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.xdrive.com/downloads/std_install/setup.exe O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Xdrive Service - Xdrive LLC - C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe
  21. Incident Status Location Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Cecil\Cookies\[email protected][2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Cecil\Cookies\[email protected][2].txt Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\gdqtakgt.dll.bad Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\jklenkxw.dll.bad Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\qfpbbuju.dll.bad Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\qomkhge.dll.bad Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\tflegirq.dll.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\vrurbacg.exe.bad Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\WinFlyer32.dll SmitFraudFix v2.166 Scan done at 1:14:52.01, Sun 04/08/2007 Run from C:\Documents and Settings\Cecil\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\AWS\WeatherBug\Weather.exe C:\Program Files\Common Files\AOL\ACS\acsd.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Cecil »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Cecil\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Cecil\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\MMediaCodec\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport DNS Server Search Order: 24.25.5.150 DNS Server Search Order: 24.25.5.149 HKLM\SYSTEM\CCS\Services\Tcpip\..\{A3CEEB48-05BC-466B-8F9B-959B8BC866D9}: DhcpNameServer=24.25.5.150 24.25.5.149 HKLM\SYSTEM\CS1\Services\Tcpip\..\{A3CEEB48-05BC-466B-8F9B-959B8BC866D9}: DhcpNameServer=24.25.5.150 24.25.5.149 HKLM\SYSTEM\CS3\Services\Tcpip\..\{A3CEEB48-05BC-466B-8F9B-959B8BC866D9}: DhcpNameServer=24.25.5.150 24.25.5.149 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.25.5.150 24.25.5.149 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.25.5.150 24.25.5.149 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.25.5.150 24.25.5.149 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
  22. Jacee, as a long time member of the Pit Forum, but as a small contributor on computer problems, I must thank you and all the others that understand the methods of cleaning and hopefully rescueing computers in need. Without people like you, the rest of us would be at the mercy of those that wish to harm. Again, I offer my heartfelt thanks to you and those that contribute their time and knowledge to heloing the rest of us. --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 2:33:57 AM 4/7/2007 + Scan result: HKLM\SOFTWARE\Classes\CLSID\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5} -> Adware.Generic : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\CLSID\{d869742a-e5d2-4624-96c7-aae26170665e} -> Adware.HQVideoCodec : Cleaned with backup (quarantined). HKU\S-1-5-21-3942243025-1647371527-101265881-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D869742A-E5D2-4624-96C7-AAE26170665E} -> Adware.HQVideoCodec : Cleaned with backup (quarantined). C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP250\A0084683.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP250\A0084685.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\VundoFix Backups\ssqroll.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\VundoFix Backups\tuvwuts.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\Program Executes\Nero\Nero 7.0.1.2 Ultra Edition with Keygen.zip/Nero 7 Keygen from Paradox/Nero7Keygen.exe -> Backdoor.Hupigon : Cleaned with backup (quarantined). C:\Program Executes\Nero\Nero 7.0.1.2 Ultra Edition with Keygen\Nero 7 Keygen from Paradox\Nero7Keygen.exe -> Backdoor.Hupigon : Cleaned with backup (quarantined). C:\Program Executes\Nero\Nero7Keygen.exe -> Backdoor.Hupigon : Cleaned with backup (quarantined). C:\Documents and Settings\Cecil\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned. C:\Documents and Settings\Cecil\Cookies\[email protected][2].txt -> TrackingCookie.Cnn : Cleaned. C:\Documents and Settings\Cecil\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned. C:\Documents and Settings\Cecil\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\Cecil\Cookies\[email protected][2].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Cecil\Cookies\[email protected][2].txt -> TrackingCookie.Msn : Cleaned. C:\Documents and Settings\Cecil\Cookies\[email protected][1].txt -> TrackingCookie.Netflame : Cleaned. C:\Documents and Settings\Cecil\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned. C:\Documents and Settings\Cecil\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\Cecil\Cookies\[email protected][2].txt -> TrackingCookie.Revsci : Cleaned. C:\Program Executes\WinRAR[1].v3.51.WinALL.Cracked-CORE.ZIP/WinRAR.v3.51.WinALL.Cracked-CORE/crack.exe -> Trojan.Small : Cleaned with backup (quarantined). ::Report end "Cecil" - 07-04-07 15:32:57 Service Pack 2 ComboFix 07-04-04.5 - Running from: "C:\Program Executes" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Cecil\Desktop.\internet explorer.lnk ((((((((((((((((((((((((((((((( Files Created from 2007-03-07 to 2007-04-07 )))))))))))))))))))))))))))))))))) 2007-04-07 15:16 <DIR> d-------- C:\DOCUME~1\Cecil\APPLIC~1\Xdrive 2007-04-06 23:33 4,992 --a------ C:\WINDOWS\system32\drivers\loop.sys 2007-04-06 23:30 <DIR> d-------- C:\Program Files\Common Files\Merge Modules 2007-04-06 23:29 55,808 --a------ C:\WINDOWS\system32\zlib1.dll 2007-04-06 23:29 <DIR> d-------- C:\Program Files\Xdrive 2007-04-06 23:29 <DIR> d-------- C:\DOCUME~1\Cecil\APPLIC~1\InstallShield 2007-04-06 21:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-04-01 22:24 <DIR> d-------- C:\VundoFix Backups 2007-04-01 00:37 <DIR> d-------- C:\HJT Log 2007-03-27 23:16 <DIR> d-------- C:\Program Files\Common Files\DriveCleaner Free 2007-03-27 23:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2007-03-27 23:05 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-03-27 21:16 0 --a------ C:\WINDOWS\system32\taskkill.exe 2007-03-27 20:37 31,844 --------- C:\WINDOWS\system32\mljjg.exe 2007-03-25 22:05 98,304 --a------ C:\WINDOWS\system32\WinFlyer32.dll 2007-03-25 22:04 <DIR> d-------- C:\DOCUME~1\Cecil\APPLIC~1\.wyzo 2007-03-25 20:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-03-25 20:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-03-16 20:00 <DIR> d-------- C:\e4d93996ebf690fc2a909c5a7c 2007-03-15 22:09 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys 2007-03-15 22:09 <DIR> d-------- C:\My Music 2007-03-15 22:08 <DIR> d-------- C:\Program Files\Real 2007-03-12 23:37 <DIR> d-------- C:\DOCUME~1\Cecil\APPLIC~1\Real 2007-03-12 23:32 <DIR> d-------- C:\My Downloads 2007-03-11 13:28 <DIR> dr------- C:\2006 Tax Returns 2007-03-11 12:24 <DIR> d-------- C:\help (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-06 23:29 -------- d--h----- C:\Program Files\installshield installation information 2007-04-06 21:41 -------- d-------- C:\DOCUME~1\Cecil\APPLIC~1\limewire 2007-04-06 09:54 -------- d-------- C:\DOCUME~1\Cecil\APPLIC~1\weatherbug 2007-04-05 21:34 -------- d-------- C:\Program Files\java 2007-04-02 20:30 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-03-31 22:00 -------- d-------- C:\Program Files\spywareblaster 2007-03-28 22:30 -------- d-------- C:\Program Files\pcpitstop 2007-03-22 00:16 -------- d-------- C:\Program Files\partygaming.net 2007-03-15 22:09 -------- d-------- C:\Program Files\Common Files\real 2007-03-08 22:18 -------- d-------- C:\Program Files\wavman 11 2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys 2007-03-04 02:57 -------- d-------- C:\Program Files\nch swift sound 2007-03-04 02:57 -------- d-------- C:\DOCUME~1\Cecil\APPLIC~1\nch swift sound 2007-02-24 13:25 -------- d-------- C:\Program Files\eusing free registry cleaner 2007-02-17 13:21 -------- d-------- C:\Program Files\gimpshop 2007-02-11 20:13 -------- d-------- C:\Program Files\limewire 2007-02-09 00:14 -------- d-------- C:\DOCUME~1\Cecil\APPLIC~1\viewpoint 2007-01-14 19:55 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll 2007-01-14 19:55 118784 --a------ C:\WINDOWS\system32\pdfmona.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Weather"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1" "XdriveTrayIcon"="\"C:\\Program Files\\Xdrive\\Xdrive Desktop\\XdriveTray.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "WinPatrol"="C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\winpatrol.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "HostManager"="C:\\Program Files\\Common Files\\AOL\\1175916704\\ee\\AOLSoftware.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{4D7C8A39-430F-4091-B9BF-3173DFA06DA0}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=dword:00000000 "NoResolveSearch"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job C:\WINDOWS\tasks\Xdrive Backup - Backup Set 1.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-07 15:40:09 C:\ComboFix-quarantined-files.txt ... 07-04-07 15:40 C:\ComboFix2.txt ... 07-04-04 22:26 Logfile of HijackThis v1.99.1 Scan saved at 3:43:43 PM, on 4/7/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Common Files\AOL\1175916704\ee\AOLSoftware.exe C:\Program Files\AWS\WeatherBug\Weather.exe C:\Program Files\Xdrive\Xdrive Desktop\XdriveTray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Xdrive\Xdrive Desktop\XdrSmb.exe C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\HJT Log\Nascarfan.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.pcpitstop.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175916704\ee\AOLSoftware.exe O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O4 - HKCU\..\Run: [XdriveTrayIcon] "C:\Program Files\Xdrive\Xdrive Desktop\XdriveTray.exe" O8 - Extra context menu item: Save to &Xdrive - res://C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe/std.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.xdrive.com/downloads/std_install/setup.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159655123764 O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Xdrive Service - Xdrive LLC - C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe
  23. Jacee...I indeed deleted 3 versions of Java on Software removal list. I went thru your link and downloaded the Java file. There are 2 versions available. Online and off line. I am on cable, so I am online all the time. Anyway, I followed the prompts and what you see in the scan I posted is what I downloaded. It is acting mUCH better now. I was getting a lot of pop-up pages and crazy stuff before. I DO apprecaite your help. I again deleted all versions of Java and redownloaded it. this makes 2 times now. Again, thanks for your help
  24. "Cecil" - 07-04-04 22:20:38 Service Pack 2 ComboFix 07-04-04.5 - Running from: "C:\Documents and Settings\Cecil\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Cecil\Desktop.\internet explorer.lnk C:\Program Files\Common Files\{38C26~1 C:\Program Files\Common Files\{48C26~1 ((((((((((((((((((((((((((((((( Files Created from 2007-03-04 to 2007-04-04 )))))))))))))))))))))))))))))))))) 2007-04-01 22:24 <DIR> d-------- C:\VundoFix Backups 2007-04-01 00:37 <DIR> d-------- C:\HJT Log 2007-03-27 23:16 <DIR> d-------- C:\Program Files\Common Files\DriveCleaner Free 2007-03-27 23:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2007-03-27 23:05 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll 2007-03-27 21:16 0 --a------ C:\WINDOWS\system32\taskkill.exe 2007-03-27 20:37 31,844 --------- C:\WINDOWS\system32\mljjg.exe 2007-03-25 22:05 98,304 --a------ C:\WINDOWS\system32\WinFlyer32.dll 2007-03-25 22:04 <DIR> d-------- C:\DOCUME~1\Cecil\APPLIC~1\.wyzo 2007-03-25 20:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-03-25 20:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-03-16 20:00 <DIR> d-------- C:\e4d93996ebf690fc2a909c5a7c 2007-03-15 22:09 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys 2007-03-15 22:09 <DIR> d-------- C:\My Music 2007-03-15 22:08 <DIR> d-------- C:\Program Files\Real 2007-03-12 23:37 <DIR> d-------- C:\DOCUME~1\Cecil\APPLIC~1\Real 2007-03-12 23:32 <DIR> d-------- C:\My Downloads 2007-03-11 13:28 <DIR> dr------- C:\2006 Tax Returns 2007-03-11 12:24 <DIR> d-------- C:\help 2007-03-04 02:52 <DIR> d-------- C:\Program Files\NCH Swift Sound 2007-03-04 02:52 <DIR> d-------- C:\DOCUME~1\Cecil\APPLIC~1\NCH Swift Sound (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-04 22:14 -------- d-------- C:\Program Files\java 2007-04-04 21:51 -------- d-------- C:\DOCUME~1\Cecil\APPLIC~1\weatherbug 2007-04-02 20:30 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-03-31 22:00 -------- d-------- C:\Program Files\spywareblaster 2007-03-28 22:30 -------- d-------- C:\Program Files\pcpitstop 2007-03-22 00:16 -------- d-------- C:\Program Files\partygaming.net 2007-03-15 22:09 -------- d-------- C:\Program Files\Common Files\real 2007-03-08 22:18 -------- d-------- C:\Program Files\wavman 11 2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys 2007-02-24 13:25 -------- d-------- C:\Program Files\eusing free registry cleaner 2007-02-17 13:21 -------- d-------- C:\Program Files\gimpshop 2007-02-11 20:13 -------- d-------- C:\Program Files\limewire 2007-02-09 00:14 -------- d-------- C:\DOCUME~1\Cecil\APPLIC~1\viewpoint 2007-02-05 00:10 -------- d-------- C:\Program Files\java(3) 2007-02-05 00:10 -------- d-------- C:\Program Files\Common Files\java(3) 2007-02-05 00:10 -------- d-------- C:\Program Files\Common Files\java(2) 2007-02-04 21:30 -------- d-------- C:\Program Files\java(2) 2007-01-14 19:55 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll 2007-01-14 19:55 118784 --a------ C:\WINDOWS\system32\pdfmona.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Weather"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "WinPatrol"="C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\winpatrol.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{4D7C8A39-430F-4091-B9BF-3173DFA06DA0}"="" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=dword:00000000 "NoResolveSearch"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-04 22:26:23 C:\ComboFix-quarantined-files.txt ... 07-04-04 22:26 Logfile of HijackThis v1.99.1 Scan saved at 10:28:13 PM, on 4/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\wanmpsvc.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AWS\WeatherBug\Weather.exe C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\HJT Log\Nascarfan.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.pcpitstop.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159655123764 O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
×
×
  • Create New...