Jump to content

Jeremy032180

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Ok here ya go, I've attached them as well. CKScanner - Additional Security Risks - These are not necessarily bad c:\documents and settings\faye\my documents\mccrackin.wpd c:\program files\jasc software inc\paint shop photo album\frames\black crackle.pspframe c:\program files\jasc software inc\paint shop pro 8\picture frames\black crackle.pspframe c:\program files\mirc\download\adobe.photoshop.cs.ce.v8.0b.rus.full.retail.incl.keygen.iso c:\program files\mirc\download\keygen\pscsceruskg.exe scanner sequence 3.BC.11 ----- EOF ----- -------------------------------COMBOFIX------------------------------------------------ ComboFix 10-04-27.02 - Faye 04/28/2010 9:28.4.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.211 [GMT -4:00] Running from: c:\documents and settings\Faye\Start Menu\Programs\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Faye\LOCALS~1\Temp\install_flash_player.exe c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Flags.dtd c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\UA.dtd c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\UAcpt.dtd c:\documents and settings\All Users\Microsoft PData c:\documents and settings\Faye\Local Settings\Application Data\ave.exe c:\documents and settings\Faye\Local Settings\Temporary Internet Files\6XPnl8.jpg c:\documents and settings\Faye\Local Settings\Temporary Internet Files\cB5gNSx1K.jpg c:\documents and settings\Faye\Local Settings\Temporary Internet Files\M1o2sne7M.jpg c:\documents and settings\Faye\Local Settings\Temporary Internet Files\MrY1no.jpg c:\documents and settings\Faye\Recent\Thumbs.db c:\program files\Shared\lib.dll c:\program files\Shared\lib.sig c:\windows\msvid32.dll c:\windows\system32\cbfbbeafecece.dll . ((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-28 ))))))))))))))))))))))))))))))) . 2010-04-27 11:39 . 2010-04-27 11:39 161744 ----a-w- c:\windows\system32\ff1ec1424f28f44cb92d1b718edca7d0.exe 2010-04-27 11:39 . 2010-04-27 11:39 161808 ----a-w- c:\windows\system32\bba063c6ae78f729d44e1e8a8339c447.exe 2010-04-27 11:31 . 2010-04-27 11:31 74240 ------w- c:\windows\system32\ccaf.sys 2010-04-22 20:24 . 2010-04-22 20:24 56422 ----a-w- c:\windows\old_sans_black.zip 2010-04-22 20:21 . 2010-04-22 20:21 6215 ----a-w- c:\windows\telegrafico.zip 2010-04-22 20:20 . 2010-04-22 20:20 69679 ----a-w- c:\windows\alte_haas_grotesk.zip 2010-04-22 20:13 . 2010-04-22 20:12 7986 ----a-w- c:\windows\criticized.zip 2010-04-22 16:24 . 2010-04-28 13:40 -------- d-----w- c:\program files\Shared 2010-04-07 12:41 . 2010-04-07 12:41 162320 ----a-w- c:\windows\43F6B451B128E9757DFB687B2033E17.exe 2010-04-07 12:31 . 2010-04-07 12:31 162320 ----a-w- c:\windows\DF52C69D3741DABFAD0F3DB1222B730.exe 2010-03-31 20:18 . 2010-03-31 20:18 -------- d-----w- c:\program files\CorsiGroup 2010-03-31 20:16 . 2010-03-31 20:16 -------- d-----w- c:\program files\Microsoft.NET 2010-03-31 20:16 . 2010-03-31 20:16 -------- d-----w- c:\program files\Microsoft Access Runtime . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 68856] "Google Update"="c:\documents and settings\Faye\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-22 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-09-25 26112] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-06-18 40960] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-01 524632] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 68856] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk.disabled [2006-1-17 1918] Digital Line Detect.lnk.disabled [2004-3-19 493] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^20-20 Shortcut Bar.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\20-20 Shortcut Bar.lnk backup=c:\windows\pss\20-20 Shortcut Bar.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^20-20 Shortcut Bar.lnk.disabled] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\20-20 Shortcut Bar.lnk.disabled backup=c:\windows\pss\20-20 Shortcut Bar.lnk.disabledCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] 2003-11-10 18:30 70816 ----a-w- c:\program files\Common Files\Symantec Shared\CCAPP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2008-02-19 17:10 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2009-11-10 20:39 5244216 ------w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] 2004-06-18 12:55 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-02-01 03:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe] 2003-11-21 22:04 70840 ----a-w- c:\program files\Norton Internet Security\UrlLstCk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gusvc"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "DwlClient"=c:\program files\Common Files\Dell\EUSW\Support.exe "nwiz"=nwiz.exe /installquiet "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\2020V64\\Mswin\\60\\design.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\Faye\\My Documents\\My Received Files\\utorrent.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Faye\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\guard.exe"= "c:\\WINDOWS\\SYSTEM32\\WBEM\\UNSECAPP.EXE"= R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592] R3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver;c:\windows\system32\DRIVERS\netusb.sys [2002-02-20 70016] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-12-07 64160] S1 ATMhelpr;ATMhelpr; [x] S1 ccaf;ccaf;c:\windows\system32\ccaf.sys [2010-04-27 74240] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-01 1029456] S2 NICSer_WUSB11;NICSer_WUSB11;c:\program files\Linksys\Wireless-B USB Network Adapter\NICServ.exe [2003-07-29 458752] S3 KMUSBSC2;KM USB Scan Svc2;c:\windows\system32\Drivers\KMUSBSC2.sys [2005-01-27 25344] S3 KMUSBSCN;KM USB Scan Svc;c:\windows\system32\Drivers\KMUSBSCN.sys [2005-02-25 31232] S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\DRIVERS\netusbxp.sys [2002-02-20 72576] . Contents of the 'Scheduled Tasks' folder 2010-04-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 18:07] 2009-06-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57] 2010-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3078815001-3800091182-1463798947-1007Core.job - c:\documents and settings\Faye\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-22 13:09] 2010-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3078815001-3800091182-1463798947-1007UA.job - c:\documents and settings\Faye\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-22 13:09] 2009-07-25 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2003-11-21 22:04] 2009-12-04 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2007-07-09 05:04] 2010-04-28 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-03-19 00:38] 2010-04-28 c:\windows\Tasks\User_Feed_Synchronization-{AF465BD9-9E2C-450E-A03C-C8F546D08F68}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.sirius.com/sirius/servlet/MediaPlayer?stream=& uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: &AOL Toolbar search Trusted Zone: sirius.com\www . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-personalprotector - c:\program files\Personal Protector\personalprotector.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-28 09:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\_42e8d4de83465bdcac03b4c06a4e0083.sys_.vir 39936 bytes executable c:\windows\system32\42e8d4de83465bdcac03b4c06a4e0083.sys 39936 bytes executable scan completed successfully hidden files: 2 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\42e8d4de83465bdcac03b4c06a4e0083] "ImagePath"="system32\42e8d4de83465bdcac03b4c06a4e0083.sys" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2272) c:\windows\system32\WININET.dll c:\windows\system32\KMPJLMN.DLL c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Symantec Shared\ccProxy.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\windows\System32\nvsvc32.exe c:\program files\Common Files\Symantec Shared\SNDSrvc.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\windows\System32\wbem\unsecapp.exe c:\program files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe . ************************************************************************** . Completion time: 2010-04-28 10:12:05 - machine was rebooted ComboFix-quarantined-files.txt 2010-04-28 14:11 ComboFix2.txt 2009-12-07 22:09 ComboFix3.txt 2007-11-13 20:32 Pre-Run: 42,547,994,624 bytes free Post-Run: 42,939,228,160 bytes free - - End Of File - - 4A687ADF1A7319D9C532EE06105DB0B5 ckfiles.txt ComboFix2.txt
  2. Hello, I've attached the ComboFix log, as well as copy/pasted it below: ComboFix 10-05-13.04 - Faye 05/14/2010 12:17:47.5.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.84 [GMT -4:00] Running from: c:\documents and settings\Faye\Start Menu\Programs\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\iexplorer.exe c:\program files\Shared c:\windows\system32\Vb40032.dll . ((((((((((((((((((((((((( Files Created from 2010-04-14 to 2010-05-14 ))))))))))))))))))))))))))))))) . 2010-05-14 12:02 . 2009-12-15 15:24 293376 ----a-w- C:\gmer.exe 2010-05-14 12:01 . 2010-05-14 12:01 284915 ----a-w- C:\gmer.zip 2010-05-14 12:00 . 2010-05-14 12:00 50477 ----a-w- C:\Defogger.exe 2010-05-03 11:17 . 2010-05-03 11:17 -------- d-sh--w- c:\documents and settings\Default User\IETldCache 2010-04-30 18:55 . 2010-04-30 18:55 6153352 ----a-w- C:\mbam-setup.exe 2010-04-30 18:46 . 2010-04-30 18:46 154469 ----a-w- C:\tdsskiller.zip 2010-04-29 12:33 . 2006-10-26 23:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll 2010-04-29 12:33 . 2008-11-10 15:41 32656 ----a-w- c:\windows\system32\msonpmon.dll 2010-04-29 12:30 . 2010-04-29 12:47 -------- d-----w- c:\program files\Microsoft Works 2010-04-29 12:22 . 2010-04-29 12:22 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2010-04-29 12:21 . 2010-04-29 12:21 -------- d-----w- c:\documents and settings\Faye\Local Settings\Application Data\Microsoft Help 2010-04-29 12:20 . 2010-05-12 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-29 12:16 . 2010-04-29 12:16 -------- d-----r- C:\MSOCache 2010-04-27 11:39 . 2010-04-27 11:39 161744 ----a-w- c:\windows\system32\ff1ec1424f28f44cb92d1b718edca7d0.exe 2010-04-27 11:31 . 2010-04-27 11:31 74240 ------w- c:\windows\system32\ccaf.sys 2010-04-22 20:24 . 2010-04-22 20:24 56422 ----a-w- c:\windows\old_sans_black.zip 2010-04-22 20:21 . 2010-04-22 20:21 6215 ----a-w- c:\windows\telegrafico.zip 2010-04-22 20:20 . 2010-04-22 20:20 69679 ----a-w- c:\windows\alte_haas_grotesk.zip 2010-04-22 20:13 . 2010-04-22 20:12 7986 ----a-w- c:\windows\criticized.zip . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-12 12:46 . 2004-10-05 16:27 -------- d-----w- c:\documents and settings\Faye\Application Data\AdobeUM 2010-04-29 20:18 . 2009-12-09 12:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-29 16:19 . 2009-12-09 12:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 16:19 . 2009-12-09 12:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-29 13:21 . 2004-03-23 16:52 129832 ----a-w- c:\documents and settings\Faye\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-29 12:29 . 2007-12-07 15:42 -------- d-----w- c:\program files\MSBuild 2010-04-29 12:29 . 2010-03-31 20:16 -------- d-----w- c:\program files\Microsoft Access Runtime 2010-04-05 18:14 . 2010-04-05 18:14 666112 ----a-w- c:\documents and settings\Faye\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv306hw-1003220-0-main.dll 2010-03-31 20:18 . 2010-03-31 20:18 -------- d-----w- c:\program files\CorsiGroup 2010-03-31 20:16 . 2010-03-31 20:16 -------- d-----w- c:\program files\Microsoft.NET 2010-03-25 15:38 . 2010-03-25 15:38 165392 ----a-w- c:\windows\system32\14366f690449998a499e814121a8d44a.exe 2010-03-16 18:19 . 2007-08-16 15:33 -------- d-----w- c:\documents and settings\Faye\Application Data\ntr 2010-03-12 13:00 . 2010-03-12 13:00 165392 ----a-w- c:\windows\system32\9a3a306f2179a74689babda85a12ef4f.exe 2010-03-10 14:08 . 2010-03-10 14:08 165392 ----a-w- c:\windows\system32\b6435d421eabeec0b273b78e03efd587.exe 2010-03-10 06:15 . 2002-08-29 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:24 . 2004-12-07 21:37 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2002-08-29 11:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-17 13:10 . 1980-01-01 06:00 2189952 ------w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 1980-01-01 06:00 2066816 ------w- c:\windows\system32\ntkrnlpa.exe 2008-10-24 14:07 . 2006-09-07 13:56 6144 --sha-w- c:\program files\Thumbs.db 2007-09-11 11:54 . 2007-09-07 16:34 246 ----a-w- c:\program files\Common Files\qukaf 2005-12-27 13:44 . 2005-12-27 13:44 2770856 ----a-w- c:\program files\setupex.exe 2005-12-27 13:42 . 2005-12-27 13:42 131683 ----a-w- c:\program files\wwe_sd_vs_raw_06_d.max 2005-12-16 16:37 . 2005-12-16 16:37 39936 ----a-w- c:\program files\Dec[1]._05.xls 2005-12-14 19:28 . 2005-12-14 19:28 8965894 ----a-w- c:\program files\Roddy TD_0001.wmv 2005-12-06 13:18 . 2005-12-06 13:12 22796394 ----a-w- c:\program files\x-men_3-pre_teaser_h-1[1].640.wmv 2005-12-02 18:58 . 2005-12-02 18:58 419829 ----a-w- c:\program files\ciri_miri_cica.pdf 2005-11-28 15:42 . 2005-11-28 15:42 429166 ----a-w- c:\program files\Cetir'_Konja_Debela.pdf 2005-11-18 18:08 . 2005-11-18 18:08 1323791 ----a-w- c:\program files\awesomo.zip 2005-01-13 15:34 . 2005-01-13 15:34 2855552 ----a-w- c:\program files\PPView97.exe 2004-12-22 15:21 . 2004-12-22 15:21 1799680 ----a-w- c:\program files\Builder Distributor 1-3-2005.xls 2004-09-08 15:51 . 2004-09-08 15:48 16706160 ----a-w- c:\program files\AdbeRdr60_enu_full.exe 2004-09-08 15:21 . 2004-09-08 15:21 4342088 ----a-w- c:\program files\Acro-Reader_6.0.2_Update.exe 2004-05-13 21:38 . 2004-09-25 16:46 19584 ----a-w- c:\program files\location.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 68856] "Google Update"="c:\documents and settings\Faye\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-22 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-09-25 26112] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-06-18 40960] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-01 524632] "GrooveMonitor"="c:\program files\Microsoft Access Runtime\Office12\GrooveMonitor.exe" [2008-10-25 31072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 68856] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk.disabled [2006-1-17 1918] Digital Line Detect.lnk.disabled [2004-3-19 493] Wireless-B USB Network Adapter Utility.lnk - c:\program files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe [2007-12-10 4807680] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^20-20 Shortcut Bar.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\20-20 Shortcut Bar.lnk backup=c:\windows\pss\20-20 Shortcut Bar.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^20-20 Shortcut Bar.lnk.disabled] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\20-20 Shortcut Bar.lnk.disabled backup=c:\windows\pss\20-20 Shortcut Bar.lnk.disabledCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] 2003-11-10 18:30 70816 ----a-w- c:\program files\Common Files\Symantec Shared\CCAPP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2008-02-19 17:10 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2009-11-10 20:39 5244216 ------w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] 2004-06-18 12:55 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-02-01 03:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe] 2003-11-21 22:04 70840 ----a-w- c:\program files\Norton Internet Security\UrlLstCk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gusvc"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "DwlClient"=c:\program files\Common Files\Dell\EUSW\Support.exe "nwiz"=nwiz.exe /installquiet "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\2020V64\\Mswin\\60\\design.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\Faye\\My Documents\\My Received Files\\utorrent.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Faye\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\guard.exe"= "c:\\WINDOWS\\SYSTEM32\\WBEM\\UNSECAPP.EXE"= "c:\\Program Files\\Microsoft Access Runtime\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Access Runtime\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Access Runtime\\Office12\\ONENOTE.EXE"= R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [12/7/2009 2:07 PM 64160] R1 ATMhelpr;ATMhelpr;c:\windows\SYSTEM32\DRIVERS\ATMHELPR.SYS [2/2/2005 1:28 PM 4064] R1 ccaf;ccaf;c:\windows\SYSTEM32\ccaf.sys [4/27/2010 7:31 AM 74240] R3 KMUSBSC2;KM USB Scan Svc2;c:\windows\SYSTEM32\DRIVERS\KMUSBSC2.sys [4/11/2008 1:32 PM 25344] R3 KMUSBSCN;KM USB Scan Svc;c:\windows\SYSTEM32\DRIVERS\KMUSBSCN.sys [4/11/2008 1:32 PM 31232] R3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\SYSTEM32\DRIVERS\netusbxp.sys [12/10/2007 10:21 AM 72576] S3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver;c:\windows\SYSTEM32\DRIVERS\netusb.sys [2/20/2002 3:30 AM 70016] . Contents of the 'Scheduled Tasks' folder 2010-05-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 18:07] 2009-06-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57] 2010-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3078815001-3800091182-1463798947-1007Core.job - c:\documents and settings\Faye\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-22 13:09] 2010-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3078815001-3800091182-1463798947-1007UA.job - c:\documents and settings\Faye\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-22 13:09] 2010-05-01 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2003-11-21 22:04] 2009-12-04 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2007-07-09 05:04] 2010-05-14 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-03-19 00:38] 2010-05-14 c:\windows\Tasks\User_Feed_Synchronization-{AF465BD9-9E2C-450E-A03C-C8F546D08F68}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.sirius.com/sirius/servlet/MediaPlayer?stream=& uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: &AOL Toolbar search IE: E&xport to Microsoft Excel - c:\progra~1\MI9E8D~1\Office12\EXCEL.EXE/3000 Trusted Zone: sirius.com\www . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-14 12:33 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\_42e8d4de83465bdcac03b4c06a4e0083.sys_.vir 39936 bytes executable c:\windows\system32\42e8d4de83465bdcac03b4c06a4e0083.sys 39936 bytes executable scan completed successfully hidden files: 2 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\42e8d4de83465bdcac03b4c06a4e0083] "ImagePath"="system32\42e8d4de83465bdcac03b4c06a4e0083.sys" . Completion time: 2010-05-14 12:47:29 ComboFix-quarantined-files.txt 2010-05-14 16:47 ComboFix2.txt 2010-04-28 14:12 ComboFix3.txt 2009-12-07 22:09 ComboFix4.txt 2007-11-13 20:32 Pre-Run: 37,393,293,312 bytes free Post-Run: 37,408,694,272 bytes free - - End Of File - - 79B836E78547740433EA451BF32817C9 ________________________________________________________________________________ __________________ Thanks cfixlog51410.txt
  3. Hi Kenny, I did what you said. The DeFrogger worked. I did the GMER Rootkit Scan, and after about 2 hours my PC 'blue screened'. I don't want to try and run it again, as it may be fruitless, but you tell me. Thanks again.
  4. Hello, The internet, both IE and Google Chrome, are redirecting me to search results from 'searchunlim.net'. If I hit the 'back' button and re-try the link, it will then work. I have attached my HJT log. Thanks in advance, Jeremy hijackthis51310.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.