Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » Black email

[Fixed] Hijackthis! Logs - Black email posted in the Security & Safety forums; I cant see any problem in the log it all looks fine.I will just look and see if there is any infection within your files..... Download Combofix from any of ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 4 of 4 < 1 2 3 4
  #22  
Old 02-01-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,088
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Black email
I cant see any problem in the log it all looks fine.I will just look and see if there is any infection within your files.....


Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: A guide and tutorial on using ComboFix
Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Caution...Never run and remove files using ComboFix without being supervised by a security analyst.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #23  
Old 02-02-2008
lilmissminicooper's Avatar
Bronze Member
  
Join Date: Mar 2007
Posts: 37
lilmissminicooper - See this Members User comments on their Profile page
Default Re: Black email
Hi thank you again for your help. Seems like we are getting some kind of normality back to my pc. . I have run the programs as requested but I cannot download the HiJackThis program for some strange reason. It wont let me click on ok as it is shaded out. I am probably doing summat wrong as I am a Very Novice Novice when it comes to computers!! Plus my sound seems to have disappeared too. I aint that bothered as at least I will get some peace from the kids so called "music" Lol Firefox still running great. xx
Attached Files
File Type: txt ComboFix.txt (19.8 KB, 2 views)


  #24  
Old 02-02-2008
lilmissminicooper's Avatar
Bronze Member
  
Join Date: Mar 2007
Posts: 37
lilmissminicooper - See this Members User comments on their Profile page
Default Re: Black email
Hi here is my HiJack this log for today. Its amazing what the presence of a baseball bat can do!!. Thanks for all your ongoing support xxx
Attached Files
File Type: zip HiJackThis02-02.zip (10.6 KB, 1 views)


  #25  
Old 02-02-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,088
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Black email
Can you please copy and paste your logs rather that zipping or attatching them please.


Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:

Killall::

File::
C:\sqmdata19.sqm
C:\sqmnoopt19.sqm
C:\sqmdata18.sqm
C:\sqmnoopt18.sqm
C:\sqmdata17.sqm
C:\sqmnoopt17.sqm
C:\sqmdata16.sqm
C:\sqmnoopt16.sqm
C:\sqmdata15.sqm
C:\sqmnoopt15.sqm
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #26  
Old 02-03-2008
lilmissminicooper's Avatar
Bronze Member
  
Join Date: Mar 2007
Posts: 37
lilmissminicooper - See this Members User comments on their Profile page
Default Re: Black email
Sorry will do. Thanks again for your help. Will get on to that asap. Take care xx
  #27  
Old 02-04-2008
lilmissminicooper's Avatar
Bronze Member
  
Join Date: Mar 2007
Posts: 37
lilmissminicooper - See this Members User comments on their Profile page
Default Re: Black email
Done as you asked. Enclosed new logs for you. Sounds still not working though. Thanx again 4 ur help as always xxx

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:20:53, on 04/02/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Kids PC Time Administrator\utcontr.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Mum\Desktop\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = News, Sport, Music, Movies, Money, Cars, Shopping and more from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = News, Sport, Music, Movies, Money, Cars, Shopping and more from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = News, Sport, Music, Movies, Money, Cars, Shopping and more from MSN UK
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = Internet Explorer: Get It Now
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [1utcontr.exe] C:\Program Files\Kids PC Time Administrator\utcontr.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STManager] C:/Program Files/SpeedTouch/Dr SpeedTouch/drst.exe -b
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1193173146859
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 0: (no name) - http://images-partners-tbn.google.co...lonso_0528.jpg
O24 - Desktop Component 1: (no name) - http://images-partners-tbn.google.co...main_30_13.jpg

--
End of file - 10056 bytes

ComboFix 08-02.02.5 - Mum 2008-02-04 19:08:39.2 - NTFSx86

Running from: C:\Documents and Settings\Mum\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mum\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm

.
((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 )))))))))))))))))))))))))))))))
.

2008-02-03 14:37 . 2008-02-03 14:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-02-03 14:37 . 2008-02-03 14:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-03 14:37 . 2008-02-03 14:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-01 23:22 . 2008-02-01 23:22 1,167 --a------ C:\WINDOWS\mozver.dat
2008-02-01 19:46 . 2007-11-27 22:56 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-02-01 19:46 . 2007-11-27 22:56 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-02-01 19:45 . 2007-07-06 15:09 70,928 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2008-01-31 21:41 . 2008-01-31 21:41 <DIR> d-------- C:\Documents and Settings\Mum\Application Data\Corel
2008-01-31 18:41 . 2008-01-31 18:41 <DIR> d-------- C:\Documents and Settings\Mum\Application Data\Thunderbird
2008-01-31 18:41 . 2008-01-31 18:41 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-31 18:40 . 2008-02-01 15:55 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-01-30 20:32 . 2008-01-30 20:32 <DIR> d-------- C:\Program Files\CCleaner
2008-01-30 20:22 . 2008-01-30 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-30 18:54 . 2006-09-05 16:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-30 17:34 . 2008-02-03 21:49 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-30 17:34 . 2008-01-30 17:34 <DIR> d-------- C:\Documents and Settings\Mum\Application Data\SUPERAntiSpyware.com
2008-01-30 17:34 . 2008-01-30 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-30 17:33 . 2008-01-30 17:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-30 17:06 . 2007-11-30 17:31 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-01-30 17:06 . 2007-11-30 17:31 10,624 --a--c--- C:\WINDOWS\system32\dllcache\gameenum.sys
2008-01-29 17:29 . 2008-01-29 17:29 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-27 19:18 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-01-27 19:18 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-01-27 17:50 . 2008-01-27 17:54 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-01-27 17:44 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002810_.tmp
2008-01-27 17:39 . 2008-01-27 17:39 <DIR> d-------- C:\WINDOWS\EHome
2008-01-26 09:41 . 2008-01-26 09:41 <DIR> d-------- C:\Documents and Settings\Ashley\Application Data\Teleca
2008-01-26 09:40 . 2008-01-26 09:40 <DIR> d-------- C:\Documents and Settings\Ashley\Application Data\Sony Ericsson
2008-01-24 18:55 . 2008-01-24 19:07 <DIR> d-------- C:\Documents and Settings\Elliah\Application Data\Corel
2008-01-24 18:53 . 2008-01-24 18:53 <DIR> d-------- C:\Documents and Settings\Elliah\Application Data\Teleca
2008-01-24 18:52 . 2008-01-24 18:52 <DIR> d-------- C:\Documents and Settings\Elliah\Application Data\Sony Ericsson
2008-01-24 13:51 . 2008-01-24 13:51 <DIR> d-------- C:\Program Files\Disc2Phone
2008-01-24 13:46 . 2008-01-24 13:46 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-01-24 13:36 . 2008-01-24 13:36 <DIR> d-------- C:\Program Files\Avanquest update
2008-01-24 13:34 . 2008-01-24 13:34 <DIR> d-------- C:\Documents and Settings\Mum\Application Data\InstallShield
2008-01-24 13:28 . 2006-09-05 19:57 18,704 -ra------ C:\WINDOWS\system32\drivers\se58nd5.sys
2008-01-24 13:25 . 2008-01-24 13:58 <DIR> d-------- C:\Documents and Settings\Mum\Application Data\Teleca
2008-01-24 13:24 . 2008-01-24 13:24 <DIR> d-------- C:\Documents and Settings\Mum\Application Data\Sony Ericsson
2008-01-24 13:17 . 2008-01-24 13:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-01-24 13:16 . 2008-01-24 13:35 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-01-24 13:16 . 2008-01-24 13:17 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-01-24 13:16 . 2008-01-24 13:17 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-01-24 13:16 . 2008-01-24 13:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-01-23 21:35 . 2008-01-28 21:40 88 -r-hs---- C:\WINDOWS\system32\EFEC39EE23.sys
2008-01-22 18:37 . 2008-01-22 18:37 <DIR> d-------- C:\Documents and Settings\Mum\Saved Games
2008-01-22 18:25 . 2008-01-22 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CaveDays
2008-01-22 18:01 . 2008-01-22 18:01 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-01-22 16:29 . 2008-01-27 17:54 <DIR> d-------- C:\WINDOWS\system32\bits
2008-01-22 16:29 . 2007-12-01 00:25 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-01-22 16:12 . 2008-02-04 16:41 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-01-21 07:21 . 2008-01-22 19:32 <DIR> d-------- C:\Program Files\Alawar
2008-01-20 19:18 . 2008-02-03 15:03 2,828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-20 19:18 . 2008-02-03 14:36 88 -r-hs---- C:\WINDOWS\system32\DEA33AD776.sys
2008-01-16 21:46 . 2008-01-16 21:46 <DIR> d-------- C:\Program Files\Telltale Games
2008-01-15 22:45 . 2008-01-15 22:45 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-14 20:35 . 2008-01-14 20:35 <DIR> d-------- C:\Program Files\Corel
2008-01-14 20:35 . 2008-01-14 20:36 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-01-10 16:57 . 2008-01-10 17:13 <DIR> d-------- C:\Program Files\Kids PC Time Administrator
2008-01-10 16:57 . 2002-05-16 15:16 39,456 --a------ C:\WINDOWS\system32\drivers\AFPAnsi.sys
2008-01-10 16:57 . 2002-05-16 15:17 21,411 --a------ C:\WINDOWS\system32\AFPAnsi.vxd
2008-01-10 08:02 . 2008-01-10 08:04 <DIR> d-------- C:\92e2b9db6764384ad0338d
2008-01-07 14:38 . 2007-11-30 17:32 37,888 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2008-01-07 11:21 . 2008-01-19 13:44 1,322 --a------ C:\WINDOWS\cdplayer.ini
2008-01-07 10:43 . 2007-12-01 00:26 151,552 --a------ C:\WINDOWS\system32\irftp.exe
2008-01-07 10:43 . 2007-11-30 17:42 101,120 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2008-01-07 10:43 . 2007-11-30 17:32 59,136 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2008-01-07 10:43 . 2007-12-01 00:25 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2008-01-07 10:43 . 2007-11-30 17:32 17,024 --a------ C:\WINDOWS\system32\drivers\bthenum.sys
2008-01-07 10:43 . 2007-12-01 00:26 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-01-07 10:42 . 2007-11-30 17:32 273,024 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-01-07 10:42 . 2007-11-30 17:32 18,944 --a------ C:\WINDOWS\system32\drivers\bthusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-04 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-03 09:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-02 17:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-02-02 13:33 --------- d-----w C:\Program Files\Zylom Games
2008-02-02 12:32 --------- d-----w C:\Documents and Settings\Mum\Application Data\Zylom
2008-02-02 12:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-01-31 12:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-31 12:47 --------- d-----w C:\Program Files\Windows Live
2008-01-31 09:25 --------- d-----w C:\Program Files\Norton Security Scan
2008-01-29 17:26 --------- d-----w C:\Program Files\MSN Messenger
2008-01-29 17:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-27 16:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-24 13:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-24 13:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-01-24 12:56 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-22 17:47 --------- d-----w C:\Program Files\Oberon Media
2008-01-22 16:11 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-01-22 14:19 --------- d-----w C:\Program Files\McCain Desktop Decorations
2008-01-05 12:53 --------- d-----w C:\Program Files\TuxPaint
2008-01-03 22:14 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-31 21:13 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-12-31 21:13 --------- d-----w C:\Program Files\Real
2007-12-31 21:13 --------- d-----w C:\Program Files\Common Files\Real
2007-12-31 20:48 --------- d-----w C:\Program Files\Common Files\xing shared
2007-12-27 22:24 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-27 20:18 --------- d-----w C:\Documents and Settings\Mum\Application Data\PlayFirst
2007-12-27 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Christmasville
2007-12-27 15:58 --------- d-----w C:\Program Files\ieSpell
2007-12-27 13:41 --------- d-----w C:\Program Files\PhotoFiltre
2007-12-26 16:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-12-24 09:55 --------- d-----w C:\Documents and Settings\Ashley\Application Data\TuxPaint
2007-12-21 23:38 --------- d-----w C:\Program Files\Picasa2
2007-12-21 23:25 --------- d-----w C:\Program Files\Google
2007-12-17 20:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-06 21:03 --------- d-----w C:\Documents and Settings\Mum\Application Data\ForgottenRiddles
2007-12-01 00:26 769,024 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
2007-12-01 00:26 69,120 ----a-w C:\WINDOWS\notepad.exe
2007-12-01 00:26 50,688 ----a-w C:\WINDOWS\twain_32.dll
2007-12-01 00:26 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2007-12-01 00:26 32,866 ------w C:\WINDOWS\slrundll.exe
2007-12-01 00:26 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2007-12-01 00:26 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2007-12-01 00:26 146,432 ----a-w C:\WINDOWS\regedit.exe
2007-12-01 00:26 10,752 ----a-w C:\WINDOWS\hh.exe
2007-12-01 00:26 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2007-12-01 00:25 450,048 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2007-12-01 00:25 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2007-12-01 00:25 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2007-12-01 00:25 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2007-12-01 00:25 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2007-12-01 00:25 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2007-12-01 00:25 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))) ))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-01 00:26 15360]
"STManager"="C:/Program Files/SpeedTouch/Dr SpeedTouch/drst.exe" [2003-10-16 12:25 118784 C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [2005-11-15 19:44 1200128]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 05:22 57344]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38 866816]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-31 20:47 185896]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2007-12-01 00:27 110592 C:\WINDOWS\system32\bthprops.cpl]
"1utcontr.exe"="C:\Program Files\Kids PC Time Administrator\utcontr.exe" [2007-03-16 16:10 768000]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-01-22 19:43 67112]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 01:07 593920]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-30 20:15 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-12-01 00:26 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-02-26 01:01 437160]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [12/21/2007 11:22:21 PM 124400]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 AFPAnsi;Alfa File Protector Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys [2002-05-16 15:16]
S3 se58bus;Sony Ericsson Device 088 driver (WDM);C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 19:58]
S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 19:59]
S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 19:59]
S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se58mgmt.sys [2006-09-05 20:00]
S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS);C:\WINDOWS\system32\DRIVERS\se58nd5.sys [2006-09-05 19:57]
S3 se58obex;Sony Ericsson Device 088 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se58obex.sys [2006-09-05 20:00]
S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM);C:\WINDOWS\system32\DRIVERS\se58unic.sys [2006-09-05 19:57]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 15:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 19:14:25
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\taskmgr.exe 135680 bytes executable
C:\WINDOWS\system32\timedate.cpl 94208 bytes executable

scan completed successfully
hidden files: 2

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3264]
-> C:\Program Files\Kids PC Time Administrator\utccwin.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
************************************************** ************************
.
Completion time: 2008-02-04 19:18:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-04 19:18:46
.
2008-01-30 11:26:42 --- E O F ---
  #28  
Old 02-04-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,088
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Black email
We need to download the installation package from Microsoft so that it can be used to install the Recovery Console on your computer.The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. No validation required! Please select the download link below that's appropriate for your Operating System then download and save the setup package to your desktop. If necessary, change the language version to match your installation. Do NOT change the name of the downloaded file!

Microsoft Windows XP Home Edition
Service Pack 1
Download details: Windows XP Home Edition with Service Pack 1 Utility: Setup Disks for Floppy Boot Install
Service Pack 2
Download details: Windows XP Home Edition with Service Pack 2 Utility: Setup Disks for Floppy Boot Install
Microsoft Windows XP Professional
Without Service Packs
Download details: Windows XP Professional Utility: Setup Disks for Floppy Boot Install
Service Pack 1
Download details: Windows XP Professional with Service Pack 1 Utility: Setup Disks for Floppy Boot Install
Service Pack 2
Download details: Windows XP Professional with Service Pack 2 Utility: Setup Disks for Floppy Boot Install

Download the file & save it as it's originally named, next to the ComboFix.exe.

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it.


Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.


__________________
  • An Australian Member of
  • and
My real name is Eddy

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 4 of 4 < 1 2 3 4

Bookmarks