Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [Fixed] XP pro problems- started with no icons - will not install progs etc

[Fixed] Hijackthis! Logs - [Fixed] XP pro problems- started with no icons - will not install progs etc posted in the Security & Safety forums; Let me apologise for the spelling.. Having a small eye problem at the moment but I will try and slow down a little....

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 3 of 5 < 1 2 3 4 5 >
  #13  
Old 06-04-2008
ozrock's Avatar
Bronze Member
  
Join Date: Jun 2008
Location: Sydney
Posts: 15
PC Experience: web designer - entertainment industry
ozrock - See this Members User comments on their Profile page
Default Re: XP pro problems- started with no icons - will not install progs etc
Let me apologise for the spelling.. Having a small eye problem at the moment but I will try and slow down a little.
  #14  
Old 06-04-2008
madmatt2006's Avatar
PC Dinosaur
  
Join Date: Dec 2006
Location: Shepparton
Posts: 2,591
PC Experience: Elite PC Guru
madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page
Default Re: XP pro problems- started with no icons - will not install progs etc
You can download the .Net here Download details: .NET Framework 3.5 I'd backup any important data on this drive first ST380021 A SCSI Disk Device (80.02 GB) -- drive 0 before doing anything if the data is important and test that drive first I have a feeling it will be faulty


Last edited by madmatt2006; 06-04-2008 at 07:00 AM.
  #15  
Old 06-04-2008
ozrock's Avatar
Bronze Member
  
Join Date: Jun 2008
Location: Sydney
Posts: 15
PC Experience: web designer - entertainment industry
ozrock - See this Members User comments on their Profile page
Default Re: XP pro problems- started with no icons - will not install progs etc
Well this is where I am now!!

I decided to find out which of the drives was actually not working and closed everything down and shut down.

I removed the one I thought it was, one on the controller card (scsi I guess) and it is an IBM Deskstar 41GB from Nov 2002. (Every IBM I have even had has at some time fallen over with me).

Anyway I rebooted and it went through a MS scan with all, okay and then there everything was.. icons, virus and other things being set up and installed and now everything works. I am astonished that this would cause the whole thing to act like a virus, however I guess unstability is caused by many things.

I have done a few things that I couldn't do before so it looks like it is all under control.

What say you about it?

At the moment I feel like this..

oz

Should I do another Hijack or dss etc.?
  #16  
Old 06-05-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 2,953
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: XP pro problems- started with no icons - will not install progs etc
You have a nice collection of malware to remove.....


Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer and also those in the registry.
Please visit this webpage for download links, and instructions for running ComboFix
When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
=======================================
Please download SDFix from here and save it to your desktop
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #17  
Old 06-05-2008
ozrock's Avatar
Bronze Member
  
Join Date: Jun 2008
Location: Sydney
Posts: 15
PC Experience: web designer - entertainment industry
ozrock - See this Members User comments on their Profile page
Default Re: XP pro problems- started with no icons - will not install progs etc
Thanks Pancake.. I have downlaoded the files and about to start the combofix now..

Hopefully I'll be back soon!!
  #18  
Old 06-05-2008
ozrock's Avatar
Bronze Member
  
Join Date: Jun 2008
Location: Sydney
Posts: 15
PC Experience: web designer - entertainment industry
ozrock - See this Members User comments on their Profile page
Default Re: XP pro problems- started with no icons - will not install progs etc
Here we go Pancake.. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:19 AM, on 5/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\MMTray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [4c4fa717] rundll32.exe "C:\WINDOWS\system32\wrcttyka.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Web Page to askSam... - C:\Program Files\askSam\askSam6\ASAdd.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: asksam6 - {72A9B8AD-6895-422C-A3F7-F2A7A88B88DA} - C:\Program Files\askSam\askSam6\AS6_AIPP.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 5063 bytes


ComboFix 08-06-04.1 - Administrator 2008-06-05 10:13:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1668 [GMT 10:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM4f7c948b.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\akyttcrw.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\chfibdre.dll
C:\WINDOWS\system32\fccdcYPf.dll
C:\WINDOWS\system32\fPYcdccf.ini
C:\WINDOWS\system32\fPYcdccf.ini2
C:\WINDOWS\system32\ileuqqaj.dll
C:\WINDOWS\system32\jaqqueli.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oqdvbgxu.ini
C:\WINDOWS\system32\oudeeuqn.ini
C:\WINDOWS\system32\srmaykog.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.

2008-06-05 10:17 . 2008-06-05 10:17 <DIR> d--hs---- C:\WINDOWS\system32\dllcache
2008-06-05 09:47 . 2008-06-05 09:47 162,800 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-06-04 21:36 . 2008-06-04 21:36 116,736 --a------ C:\WINDOWS\system32\wrcttyka.dll
2008-06-04 14:38 . 2008-06-04 14:38 <DIR> d-------- C:\Program Files\Belarc
2008-06-04 14:38 . 2008-02-27 13:49 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-06-04 12:48 . 2008-06-04 12:48 <DIR> d-------- C:\Deckard
2008-06-04 12:47 . 2008-06-04 12:47 13 --a------ C:\WINDOWS\system32\WinUser32.crc
2008-06-04 12:09 . 2008-06-04 12:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-04 12:09 . 2008-06-04 12:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-04 12:08 . 2008-06-04 15:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 10:46 . 2008-06-04 10:45 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-06-04 10:46 . 2008-06-04 10:45 270,336 --a------ C:\WINDOWS\system32\imon.dll
2008-06-04 10:45 . 2008-06-04 12:27 <DIR> d-------- C:\Program Files\ESET
2008-06-04 09:17 . 2008-06-04 13:25 1,648 --a------ C:\WINDOWS\mozver.dat
2008-06-03 22:45 . 2008-06-03 22:50 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-03 22:45 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-06-03 21:30 . 2008-06-03 21:30 51,200 --a------ C:\WINDOWS\system32\matnjmxi.dll
2008-06-03 21:23 . 2008-06-03 21:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-02 21:46 . 2008-06-02 21:46 51,200 --a------ C:\WINDOWS\system32\eoeghbrs.dll
2008-06-02 21:46 . 2008-06-02 21:46 51,200 --a------ C:\WINDOWS\system32\acchspkk.dll
2008-06-02 21:46 . 2008-06-02 21:46 51,200 --a------ C:\WINDOWS\system32\__c0012448.dat
2008-06-02 21:43 . 2008-06-02 21:43 51,200 --a------ C:\WINDOWS\system32\pxhreewj.dll
2008-06-02 21:37 . 2008-06-02 21:37 51,200 --a------ C:\WINDOWS\system32\xmshjops.dll
2008-06-02 21:34 . 2008-06-02 21:34 51,200 --a------ C:\WINDOWS\system32\gebygprg.dll
2008-06-02 18:04 . 2008-06-02 18:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2008-06-02 17:59 . 2008-06-02 17:59 <DIR> d-------- C:\Program Files\Corel
2008-06-02 17:59 . 2008-06-02 18:01 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-06-02 17:59 . 2008-06-02 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-02 16:16 . 2008-06-02 16:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GlobalSCAPE
2008-06-02 15:50 . 2008-06-02 15:50 <DIR> d-------- C:\Program Files\GlobalSCAPE
2008-06-02 15:45 . 2008-06-02 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-02 15:25 . 2008-06-02 15:29 <DIR> d-------- C:\Program Files\BitTorrent
2008-06-02 15:25 . 2008-06-02 15:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-06-02 10:41 . 2008-06-02 10:41 <DIR> d-------- C:\6200ps2k
2008-06-02 10:21 . 2008-06-02 10:21 <DIR> d-------- C:\WINDOWS\Sun
2008-06-02 10:20 . 2008-06-02 10:20 <DIR> d-------- C:\Program Files\Java
2008-06-02 10:20 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-02 10:19 . 2008-06-02 10:19 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-02 07:47 . 2008-06-02 07:47 <DIR> d-------- C:\Documents and Settings\Webmaster
2008-06-01 21:30 . 2008-06-01 21:30 51,200 --a------ C:\WINDOWS\system32\ukjliyse.dll
2008-06-01 21:30 . 2008-06-01 21:30 51,200 --a------ C:\WINDOWS\system32\__c0022964.dat
2008-06-01 20:00 . 2008-06-05 10:12 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-01 19:56 . 2008-06-01 19:56 <DIR> d-------- C:\5pc17ed6.default
2008-06-01 17:38 . 2008-06-02 19:39 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-01 17:12 . 2008-06-01 17:12 <DIR> d-------- C:\Thunderbird Signatures
2008-06-01 15:41 . 2008-06-01 15:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Thunderbird
2008-06-01 11:45 . 2008-06-01 11:45 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-01 10:05 . 2008-06-03 09:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-01 09:50 . 2008-06-04 16:57 578 --a------ C:\WINDOWS\M3JPEG.INI
2008-06-01 09:44 . 2008-06-01 09:44 <DIR> d-------- C:\Program Files\Active WebCam
2008-06-01 09:44 . 2008-06-01 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PY_Software
2008-06-01 09:40 . 2008-06-01 09:40 <DIR> d-------- C:\Program Files\Morgan
2008-06-01 09:40 . 2002-01-16 23:45 224,256 --a------ C:\WINDOWS\system32\MMIJG32.dll
2008-06-01 09:40 . 2002-02-13 05:09 62,976 --a------ C:\WINDOWS\system32\M3JPEGdec.ax
2008-06-01 09:40 . 2001-11-09 10:19 53,248 --a------ C:\WINDOWS\system32\MMTray.exe
2008-06-01 09:40 . 2001-11-15 01:18 51,200 --a------ C:\WINDOWS\system32\M3JPEGenc.ax
2008-06-01 09:30 . 2008-06-01 09:30 <DIR> d-------- C:\Program Files\PowerISO
2008-06-01 09:22 . 2008-06-01 09:22 <DIR> d-------- C:\Program Files\Common Files\Acronis
2008-06-01 09:22 . 2008-06-01 09:22 <DIR> d-------- C:\Program Files\Acronis
2008-06-01 09:22 . 2008-06-01 09:22 114,048 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2008-06-01 09:14 . 2008-06-01 09:14 <DIR> d-------- C:\Program Files\SourceTec
2008-06-01 09:14 . 2008-06-01 09:14 <DIR> d-------- C:\Program Files\Common Files\SourceTec
2008-06-01 09:08 . 2008-06-01 09:08 <DIR> d-------- C:\Program Files\Audio Maker Pro
2008-06-01 09:04 . 2000-08-22 15:09 532,480 --a------ C:\WINDOWS\system32\imagx5.dll
2008-06-01 09:04 . 2000-08-14 12:38 503,808 --a------ C:\WINDOWS\system32\imagr5.dll
2008-06-01 09:04 . 2000-08-29 13:08 275,312 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-06-01 09:04 . 2000-10-11 11:49 201,568 --a------ C:\WINDOWS\system32\CapPRO.dll
2008-06-01 09:04 . 2000-08-09 16:30 66,509 --a------ C:\WINDOWS\system32\Picn1220.ssm
2008-06-01 09:04 . 2000-08-09 16:10 37,553 --a------ C:\WINDOWS\system32\Picn1520.ssm
2008-06-01 09:04 . 2000-08-11 10:35 35,328 --a------ C:\WINDOWS\system32\picn20.dll
2008-06-01 09:03 . 1999-02-08 10:16 340,480 --a------ C:\WINDOWS\system32\ActBar.ocx
2008-06-01 09:01 . 2008-06-01 09:01 <DIR> d-------- C:\Program Files\Applet Headline Factory
2008-06-01 09:01 . 1999-11-11 15:42 297,472 --a------ C:\WINDOWS\system32\OpenClass.exe
2008-06-01 08:58 . 2008-06-01 08:58 <DIR> d-------- C:\Program Files\Free Icon Studio
2008-06-01 08:58 . 2003-09-10 12:09 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-06-01 08:58 . 2003-09-10 11:59 84,480 --a------ C:\WINDOWS\system32\axcolctl.ocx
2008-06-01 08:58 . 2003-09-10 11:59 69,632 --a------ C:\WINDOWS\system32\jckPortal.ocx
2008-06-01 08:58 . 2003-09-10 11:59 53,248 --a------ C:\WINDOWS\system32\vbalIcoM6.dll
2008-06-01 08:58 . 2003-09-10 11:59 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2008-06-01 08:56 . 2008-06-01 08:56 13 --a------ C:\WINDOWS\system32\WinSys64.crc
2008-06-01 08:51 . 2008-06-01 08:52 <DIR> d-------- C:\Program Files\Applet Marquee Wizard
2008-06-01 08:51 . 1996-09-11 14:33 48,640 --a------ C:\WINDOWS\system32\INETWH32.dll
2008-06-01 08:50 . 2008-06-01 08:50 <DIR> d-------- C:\Program Files\Applet Navigation Factory 2.0
2008-06-01 08:39 . 2008-06-02 18:03 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-06-01 08:39 . 2008-06-01 08:39 <DIR> d-------- C:\Program Files\askSam
2008-06-01 08:39 . 2008-06-01 08:39 422 --a------ C:\WINDOWS\system32\MSST42.DLL
2008-06-01 08:38 . 2008-06-02 17:54 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-01 08:38 . 2008-06-02 15:50 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-06-01 05:09 . 2005-03-23 19:04 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-06-01 05:08 . 2005-03-23 19:06 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-06-01 05:08 . 2005-03-23 19:05 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-06-01 05:07 . 2005-03-23 19:06 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-06-01 05:07 . 2005-03-23 19:05 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-06-01 05:06 . 2005-03-23 19:04 42,368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2008-06-01 05:06 . 2005-03-23 19:05 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2008-06-01 05:04 . 2008-06-04 12:02 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2008-06-01 05:03 . 2008-06-05 10:18 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-06-01 05:03 . 2008-06-02 10:42 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2008-06-01 05:03 . 2004-08-04 01:57 1,086,058 -ra------ C:\WINDOWS\SET4.tmp
2008-06-01 05:03 . 2004-08-04 02:03 1,042,903 -ra------ C:\WINDOWS\SET3.tmp
2008-06-01 05:03 . 2004-08-04 01:58 13,753 -ra------ C:\WINDOWS\SET8.tmp
2008-06-01 05:02 . 2004-10-15 00:30 155,648 --a------ C:\WINDOWS\system32\drivers\e100b325.sys
2008-06-01 05:02 . 2004-11-17 01:52 126,976 --a------ C:\WINDOWS\system32\Prounstl.exe
2008-06-01 05:02 . 2002-06-01 06:35 76,976 --a------ C:\WINDOWS\system32\drivers\pnp680r.sys
2008-06-01 05:02 . 2004-11-16 17:16 36,864 --a------ C:\WINDOWS\system32\e100bmsg.dll
2008-06-01 05:02 . 2004-10-30 01:01 19,456 --a------ C:\WINDOWS\system32\IntelNic.dll
2008-06-01 05:02 . 2004-10-15 00:22 5,110 --a------ C:\WINDOWS\system32\e100b325.din
2008-06-01 05:00 . 2008-05-31 19:16 <DIR> d--h----- C:\Documents and Settings\Default User
2008-06-01 05:00 . 2008-05-31 19:15 <DIR> d-------- C:\Documents and Settings\All Users
2008-06-01 05:00 . 2008-06-02 07:47 <DIR> d-------- C:\Documents and Settings
2008-06-01 05:00 . 2008-05-31 19:17 1,194 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-05-31 21:09 . 2008-05-31 21:09 <DIR> d-------- C:\Program Files\QuickTime
2008-05-31 21:09 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-05-31 21:09 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-05-31 21:00 . 2008-05-31 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-31 20:49 . 2008-06-01 09:28 <DIR> d-------- C:\Program Files\CoffeeCup Software
2008-05-31 20:49 . 2006-01-27 01:56 938,272 --a------ C:\WINDOWS\system32\wodFtpDLX.OCX
2008-05-31 20:44 . 2008-05-31 20:44 <DIR> d-------- C:\Program Files\Bonjour
2008-05-31 20:35 . 2008-05-31 20:35 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-31 20:34 . 2008-06-04 13:26 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-31 20:32 . 2008-05-31 20:32 <DIR> d-------- C:\Program Files\JGsoft
2008-05-31 20:32 . 2008-05-31 20:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\JGsoft
2008-05-31 20:32 . 2006-06-06 02:08 67,472 --a------ C:\WINDOWS\UnDeploy.exe
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-04 22:29 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-31 09:37 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-29 01:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 01:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 01:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
.

------- Sigcheck -------

2005-01-31 18:49 577024 f893a7a2045eb34bc2ca4d5708d1026e C:\WINDOWS\system32\user32.dll

2005-02-08 18:34 657920 a8eac5330876548e9966a7d13025d196 C:\WINDOWS\system32\wininet.dll

2005-01-19 20:50 359040 a8cc16a5b3faae8c9ec04e44ea952fc0 C:\WINDOWS\system32\drivers\tcpip.sys

2005-01-19 07:12 502784 b66dbc40d428fe1293041d621d836ac8 C:\WINDOWS\system32\winlogon.exe

2005-03-23 08:17 2056832 110e7aa558e68917696f45a2e9b0b68c C:\WINDOWS\system32\ntkrnlpa.exe

2005-01-21 06:45 2179456 cd532a08f0c9929e9e582b8248019a50 C:\WINDOWS\system32\ntoskrnl.exe

2005-01-31 18:49 1032192 98d45efddd1a67f90353be8d28ed72db C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2005-03-23 09:07 1694208]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 09:01 43008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 19:53 2209224]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 10:05 200704]
"MMTray"="MMTray.exe" [2001-11-09 10:19 53248 C:\WINDOWS\system32\MMTray.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 21:08 95504]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-04 10:45 917504]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"4c4fa717"="C:\WINDOWS\system32\wrcttyka.dll" [2008-06-04 21:36 116736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Free WebSite Tools.lnk - C:\Program Files\CoffeeCup Software\CoffeeCup Free Image Slicer\ThirtyDayTimer.exe [2008-06-01 08:59:04 372224]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoInternetIcon"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=

S0 pnp680;pnp680;C:\WINDOWS\system32\drivers\pnp680.s ys [2005-03-23 08:49]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{52b5306f-2f41-11dd-9b2d-806d6172696f}]
\Shell\AutoRun\command - I:\setup.exe

.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 10:18:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\explorer.exe [1904] 0x897FE378

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
.
************************************************** ************************
.
Completion time: 2008-06-05 10:24:01 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-06-05 00:23:33

Pre-Run: 68,765,499,392 bytes free
Post-Run: 68,866,023,424 bytes free

240

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 3 of 5 < 1 2 3 4 5 >

Bookmarks

« Never Loan out a comuter!! | All Logs »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Install Vista....loose 2000 pro??? Help me! stevenfirst Windows Vista 21 02-11-2008 04:03 PM
trying to install xp pro Magnu420 Windows XP/2000 9 09-18-2007 01:48 AM
How do I correctly install XP and correct drivers/codecs? jordanvincent32 Windows XP/2000 12 05-14-2007 12:07 PM
[Fixed] OS Install problems in Barebones Systems Bandit65 Windows XP/2000 103 05-10-2007 09:55