Windows 7 Support
Become a Fan of PCHF on Facebook!
 User Reviews - Add Yours!
The PCHF Lounge
Go Back   PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs
Reload this Page Solved: Help Needed ! HJT Log and description of problem
Register for a Free Account

[Fixed] Hijackthis! Logs - Help Needed ! HJT Log and description of problem posted in the Security & Safety forums; Fresh Combofix log :- ComboFix 08-12-06.06 - Andy 2008-12-08 0:11:15.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3050 [GMT 0:00] Running from: c:\documents and settings\Andy\Desktop\ComboFix.exe Command switches used :: c:\documents and ...

Advertisement
Advertisement

Reply
Recommended Driver Scanner
Page 2 of 2 1 2
Old 12-07-2008   #8
Bronze Member
 
Join Date: Dec 2008
Posts: 7
PC Experience: Experienced
Default Re: Help Needed ! HJT Log and description of probl
Fresh Combofix log :-

ComboFix 08-12-06.06 - Andy 2008-12-08 0:11:15.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3050 [GMT 0:00]
Running from: c:\documents and settings\Andy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Andy\Desktop\CFScript.txt
* Created a new restore point
FILE ::
c:\windows\system32\gejekoyu.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\gejekoyu.dll
.
((((((((((((((((((((((((( Files Created from 2008-11-08 to 2008-12-08 )))))))))))))))))))))))))))))))
.
2008-12-07 22:44 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-07 22:43 . 2008-12-07 22:44 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-07 22:43 . 2008-12-07 22:43 <DIR> d-------- c:\documents and settings\Andy\Application Data\Malwarebytes
2008-12-07 22:43 . 2008-12-07 22:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-07 22:43 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-07 20:23 . 2008-12-07 20:23 <DIR> d-------- c:\program files\Enigma Software Group
2008-12-07 16:22 . 2008-12-07 16:25 <DIR> d-------- c:\program files\Trend Micro
2008-12-03 10:34 . 2008-12-03 10:35 <DIR> d-------- C:\CPW30
2008-11-24 17:41 . 2008-11-24 17:41 <DIR> d-------- c:\documents and settings\Andy\Application Data\Cakewalk
2008-11-24 17:41 . 2008-11-24 17:41 118,784 --a------ c:\windows\dsdxirmv.exe
2008-11-24 17:29 . 2008-11-24 17:40 <DIR> d-------- c:\program files\Cakewalk
2008-11-24 17:29 . 2008-11-24 17:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Cakewalk
2008-11-24 17:29 . 2008-11-24 17:45 <DIR> d-------- C:\Cakewalk Projects
2008-11-24 17:29 . 2006-02-24 10:00 487,424 --a------ c:\windows\system32\msvcp70.dll
2008-11-24 17:29 . 2006-11-30 15:49 368,640 --a------ c:\windows\system32\ReWire.dll
2008-11-24 17:29 . 2004-04-13 14:48 233,472 --a------ c:\windows\system32\REX Shared Library.dll
2008-11-24 16:25 . 2008-11-24 16:25 <DIR> d-------- c:\program files\MagicISO
2008-11-24 13:48 . 2008-11-24 13:48 <DIR> d-------- c:\documents and settings\Andy\Application Data\Sony
2008-11-24 13:48 . 2008-11-24 13:48 <DIR> d-------- c:\documents and settings\Andy\Application Data\Publish Providers
2008-11-24 13:44 . 2008-11-24 13:44 <DIR> d-------- c:\program files\Vstplugins
2008-11-24 13:44 . 2008-11-24 13:45 <DIR> d-------- c:\program files\Sony
2008-11-24 13:30 . 2008-11-24 13:30 <DIR> d-------- c:\program files\Sony Setup
2008-11-19 10:40 . 2008-11-19 10:40 28 --a------ c:\windows\AlbumWrap Prefs
2008-11-19 10:39 . 2008-11-19 10:43 69,632 --a------ c:\windows\system32\realbap1.dll
2008-11-19 10:39 . 2008-11-19 10:39 45,568 --a------ c:\windows\system32\realbsf1.dll
2008-11-17 19:34 . 2008-11-17 19:34 <DIR> d-------- c:\program files\Lavalys
2008-11-16 21:44 . 2008-11-16 21:52 <DIR> d-------- c:\documents and settings\Andy\Application Data\Sports Interactive
2008-11-16 21:44 . 2008-11-16 21:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive
2008-11-16 21:42 . 2008-11-16 21:42 <DIR> d-------- c:\windows\Logs
2008-11-16 21:40 . 2008-11-16 21:42 <DIR> d--h----- c:\program files\Zero G Registry
2008-11-16 21:40 . 2008-11-16 21:40 <DIR> d-------- c:\program files\Sports Interactive
2008-11-16 21:39 . 2008-11-16 21:39 <DIR> d--h----- c:\documents and settings\Andy\InstallAnywhere
2008-11-13 12:46 . 2008-11-13 12:53 <DIR> d-------- c:\program files\WinMX
2008-11-12 09:42 . 2008-09-04 17:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 09:42 . 2008-10-24 11:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-09 14:03 . 2008-11-21 09:14 <DIR> d-------- c:\documents and settings\Andy\Application Data\EPSON
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-12-08 00:12 19,120,672 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-07 22:56 258,224 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-07 22:46 --------- d-----w c:\program files\PeerGuardian2
2008-12-07 21:01 --------- d-----w c:\documents and settings\Andy\Application Data\Azureus
2008-12-07 14:40 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-07 14:40 --------- d-----w c:\program files\SpywareBlaster
2008-12-07 14:22 3,195,904 ----a-w c:\windows\Internet Logs\xDB2.tmp
2008-12-07 14:22 3,067,904 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-12-07 14:18 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-21 13:24 --------- d-----w c:\program files\Vuze
2008-11-09 14:18 --------- d-----w c:\documents and settings\Andy\Application Data\Alien Skin
2008-11-07 08:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-07 08:19 --------- d-----w c:\program files\Samsung
2008-11-05 21:30 --------- d-----w c:\documents and settings\Andy\Application Data\Windows Search
2008-11-05 21:02 --------- d-----w c:\program files\Windows Desktop Search
2008-11-05 21:02 --------- d-----w c:\documents and settings\Andy\Application Data\Windows Desktop Search
2008-11-05 19:19 --------- d-----w c:\documents and settings\All Users\Application Data\UDL
2008-11-05 19:16 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-05 19:13 --------- d-----w c:\program files\EPSON
2008-11-05 19:13 --------- d-----w c:\documents and settings\Andy\Application Data\InstallShield
2008-11-05 19:01 --------- d-----w c:\documents and settings\All Users\Application Data\EPSON
2008-11-05 18:39 --------- d-----w c:\documents and settings\ITC\Application Data\Ipswitch
2008-11-05 18:38 --------- d-----w c:\documents and settings\ITC\Application Data\MailFrontier
2008-11-02 13:25 --------- d-----w c:\documents and settings\Andy\Application Data\SoundSpectrum
2008-11-02 13:25 --------- d-----w c:\documents and settings\All Users\Application Data\WhiteCap (Holiday Edition)
2008-11-02 13:18 --------- d-----w c:\program files\SoundSpectrum
2008-11-02 11:55 28,352 ----a-w c:\windows\system32\drivers\MxlW2k.sys
2008-11-02 11:55 --------- d-----w c:\program files\MUSICMATCH
2008-11-02 11:55 --------- d-----w c:\documents and settings\Andy\Application Data\Musicmatch
2008-10-31 10:54 --------- d-----w c:\program files\Ipswitch
2008-10-31 10:54 --------- d-----w c:\documents and settings\Andy\Application Data\Ipswitch
2008-10-31 10:06 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-10-30 20:48 --------- d-----w c:\program files\SonicWallES
2008-10-30 20:48 --------- d-----w c:\documents and settings\Andy\Application Data\MailFrontier
2008-10-30 17:27 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
2008-10-30 16:46 --------- d--h--w c:\program files\Creative Installation Information
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-05-16 22:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051620080 517\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-12-07_23.15.25.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-07 23:07:34 718,800 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2008-12-08 00:10:09 718,856 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"TBPanel"="c:\program files\XpertVision\TBPanel.exe" [2008-01-29 2157064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-01-08 81920]
"CTAPR2"="c:\program files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" [2007-02-15 57344]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-03-01 180224]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBE V~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-04-25 333120]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2005-03-09 110592]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.e xe" [2005-03-09 11776]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-09-10 864256]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-01-08 c:\windows\system32\nwiz.exe]
"SPIRun"="SPIRun.dll" [2006-11-29 c:\windows\system32\SPIRun.dll]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2008-05-16 733184]
R3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.s ys [2008-05-16 1656576]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
uStart Page = uk.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - Sky.com - Home
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - Sky.com - Home -
FireFox -: Profile - c:\documents and settings\Andy\Application Data\Mozilla\Firefox\Profiles\yvkkq78y.default\
FF -: plugin - c:\program files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 00:12:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SPIRun = Rundll32 SPIRun.dll,RunDLLEntry?
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-12-08 0:12:50
ComboFix-quarantined-files.txt 2008-12-08 00:12:46
ComboFix2.txt 2008-12-07 23:15:46
Pre-Run: 189,045,018,624 bytes free
Post-Run: 189,039,411,200 bytes free
205 --- E O F --- 2008-11-12 09:44:18


Fresh HJT log :-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:17:00, on 08/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTAPR2] "C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" /r
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VER SIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - Global Startup: Register Mask Pro 3.0.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - Sky.com - Home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5106/CTPID.cab
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7745 bytes


It's looking good, the speed is back, no annoying pop-ups, pages are loading quickly again, the files I suspected are now gone from HJT log.

I await your verdict.
stratman88 is offline   Reply With Quote
Old 12-07-2008   #9
Senior Security Analyst
 
Pancake's Avatar
 
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 8,310
PC Experience: Elite PC Guru
Default Re: Help Needed ! HJT Log and description of probl
Ok.Thats fine.I just need to see the log from the Combofix now please.
__________________
  • An Australian Member of
My real name is Eddy
Pancake is offline   Reply With Quote
Old 12-07-2008   #10
Bronze Member
 
Join Date: Dec 2008
Posts: 7
PC Experience: Experienced
Default Re: Help Needed ! HJT Log and description of probl
ComboFix 08-12-06.06 - Andy 2008-12-08 0:11:15.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3050 [GMT 0:00]
Running from: c:\documents and settings\Andy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Andy\Desktop\CFScript.txt
* Created a new restore point
FILE ::
c:\windows\system32\gejekoyu.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\gejekoyu.dll
.
((((((((((((((((((((((((( Files Created from 2008-11-08 to 2008-12-08 )))))))))))))))))))))))))))))))
.
2008-12-07 22:44 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-07 22:43 . 2008-12-07 22:44 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-07 22:43 . 2008-12-07 22:43 <DIR> d-------- c:\documents and settings\Andy\Application Data\Malwarebytes
2008-12-07 22:43 . 2008-12-07 22:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-07 22:43 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-07 20:23 . 2008-12-07 20:23 <DIR> d-------- c:\program files\Enigma Software Group
2008-12-07 16:22 . 2008-12-07 16:25 <DIR> d-------- c:\program files\Trend Micro
2008-12-03 10:34 . 2008-12-03 10:35 <DIR> d-------- C:\CPW30
2008-11-24 17:41 . 2008-11-24 17:41 <DIR> d-------- c:\documents and settings\Andy\Application Data\Cakewalk
2008-11-24 17:41 . 2008-11-24 17:41 118,784 --a------ c:\windows\dsdxirmv.exe
2008-11-24 17:29 . 2008-11-24 17:40 <DIR> d-------- c:\program files\Cakewalk
2008-11-24 17:29 . 2008-11-24 17:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Cakewalk
2008-11-24 17:29 . 2008-11-24 17:45 <DIR> d-------- C:\Cakewalk Projects
2008-11-24 17:29 . 2006-02-24 10:00 487,424 --a------ c:\windows\system32\msvcp70.dll
2008-11-24 17:29 . 2006-11-30 15:49 368,640 --a------ c:\windows\system32\ReWire.dll
2008-11-24 17:29 . 2004-04-13 14:48 233,472 --a------ c:\windows\system32\REX Shared Library.dll
2008-11-24 16:25 . 2008-11-24 16:25 <DIR> d-------- c:\program files\MagicISO
2008-11-24 13:48 . 2008-11-24 13:48 <DIR> d-------- c:\documents and settings\Andy\Application Data\Sony
2008-11-24 13:48 . 2008-11-24 13:48 <DIR> d-------- c:\documents and settings\Andy\Application Data\Publish Providers
2008-11-24 13:44 . 2008-11-24 13:44 <DIR> d-------- c:\program files\Vstplugins
2008-11-24 13:44 . 2008-11-24 13:45 <DIR> d-------- c:\program files\Sony
2008-11-24 13:30 . 2008-11-24 13:30 <DIR> d-------- c:\program files\Sony Setup
2008-11-19 10:40 . 2008-11-19 10:40 28 --a------ c:\windows\AlbumWrap Prefs
2008-11-19 10:39 . 2008-11-19 10:43 69,632 --a------ c:\windows\system32\realbap1.dll
2008-11-19 10:39 . 2008-11-19 10:39 45,568 --a------ c:\windows\system32\realbsf1.dll
2008-11-17 19:34 . 2008-11-17 19:34 <DIR> d-------- c:\program files\Lavalys
2008-11-16 21:44 . 2008-11-16 21:52 <DIR> d-------- c:\documents and settings\Andy\Application Data\Sports Interactive
2008-11-16 21:44 . 2008-11-16 21:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive
2008-11-16 21:42 . 2008-11-16 21:42 <DIR> d-------- c:\windows\Logs
2008-11-16 21:40 . 2008-11-16 21:42 <DIR> d--h----- c:\program files\Zero G Registry
2008-11-16 21:40 . 2008-11-16 21:40 <DIR> d-------- c:\program files\Sports Interactive
2008-11-16 21:39 . 2008-11-16 21:39 <DIR> d--h----- c:\documents and settings\Andy\InstallAnywhere
2008-11-13 12:46 . 2008-11-13 12:53 <DIR> d-------- c:\program files\WinMX
2008-11-12 09:42 . 2008-09-04 17:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 09:42 . 2008-10-24 11:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-09 14:03 . 2008-11-21 09:14 <DIR> d-------- c:\documents and settings\Andy\Application Data\EPSON
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-12-08 00:12 19,120,672 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-07 22:56 258,224 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-07 22:46 --------- d-----w c:\program files\PeerGuardian2
2008-12-07 21:01 --------- d-----w c:\documents and settings\Andy\Application Data\Azureus
2008-12-07 14:40 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-07 14:40 --------- d-----w c:\program files\SpywareBlaster
2008-12-07 14:22 3,195,904 ----a-w c:\windows\Internet Logs\xDB2.tmp
2008-12-07 14:22 3,067,904 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-12-07 14:18 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-21 13:24 --------- d-----w c:\program files\Vuze
2008-11-09 14:18 --------- d-----w c:\documents and settings\Andy\Application Data\Alien Skin
2008-11-07 08:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-07 08:19 --------- d-----w c:\program files\Samsung
2008-11-05 21:30 --------- d-----w c:\documents and settings\Andy\Application Data\Windows Search
2008-11-05 21:02 --------- d-----w c:\program files\Windows Desktop Search
2008-11-05 21:02 --------- d-----w c:\documents and settings\Andy\Application Data\Windows Desktop Search
2008-11-05 19:19 --------- d-----w c:\documents and settings\All Users\Application Data\UDL
2008-11-05 19:16 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-05 19:13 --------- d-----w c:\program files\EPSON
2008-11-05 19:13 --------- d-----w c:\documents and settings\Andy\Application Data\InstallShield
2008-11-05 19:01 --------- d-----w c:\documents and settings\All Users\Application Data\EPSON
2008-11-05 18:39 --------- d-----w c:\documents and settings\ITC\Application Data\Ipswitch
2008-11-05 18:38 --------- d-----w c:\documents and settings\ITC\Application Data\MailFrontier
2008-11-02 13:25 --------- d-----w c:\documents and settings\Andy\Application Data\SoundSpectrum
2008-11-02 13:25 --------- d-----w c:\documents and settings\All Users\Application Data\WhiteCap (Holiday Edition)
2008-11-02 13:18 --------- d-----w c:\program files\SoundSpectrum
2008-11-02 11:55 28,352 ----a-w c:\windows\system32\drivers\MxlW2k.sys
2008-11-02 11:55 --------- d-----w c:\program files\MUSICMATCH
2008-11-02 11:55 --------- d-----w c:\documents and settings\Andy\Application Data\Musicmatch
2008-10-31 10:54 --------- d-----w c:\program files\Ipswitch
2008-10-31 10:54 --------- d-----w c:\documents and settings\Andy\Application Data\Ipswitch
2008-10-31 10:06 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-10-30 20:48 --------- d-----w c:\program files\SonicWallES
2008-10-30 20:48 --------- d-----w c:\documents and settings\Andy\Application Data\MailFrontier
2008-10-30 17:27 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
2008-10-30 16:46 --------- d--h--w c:\program files\Creative Installation Information
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-05-16 22:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051620080 517\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-12-07_23.15.25.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-07 23:07:34 718,800 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2008-12-08 00:10:09 718,856 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"TBPanel"="c:\program files\XpertVision\TBPanel.exe" [2008-01-29 2157064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-01-08 81920]
"CTAPR2"="c:\program files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" [2007-02-15 57344]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-03-01 180224]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBE V~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-04-25 333120]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2005-03-09 110592]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.e xe" [2005-03-09 11776]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-09-10 864256]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-01-08 c:\windows\system32\nwiz.exe]
"SPIRun"="SPIRun.dll" [2006-11-29 c:\windows\system32\SPIRun.dll]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2008-05-16 733184]
R3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.s ys [2008-05-16 1656576]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
uStart Page = uk.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - Sky.com - Home
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - Sky.com - Home -
FireFox -: Profile - c:\documents and settings\Andy\Application Data\Mozilla\Firefox\Profiles\yvkkq78y.default\
FF -: plugin - c:\program files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 00:12:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SPIRun = Rundll32 SPIRun.dll,RunDLLEntry?
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-12-08 0:12:50
ComboFix-quarantined-files.txt 2008-12-08 00:12:46
ComboFix2.txt 2008-12-07 23:15:46
Pre-Run: 189,045,018,624 bytes free
Post-Run: 189,039,411,200 bytes free
205 --- E O F --- 2008-11-12 09:44:18


Huge appreciation for taking the time to walk me through and getting my system back on track. Thanks :-)
stratman88 is offline   Reply With Quote
Old 12-08-2008   #11
Senior Security Analyst
 
Pancake's Avatar
 
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 8,310
PC Experience: Elite PC Guru
Default Re: Help Needed ! HJT Log and description of probl
Ok.Thats it.You should be fine now.

This will clear away any of the files and folders that were created by ComboFix.
Go to :
Start > Run then copy and paste the following highlighted text below into the box and click OK.

ComboFix /u
__________________
  • An Australian Member of
My real name is Eddy
Pancake is offline   Reply With Quote
Old 12-08-2008   #12
Bronze Member
 
Join Date: Dec 2008
Posts: 7
PC Experience: Experienced
Default Re: Help Needed ! HJT Log and description of probl
All done... thanks again for your professional, confident and calming help with my computer problems.
stratman88 is offline   Reply With Quote
Old 12-08-2008   #13
Senior Security Analyst
 
Pancake's Avatar
 
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 8,310
PC Experience: Elite PC Guru
Default Re: Help Needed ! HJT Log and description of probl
No problem.Your welcome.
__________________
  • An Australian Member of
My real name is Eddy
Pancake is offline   Reply With Quote

Reply
Page 2 of 2 1 2

Bookmarks

Tags
description, fixed, Fixed:, hjt, log, needed, open, problem
Similar discussions...
Thread Thread Starter Forum Replies Last Post
Pending: Help needed. USB problem dumalex All other Hardware 1 06-25-2008 10:03 PM
Pending: Help needed for a Modem problem stjovite Windows 95, 98 & ME 4 11-26-2007 02:58 AM
<News> Microsoft: Vista Capable Site Description Unchanged Newsie IT News 0 04-11-2007 07:33 AM
Problem with Word, help needed!!! barnetti Office Software 1 06-03-2006 12:18 PM
RAM problem, help needed please dean7879 Windows XP/2000 5 10-03-2005 01:31 PM

« Malware? | Any of these things don't belong or can be discard »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On


Site Map - Top

All times are GMT. The time now is 10:19 AM.
Powered by vBulletin
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2