Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Yazzlesudoku! [RESOLVED]

Started by Slider92 , Aug 23 2006 11:49 AM

This topic is locked

#16
Slider92

Posted 30 August 2006 - 10:02 AM

Member

Topic Starter
Member
91 posts

Slider - 06-08-30 17:40:05,86
ComboFix 06.08.27BT - Running from: C:\Documents and Settings\Slider\Skrivebord\Ubrukte skrivebordssnarveier\Virus-Spam removers

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Programfiler\Fellesfiler\Y1123OU.exe
C:\WINDOWS\system32\components

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Slider\Programdata\YMBOLS~1
C:\QooBox\Purity\Documents and Settings\Slider\Programdata\YMBOLS~1\?ymbols

((((((((((((((((((((((((((((((( Files Created from 2006-07-30 to 2006-08-30 ))))))))))))))))))))))))))))))))))

2006-08-23 21:30 186 --a------ C:\WINDOWS\system32\del32.bat
2006-08-23 16:04 29,696 --a------ C:\WINDOWS\mickey32.dll
2006-08-23 16:04 232,784 C:\WINDOWSMatrix Code.scr
2006-08-23 16:04 2,285,222 C:\WINDOWSMatrix Code.exe
2006-08-15 20:35 53,760 --a------ C:\WINDOWS\system32\Squeeze.dll
2006-08-15 20:35 34,308 --a------ C:\WINDOWS\system32\Chip.dll
2006-08-08 22:26 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-08-08 22:26 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-08-08 22:09 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-08-30 17:40 -------- d-------- C:\Programfiler\Fellesfiler
2006-08-30 15:05 -------- d-------- C:\Programfiler\Steam
2006-08-29 21:03 -------- d-------- C:\Programfiler\MSN Messenger
2006-08-29 20:25 -------- d-------- C:\Documents and Settings\Slider\Programdata\Registry Booster
2006-08-29 20:14 -------- d-------- C:\Programfiler\ewido anti-spyware 4.0
2006-08-29 20:12 -------- d-------- C:\Documents and Settings\Slider\Programdata\uTorrent
2006-08-29 18:37 -------- d-------- C:\Programfiler\Webroot
2006-08-29 18:37 -------- d-------- C:\Documents and Settings\Slider\Programdata\Webroot
2006-08-28 18:56 -------- d-------- C:\Programfiler\7-Zip
2006-08-27 17:20 -------- d-------- C:\Programfiler\uTorrent
2006-08-27 16:47 -------- d-------- C:\Programfiler\OfficeUpdate11
2006-08-27 13:59 -------- d-------- C:\Programfiler\Mozilla Firefox
2006-08-26 22:19 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-08-26 21:58 -------- d--h----- C:\Programfiler\InstallShield Installation Information
2006-08-26 21:58 -------- d-------- C:\Programfiler\Sierra
2006-08-26 10:47 -------- d-------- C:\Programfiler\SpywareGuard
2006-08-26 10:47 -------- d-------- C:\Programfiler\SpywareBlaster
2006-08-25 19:59 -------- d-------- C:\Programfiler\Sony Ericsson
2006-08-25 19:59 -------- d-------- C:\Programfiler\Fellesfiler\Teleca Shared
2006-08-25 19:29 -------- d-------- C:\Programfiler\Azureus
2006-08-25 18:39 -------- d-------- C:\Programfiler\Ad-Aware SE Professional
2006-08-25 16:11 -------- d-------- C:\Documents and Settings\Slider\Programdata\Azureus
2006-08-24 21:52 -------- d-------- C:\Documents and Settings\Slider\Programdata\.BitTornado
2006-08-24 16:28 83 ---hs---- C:\Documents and Settings\Slider\Programdata\.zreglib
2006-08-24 13:39 -------- d-------- C:\Programfiler\SlySoft
2006-08-24 13:30 -------- d-------- C:\Programfiler\DVD Shrink
2006-08-23 21:36 -------- d-------- C:\Documents and Settings\Slider\Programdata\Elaborate Bytes
2006-08-23 20:27 -------- d-------- C:\Documents and Settings\Slider\Programdata\SlySoft
2006-08-23 16:47 5852 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-08-23 16:04 232784 --a------ C:\WINDOWS\Matrix Code.scr
2006-08-23 16:04 2285222 --a------ C:\WINDOWS\Matrix Code.exe
2006-08-21 19:18 -------- d-------- C:\Programfiler\Eclipse
2006-08-19 17:07 -------- d-------- C:\Programfiler\Max Payne
2006-08-18 11:58 -------- d-------- C:\Documents and Settings\Slider\Programdata\TrojanHunter
2006-08-18 03:58 20096 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2006-08-17 13:09 -------- d-------- C:\Programfiler\Internet Explorer
2006-08-16 23:09 -------- d-------- C:\Programfiler\Uniblue
2006-08-16 17:20 31248 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2006-08-16 17:20 197648 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2006-08-16 16:51 1051456 --a------ C:\WINDOWS\system32\drivers\VsapiNT.sys
2006-08-15 21:27 -------- d-------- C:\Programfiler\EA GAMES
2006-08-14 10:59 -------- d-------- C:\Documents and Settings\Slider\Programdata\AdobeUM
2006-08-13 18:50 -------- d-------- C:\Programfiler\Trend Micro
2006-08-08 22:13 -------- d-------- C:\Documents and Settings\Slider\Programdata\ATI
2006-08-08 22:09 -------- d-------- C:\Programfiler\ATI Technologies
2006-08-08 00:04 4096 --a--c--- C:\Documents and Settings\Slider\Programdata\dvd.bmk
2006-08-03 22:36 -------- d-------- C:\Documents and Settings\Slider\Programdata\Help
2006-08-03 21:35 -------- d-------- C:\Programfiler\Grisoft
2006-08-02 19:38 -------- d-------- C:\Programfiler\FIFA Tools
2006-08-02 11:42 2 --a------ C:\WINDOWS\system32\wtssvit.exe
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-29 12:22 -------- d-------- C:\Programfiler\Creative
2006-07-28 17:00 -------- d-------- C:\Programfiler\The Ship
2006-07-27 23:07 15360 --a--c--- C:\WINDOWS\system32\BASSMOD.dll
2006-07-27 15:27 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 17:13 -------- d-------- C:\Programfiler\Windows Media Player
2006-07-26 16:34 -------- d-------- C:\Documents and Settings\Slider\Programdata\J River
2006-07-26 16:32 -------- d-------- C:\Programfiler\J River
2006-07-26 16:19 -------- d-------- C:\Programfiler\VirtualDJ
2006-07-25 23:44 -------- d-------- C:\Programfiler\Atari
2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-19 04:58 258048 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-07-19 04:58 1621504 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-07-19 04:53 77824 --a------ C:\WINDOWS\system32\Oemdspif.dll
2006-07-19 04:53 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2006-07-19 04:53 114688 --a------ C:\WINDOWS\system32\atipdlxx.dll
2006-07-19 04:52 86016 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-07-19 04:52 41984 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-07-19 04:51 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2006-07-19 04:51 401408 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-07-19 04:44 2732608 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-07-19 04:39 1744416 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-07-19 04:27 204800 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-07-19 04:26 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-07-19 04:23 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2006-07-19 04:22 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-07-19 04:22 286720 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-07-19 04:21 290816 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
2006-07-19 04:13 5136384 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-07-18 22:23 -------- d-------- C:\Programfiler\Winamp
2006-07-17 21:15 -------- d-------- C:\Documents and Settings\Slider\Programdata\Talkback
2006-07-16 23:30 -------- d-------- C:\Programfiler\LimeWire
2006-07-16 23:17 -------- d-------- C:\Documents and Settings\Slider\Programdata\Mozilla
2006-07-11 12:02 -------- d-------- C:\Programfiler\Google
2006-07-10 23:26 -------- d---s---- C:\Documents and Settings\Slider\Programdata\Microsoft
2006-07-10 23:24 -------- d-------- C:\Programfiler\Fellesfiler\System
2006-07-07 16:41 15360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2006-07-07 16:41 14848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2006-07-07 16:41 13824 --a------ C:\WINDOWS\system32\drivers\SSFS041A.sys
2006-07-07 16:41 117248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2006-07-04 17:12 -------- d-------- C:\Programfiler\Microsoft Games
2006-07-01 11:23 -------- d-------- C:\Programfiler\BitComet
2006-06-23 09:28 5512704 --------- C:\WINDOWS\system32\ieframe.dll
2006-06-23 09:28 47616 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-06-23 09:28 454144 --------- C:\WINDOWS\system32\msfeeds.dll
2006-06-23 09:28 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-06-23 09:28 223744 --a------ C:\WINDOWS\system32\webcheck.dll
2006-06-23 09:28 179200 --------- C:\WINDOWS\system32\ieui.dll
2006-06-23 09:28 155648 --a------ C:\WINDOWS\system32\msls31.dll
2006-06-23 05:41 172544 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-06-23 05:40 78848 --a------ C:\WINDOWS\system32\ieencode.dll
2006-06-23 05:40 40960 --a------ C:\WINDOWS\system32\url.dll
2006-06-23 05:39 99328 --a------ C:\WINDOWS\system32\occache.dll
2006-06-23 05:39 39424 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-06-23 05:37 14336 --a------ C:\WINDOWS\system32\corpol.dll
2006-06-23 05:34 81920 --a------ C:\WINDOWS\system32\admparse.dll
2006-06-23 05:34 50688 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-06-23 05:34 372736 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-06-23 05:34 228864 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-06-23 05:34 167936 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-06-23 05:33 54272 --a------ C:\WINDOWS\system32\iesetup.dll
2006-06-23 05:33 41984 --a------ C:\WINDOWS\system32\iernonce.dll
2006-06-23 05:33 121856 --a------ C:\WINDOWS\system32\advpack.dll
2006-06-23 05:30 11776 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-06-23 05:29 55296 --------- C:\WINDOWS\system32\icardie.dll
2006-06-23 05:29 35328 --a------ C:\WINDOWS\system32\imgutil.dll
2006-06-23 05:27 251392 --------- C:\WINDOWS\system32\iertutil.dll
2006-06-23 05:26 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-06-23 04:46 377856 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-06-23 04:45 48640 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-06-23 04:41 172032 --a------ C:\WINDOWS\system32\ieakui.dll
2006-06-19 15:18 23552 --------- C:\WINDOWS\system32\idndl.dll
2006-06-19 15:18 20480 --------- C:\WINDOWS\system32\normaliz.dll
2006-06-19 12:06 380928 --------- C:\WINDOWS\system32\MC11.exe
2006-06-07 13:37 53248 --------- C:\WINDOWS\system32\BBInstaller.exe
2006-06-07 13:37 491520 --------- C:\WINDOWS\system32\AReadyLB.dll
2006-06-07 13:37 229376 --------- C:\WINDOWS\system32\AudDevicePlugin.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\\Programfiler\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"IAAnotif"="\"C:\\Programfiler\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe\""
"ATIPTA"="\"C:\\Programfiler\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"DMXLauncher"="\"C:\\Programfiler\\Dell\\Media Experience\\DMXLauncher.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ISUSPM Startup"="\"C:\\Programfiler\\Fellesfiler\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Programfiler\\Fellesfiler\\InstallShield\\UpdateService\\issch.exe\" -start"
"ATICCC"="\"C:\\Programfiler\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"pccguide.exe"="\"C:\\Programfiler\\Trend Micro\\Internet Security 2006\\pccguide.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AWMON"="\"C:\\Programfiler\\Ad-Aware SE Professional\\Ad-Watch.exe\""
"Creative Detector"="\"C:\\Programfiler\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Min gjeldende hjemmeside"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20060823-214234-982
O2 - BHO: (no name) - {E14DCE67-8FB7-4721-8149-179BAA4D792C} - (no file)
backup-20060818-133042-682
O2 - BHO: (no name) - {4653AED5-33A3-D271-4DBF-037989749F20} - (no file)
backup-20060818-133042-902
R3 - Default URLSearchHook is missing
backup-20060817-133550-896
O2 - BHO: Class - {4653AED5-33A3-D271-4DBF-037989749F20} - C:\WINDOWS\dlndh1.dll (file missing)
backup-20060817-133550-979
R3 - Default URLSearchHook is missing
backup-20060814-111747-215
O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing)
backup-20060814-105831-853
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.del.......;l=no&s=gen
backup-20060805-221657-957
O11 - Options group: [INTERNATIONAL] International*
backup-20060803-152027-979
O20 - AppInit_DLLs: wuaclt.dll C:\WINDOWS\system32\wowexec.dll
backup-20060802-131304-752
O20 - AppInit_DLLs: wuaclt.dll C:\WINDOWS\system32\wowexec.dll

Completion time: 30.08.2006 17:43:28.83
ComboFix.txt

#17
Linkmaster

Posted 30 August 2006 - 12:55 PM

Visiting Staff

Member
940 posts

Delete the files in the ComboFix Quarantine folder

Please run Panda's ActiveScan and perform a full system scan.
Once you are on the Panda site click the Scan your PC button (be sure to disable your popup blocker first )
A new window will open...click the big Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
Click on Local Disks to start the scan
Click on see report Then click Save report

Open Windows Explorer
Navigate to C:\hi\Hijackthis.exe
Right click on HijackThis.exe and select Rename
Type in Analyze.exe and hit Enter
Close Windows Explorer

Reboot

Run Analyse.exe and post a fresh Analyse log along with the Panda Active scan log here

#18
Slider92

Posted 31 August 2006 - 09:50 AM

Member

Topic Starter
Member
91 posts

Ok, panda is running now, but where is Combofix quarantine folder?

#19
Slider92

Posted 31 August 2006 - 10:46 AM

Member

Topic Starter
Member
91 posts

Panda is done. It found nothing!

Hijackthis Log:

Logfile of HijackThis v1.99.1
Scan saved at 18:47:31, on 31.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programfiler\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Programfiler\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\ewido anti-spyware 4.0\guard.exe
C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe
C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
C:\Programfiler\Trend Micro\Internet Security 2006\pccguide.exe
C:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Ad-Aware SE Professional\Ad-Watch.exe
C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe
C:\Programfiler\SpywareGuard\sgmain.exe
C:\Programfiler\SpywareGuard\sgbhp.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\J River\Media Center 11\Media Center.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\hi\Analyzer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programfiler\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Programfiler\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programfiler\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Programfiler\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Startup: SpywareGuard.lnk = C:\Programfiler\SpywareGuard\sgmain.exe
O4 - Global Startup: dlbcserv.lnk = C:\Programfiler\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Programfiler\J River\Media Center 11\DMDownload.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1155068682812
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Programfiler\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programfiler\ewido anti-spyware 4.0\guard.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe

Edited by Slider92, 31 August 2006 - 10:47 AM.

#20
Linkmaster

Posted 31 August 2006 - 12:41 PM

Visiting Staff

Member
940 posts

Your log looks good !!

Open AdAware SE
Click AdWatch User Interface
Click Tools and Preferences
At the bottom of the screen you will see 2 options Active and Automatic
Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically
Uncheck both options. You can enable these after resolving your problem

Lets run ComboFix again and post its log here !

That should show the folders deleted !

Let me know about Connection Services as well !

Edited by Linkmaster, 31 August 2006 - 12:43 PM.

#21
Slider92

Posted 31 August 2006 - 01:03 PM

Member

Topic Starter
Member
91 posts

ConnectionServices is still there.

Combofix log:

Slider - 06-08-31 21:00:41,82
ComboFix 06.08.27BT - Running from: C:\Documents and Settings\Slider\Skrivebord\Ubrukte skrivebordssnarveier\Virus-Spam removers

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Slider\Programdata\YMBOLS~1
C:\QooBox\Purity\Documents and Settings\Slider\Programdata\YMBOLS~1\?ymbols

((((((((((((((((((((((((((((((( Files Created from 2006-07-31 to 2006-08-31 ))))))))))))))))))))))))))))))))))

2006-08-23 21:30 186 --a------ C:\WINDOWS\system32\del32.bat
2006-08-23 16:04 29,696 --a------ C:\WINDOWS\mickey32.dll
2006-08-23 16:04 232,784 C:\WINDOWSMatrix Code.scr
2006-08-23 16:04 2,285,222 C:\WINDOWSMatrix Code.exe
2006-08-15 20:35 53,760 --a------ C:\WINDOWS\system32\Squeeze.dll
2006-08-15 20:35 34,308 --a------ C:\WINDOWS\system32\Chip.dll
2006-08-08 22:26 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-08-08 22:26 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-08-08 22:09 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-08-31 20:33 -------- d-------- C:\Programfiler\Steam
2006-08-31 19:26 -------- d-------- C:\Documents and Settings\Slider\Programdata\Registry Booster
2006-08-31 18:34 -------- d-------- C:\Programfiler\WinZip
2006-08-31 18:34 -------- d-------- C:\Programfiler\WinRAR
2006-08-31 18:28 -------- d-------- C:\Programfiler\SpywareGuard
2006-08-31 18:25 -------- d-------- C:\Programfiler\MSN Messenger
2006-08-31 18:20 -------- d-------- C:\Programfiler\Internet Explorer
2006-08-31 18:19 -------- d-------- C:\Programfiler\ewido anti-spyware 4.0
2006-08-31 18:03 -------- d-------- C:\Programfiler\Ad-Aware SE Professional
2006-08-30 17:40 -------- d-------- C:\Programfiler\Fellesfiler
2006-08-29 20:12 -------- d-------- C:\Documents and Settings\Slider\Programdata\uTorrent
2006-08-28 18:56 -------- d-------- C:\Programfiler\7-Zip
2006-08-27 17:20 -------- d-------- C:\Programfiler\uTorrent
2006-08-27 16:47 -------- d-------- C:\Programfiler\OfficeUpdate11
2006-08-27 13:59 -------- d-------- C:\Programfiler\Mozilla Firefox
2006-08-26 22:19 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-08-26 21:58 -------- d--h----- C:\Programfiler\InstallShield Installation Information
2006-08-26 21:58 -------- d-------- C:\Programfiler\Sierra
2006-08-26 10:47 -------- d-------- C:\Programfiler\SpywareBlaster
2006-08-25 19:59 -------- d-------- C:\Programfiler\Sony Ericsson
2006-08-25 19:59 -------- d-------- C:\Programfiler\Fellesfiler\Teleca Shared
2006-08-25 19:29 -------- d-------- C:\Programfiler\Azureus
2006-08-25 16:11 -------- d-------- C:\Documents and Settings\Slider\Programdata\Azureus
2006-08-24 21:52 -------- d-------- C:\Documents and Settings\Slider\Programdata\.BitTornado
2006-08-24 16:28 83 ---hs---- C:\Documents and Settings\Slider\Programdata\.zreglib
2006-08-24 13:39 -------- d-------- C:\Programfiler\SlySoft
2006-08-24 13:30 -------- d-------- C:\Programfiler\DVD Shrink
2006-08-23 21:36 -------- d-------- C:\Documents and Settings\Slider\Programdata\Elaborate Bytes
2006-08-23 20:27 -------- d-------- C:\Documents and Settings\Slider\Programdata\SlySoft
2006-08-23 16:47 5852 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-08-23 16:04 232784 --a------ C:\WINDOWS\Matrix Code.scr
2006-08-23 16:04 2285222 --a------ C:\WINDOWS\Matrix Code.exe
2006-08-21 19:18 -------- d-------- C:\Programfiler\Eclipse
2006-08-19 17:07 -------- d-------- C:\Programfiler\Max Payne
2006-08-18 11:58 -------- d-------- C:\Documents and Settings\Slider\Programdata\TrojanHunter
2006-08-18 03:58 20096 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2006-08-16 23:09 -------- d-------- C:\Programfiler\Uniblue
2006-08-16 17:20 31248 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2006-08-16 17:20 197648 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2006-08-16 16:51 1051456 --a------ C:\WINDOWS\system32\drivers\VsapiNT.sys
2006-08-15 21:27 -------- d-------- C:\Programfiler\EA GAMES
2006-08-14 10:59 -------- d-------- C:\Documents and Settings\Slider\Programdata\AdobeUM
2006-08-13 18:50 -------- d-------- C:\Programfiler\Trend Micro
2006-08-08 22:13 -------- d-------- C:\Documents and Settings\Slider\Programdata\ATI
2006-08-08 22:09 -------- d-------- C:\Programfiler\ATI Technologies
2006-08-08 00:04 4096 --a--c--- C:\Documents and Settings\Slider\Programdata\dvd.bmk
2006-08-03 22:36 -------- d-------- C:\Documents and Settings\Slider\Programdata\Help
2006-08-03 21:35 -------- d-------- C:\Programfiler\Grisoft
2006-08-02 19:38 -------- d-------- C:\Programfiler\FIFA Tools
2006-08-02 11:42 2 --a------ C:\WINDOWS\system32\wtssvit.exe
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-29 12:22 -------- d-------- C:\Programfiler\Creative
2006-07-28 17:00 -------- d-------- C:\Programfiler\The Ship
2006-07-27 23:07 15360 --a--c--- C:\WINDOWS\system32\BASSMOD.dll
2006-07-27 15:27 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 17:13 -------- d-------- C:\Programfiler\Windows Media Player
2006-07-26 16:34 -------- d-------- C:\Documents and Settings\Slider\Programdata\J River
2006-07-26 16:32 -------- d-------- C:\Programfiler\J River
2006-07-26 16:19 -------- d-------- C:\Programfiler\VirtualDJ
2006-07-25 23:44 -------- d-------- C:\Programfiler\Atari
2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-19 04:58 258048 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-07-19 04:58 1621504 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-07-19 04:53 77824 --a------ C:\WINDOWS\system32\Oemdspif.dll
2006-07-19 04:53 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2006-07-19 04:53 114688 --a------ C:\WINDOWS\system32\atipdlxx.dll
2006-07-19 04:52 86016 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-07-19 04:52 41984 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-07-19 04:51 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2006-07-19 04:51 401408 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-07-19 04:44 2732608 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-07-19 04:39 1744416 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-07-19 04:27 204800 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-07-19 04:26 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-07-19 04:23 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2006-07-19 04:22 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-07-19 04:22 286720 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-07-19 04:21 290816 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
2006-07-19 04:13 5136384 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-07-18 22:23 -------- d-------- C:\Programfiler\Winamp
2006-07-17 21:15 -------- d-------- C:\Documents and Settings\Slider\Programdata\Talkback
2006-07-16 23:30 -------- d-------- C:\Programfiler\LimeWire
2006-07-16 23:17 -------- d-------- C:\Documents and Settings\Slider\Programdata\Mozilla
2006-07-11 12:02 -------- d-------- C:\Programfiler\Google
2006-07-10 23:26 -------- d---s---- C:\Documents and Settings\Slider\Programdata\Microsoft
2006-07-10 23:24 -------- d-------- C:\Programfiler\Fellesfiler\System
2006-07-07 16:41 14848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2006-07-04 17:12 -------- d-------- C:\Programfiler\Microsoft Games
2006-07-01 11:23 -------- d-------- C:\Programfiler\BitComet
2006-06-23 09:28 5512704 --------- C:\WINDOWS\system32\ieframe.dll
2006-06-23 09:28 47616 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-06-23 09:28 454144 --------- C:\WINDOWS\system32\msfeeds.dll
2006-06-23 09:28 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-06-23 09:28 223744 --a------ C:\WINDOWS\system32\webcheck.dll
2006-06-23 09:28 179200 --------- C:\WINDOWS\system32\ieui.dll
2006-06-23 09:28 155648 --a------ C:\WINDOWS\system32\msls31.dll
2006-06-23 05:41 172544 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-06-23 05:40 78848 --a------ C:\WINDOWS\system32\ieencode.dll
2006-06-23 05:40 40960 --a------ C:\WINDOWS\system32\url.dll
2006-06-23 05:39 99328 --a------ C:\WINDOWS\system32\occache.dll
2006-06-23 05:39 39424 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-06-23 05:37 14336 --a------ C:\WINDOWS\system32\corpol.dll
2006-06-23 05:34 81920 --a------ C:\WINDOWS\system32\admparse.dll
2006-06-23 05:34 50688 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-06-23 05:34 372736 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-06-23 05:34 228864 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-06-23 05:34 167936 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-06-23 05:33 54272 --a------ C:\WINDOWS\system32\iesetup.dll
2006-06-23 05:33 41984 --a------ C:\WINDOWS\system32\iernonce.dll
2006-06-23 05:33 121856 --a------ C:\WINDOWS\system32\advpack.dll
2006-06-23 05:30 11776 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-06-23 05:29 55296 --------- C:\WINDOWS\system32\icardie.dll
2006-06-23 05:29 35328 --a------ C:\WINDOWS\system32\imgutil.dll
2006-06-23 05:27 251392 --------- C:\WINDOWS\system32\iertutil.dll
2006-06-23 05:26 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-06-23 04:46 377856 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-06-23 04:45 48640 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-06-23 04:41 172032 --a------ C:\WINDOWS\system32\ieakui.dll
2006-06-19 15:18 23552 --------- C:\WINDOWS\system32\idndl.dll
2006-06-19 15:18 20480 --------- C:\WINDOWS\system32\normaliz.dll
2006-06-19 12:06 380928 --------- C:\WINDOWS\system32\MC11.exe
2006-06-07 13:37 53248 --------- C:\WINDOWS\system32\BBInstaller.exe
2006-06-07 13:37 491520 --------- C:\WINDOWS\system32\AReadyLB.dll
2006-06-07 13:37 229376 --------- C:\WINDOWS\system32\AudDevicePlugin.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\\Programfiler\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"IAAnotif"="\"C:\\Programfiler\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe\""
"ATIPTA"="\"C:\\Programfiler\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"DMXLauncher"="\"C:\\Programfiler\\Dell\\Media Experience\\DMXLauncher.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ISUSPM Startup"="\"C:\\Programfiler\\Fellesfiler\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Programfiler\\Fellesfiler\\InstallShield\\UpdateService\\issch.exe\" -start"
"ATICCC"="\"C:\\Programfiler\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"pccguide.exe"="\"C:\\Programfiler\\Trend Micro\\Internet Security 2006\\pccguide.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AWMON"="\"C:\\Programfiler\\Ad-Aware SE Professional\\Ad-Watch.exe\""
"Creative Detector"="\"C:\\Programfiler\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"SpySweeperUninstallSurvey"="http://products.webr...j=5&omn=1&rsc="

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Min gjeldende hjemmeside"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

Completion time: 31.08.2006 21:03:36.81
ComboFix.txt
ComboFix2.txt

#22
Linkmaster

Posted 01 September 2006 - 02:45 AM

Visiting Staff

Member
940 posts

I am going to enlist a little advise on this as well !

Everything now seems to be ok!

Are you having any problems ??
Did ConnectionServices go away??

Edited by Linkmaster, 01 September 2006 - 03:18 AM.

#23
Slider92

Posted 01 September 2006 - 05:28 AM

Member

Topic Starter
Member
91 posts

connectionservices didnt go away, but maybe it doesn't pose a treath anymore?

#24
Linkmaster

Posted 01 September 2006 - 11:25 AM

Visiting Staff

Member
940 posts

Open HiJackThis
Click on the "Config..." button on the bottom right
Click on the tab "Misc Tools"
Click on the Box that says "Uninstall Manager"
Click on 'ConnectionServices"
Click on Delete this entry
Click "Yes"
Let me know if that worked !!

#25
Slider92

Posted 01 September 2006 - 12:01 PM

Member

Topic Starter
Member
91 posts

Its no longer in add\remove list if thats what you meen!

#26
Linkmaster

Posted 01 September 2006 - 12:14 PM

Visiting Staff

Member
940 posts

Yes that is what i mean!

Where do you see it ??

#27
Slider92

Posted 02 September 2006 - 01:57 AM

Member

Topic Starter
Member
91 posts

I meen its no longer in the add\remove list after i removed it from the list with hijackthis. So what next? System clean now?

#28
Slider92

Posted 02 September 2006 - 02:27 AM

Member

Topic Starter
Member
91 posts

but there is something called connectionservices in registry. But im not deleting anything before i know if it is safe to remove it.

P.S sorry for doublepost. I forgot to edit last post

Edited by Slider92, 02 September 2006 - 02:28 AM.

#29
Linkmaster

Posted 02 September 2006 - 08:21 AM

Visiting Staff

Member
940 posts

Go to Start, Run, type in regedit then hit OK
Click on File, Export
Export to your Desktop, name it with todays date, and select Save

Save the Entire contents inside of the following code box into Notepad : (make sure wordwrap is turned off)

REGEDIT 4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConnectionServices]

Click on File, Save as
File Type: All Files (not as a text document or it wont work).
Name: fix.reg
Save it to your Desktop

Double click on Fix.reg
When asked if you want merge with the registry, select yes

let me know if that removed it !

Edited by Linkmaster, 03 September 2006 - 09:26 AM.

#30
Slider92

Posted 02 September 2006 - 10:38 AM

Member

Topic Starter
Member
91 posts

no it didnt. Here is the URL of connectionservices in registry:

HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ConnectionServices

HKEY_USERS\S-1-5-21-824525781-1807616261-4248143887-1006\Software\Microsoft\Search Assistant\ACMru\5603

I dunno if some of them arent the Connectionservices thats malware.