Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help with w32.jeefo...or something


  • Please log in to reply

#1
wolf4091

wolf4091

    New Member

  • Member
  • Pip
  • 3 posts
please dear god. i need help. im sure this problem has come up before hand, but im at my wits end... ive tried everything i know. ive scanned it with norton, which was unable to repair,quarantine, or delete the infected files (located in both the C:\Windows\Temp folder and the C:\windows\system32 folders) tried to delete the detected files manually, and scanned this forum for hours looking for help without assistance. As self reliant as i usually like to be. i have failed and have no more to go on. :whistling:
I'd sincerely appreciate any help that you guys could provide me. Dankeh Ser.
  • 0

Advertisements


#2
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Go here , scroll down to step five and post a hijack log for me please :blink:
  • 0

#3
wolf4091

wolf4091

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
yea, i was toying around with that beforehand and made several logs. couldnt make heads nor tails of any of it tho...im unfortunately a noob. but heres the log anyway.

Logfile of HijackThis v1.99.1
Scan saved at 6:29:34 AM, on 12/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.c...h...TB&M=MX6214
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Auto EPSON Stylus CX6600 Series on VAIO] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P39 "Auto EPSON Stylus CX6600 Series on VAIO" /O15 "\\VAIO\Printer4" /M "Stylus CX6600"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - https://support.gate...//PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1159287617078
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Edited by wolf4091, 28 December 2006 - 07:33 AM.

  • 0

#4
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi again

The log looks good enough, lets do some more searching

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0

#5
wolf4091

wolf4091

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
k thanks. ok here it is---

Owner - 06-12-28 6:57:36.82 Service Pack 2
ComboFix 06.12.01W - Running from: "C:\Documents and Settings\Owner\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\aamd532.dll


((((((((((((((((((((((((((((((( Files Created from 2006-11-28 to 2006-12-28 ))))))))))))))))))))))))))))))))))


2006-12-28 02:05 <DIR> dr-h----- C:\Documents and Settings\Owner\Recent
2006-12-27 23:05 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2006-12-27 22:57 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2006-12-27 22:57 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-12-27 22:57 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2006-12-27 22:57 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2006-12-27 22:57 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2006-12-27 22:57 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-12-27 22:57 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2006-12-27 22:57 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-12-27 22:57 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2006-12-27 22:44 <DIR> d-------- C:\Program Files\Bots
2006-12-27 21:07 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2006-12-27 06:04 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-27 05:49 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-27 05:49 <DIR> d-------- C:\Program Files\Grisoft
2006-12-27 05:49 <DIR> d-------- C:\Program Files\CCleaner
2006-12-27 05:49 <DIR> d-------- C:\!KillBox
2006-12-27 03:47 <DIR> d-------- C:\Program Files\SymNetDrv
2006-12-27 03:46 <DIR> d--hs---- C:\Config.Msi
2006-12-27 02:39 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2006-12-25 00:59 <DIR> d-------- C:\Documents and Settings\Owner\Shared
2006-12-25 00:59 <DIR> d-------- C:\Documents and Settings\Owner\Incomplete
2006-12-25 00:56 <DIR> d-------- C:\Documents and Settings\Owner\.limewire
2006-12-24 22:23 <DIR> d-------- C:\WINDOWS\Minidump
2006-12-24 18:48 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2006-12-21 07:07 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-12-21 07:07 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-12-21 06:57 <DIR> d-------- C:\Program Files\DAEMON Tools
2006-12-21 04:43 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-12-19 00:01 <DIR> d-------- C:\Program Files\Raxco
2006-12-15 04:27 <DIR> d-------- C:\Program Files\WinRAR
2006-12-15 02:41 <DIR> d-------- C:\Program Files\Trillian


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-28 05:53 -------- d-------- C:\Program Files\Common Files
2006-12-28 05:49 -------- d-------- C:\Program Files\Outlook Express
2006-12-28 05:49 -------- d-------- C:\Program Files\Common Files\System
2006-12-28 00:04 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-27 23:57 -------- d-------- C:\Program Files\Norton AntiVirus
2006-12-27 23:53 -------- d-------- C:\Program Files\Messenger
2006-12-27 23:52 -------- d-------- C:\Program Files\Internet Explorer
2006-12-27 23:52 -------- d-------- C:\Program Files\Google
2006-12-27 23:51 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-12-27 23:48 -------- d-------- C:\Program Files\BigFix
2006-12-27 04:47 0 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2006-12-27 03:48 -------- d-------- C:\Program Files\Symantec
2006-12-25 14:52 -------- d-------- C:\Program Files\Common Files\Adobe
2006-12-25 14:52 -------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2006-12-25 14:49 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-06 23:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-03 17:02 -------- dr-h----- C:\Documents and Settings\Owner\Application Data\yahoo!
2006-11-27 20:32 -------- d-------- C:\Documents and Settings\Owner\Application Data\Sun
2006-11-19 19:27 -------- d-------- C:\Program Files\MSXML 4.0
2006-11-14 20:40 -------- d-------- C:\Documents and Settings\Owner\Application Data\Real
2006-11-07 22:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-06 19:45 -------- d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2006-11-05 19:36 -------- d-------- C:\Program Files\Common Files\xing shared
2006-11-05 19:36 -------- d-------- C:\Program Files\Common Files\Real
2006-11-05 19:35 -------- d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2006-11-05 19:29 -------- d-------- C:\Documents and Settings\Owner\Application Data\Google
2006-11-04 18:58 -------- d-------- C:\Program Files\Yahoo!
2006-11-04 15:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 20:36 -------- d-------- C:\Program Files\Lavasoft
2006-11-03 20:35 -------- d-------- C:\Program Files\Picasa2
2006-11-03 20:34 159734 --a------ C:\WINDOWS\Google Pack Screensaver Uninstaller.exe
2006-10-19 06:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 14:33 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-17 14:33 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-17 14:33 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-17 14:33 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-17 14:33 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-17 14:33 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-17 14:33 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-17 14:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 14:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 14:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 14:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 14:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 14:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 14:01 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-17 14:01 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-17 14:01 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-17 14:01 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-17 14:01 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-17 14:01 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-17 14:00 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-17 14:00 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-17 14:00 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-17 13:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 13:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 13:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 13:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 13:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 13:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 13:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-17 13:23 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-13 05:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.6962\\GoogleToolbarNotifier.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
"SigmatelSysTrayApp"="stsystra.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY.exe"
"EPSON Stylus CX6600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9EA.EXE /P26 \"EPSON Stylus CX6600 Series\" /O6 \"USB001\" /M \"Stylus CX6600\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"Fix-It AV"="C:\\PROGRA~1\\VCOM\\Fix-It\\MemCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Auto EPSON Stylus CX6600 Series on VAIO"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9EA.EXE /P39 \"Auto EPSON Stylus CX6600 Series on VAIO\" /O15 \"\\\\VAIO\\Printer4\" /M \"Stylus CX6600\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="NA"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="NA"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\ISP signup reminder 2.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job

Completion time: 06-12-28 7:13:53.90
C:\ComboFix.txt ... 06-12-28 07:13
  • 0

#6
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

I dont see anything bad. Lets get a second opinion

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP