Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

do i still have zlob


  • Please log in to reply

#1
sdb91

sdb91

    Member

  • Member
  • PipPip
  • 10 posts
got rid of it i believe but i have a pop up that says that there is updates ready to be installed. but when i turn off my computer it doesn't have the option to turn off computer with or without installing updates. and it is only o my profile.

Logfile of HijackThis v1.99.1
Scan saved at 3:55:18 PM, on 7/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\sabastian\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myway....h/default.jhtml
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {C002426B-D6AA-FC21-DD06-FAADDAE273E1} - C:\WINDOWS\system32\hvrwactf.dll (file missing)
O2 - BHO: (no name) - {C70C163A-D3A8-FE2D-8C06-FAADDAE273B3} - C:\WINDOWS\system32\tpmfij.dll (file missing)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Kzmlhqw] "C:\Program Files\??crosoft\?hkntfs.exe"
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll (file missing)
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll (file missing)
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll (file missing)
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

and my unnstall list


Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.9
America Online (Choose which version to remove)
AoA Audio Extractor 1.0
AVG 7.5
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Photo Printer 720
Dell Photo Printer 720 Logger
DellSupport
Digital Content Portal
Free Mp3 Wma Converter V 1.5.6
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
ICQ6
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
KeepV Flash Converter
KeyScrambler
LEARN Microsoft® Word xp
Learn2 Player (Uninstall Only)
Macromedia Flash Player
Mavis Beacon Teaches Typing 15
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (2.0.0.5)
MSXML 6.0 Parser (KB927977)
MyWay Search Assistant
Native Instruments Guitar Rig Demo
NBFree MP3 to WMA Converter v2
NetZeroInstallers
Qualxserve Service Agreement
QuickTime
RealPlayer Basic
RoamDrive 1.0.2292.14902
Samsung USB Driver (MCCI 4.24 WHQL)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Series 6 Drill and Practice
Series 63 Databank
Series 63 Drill and Practice
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
STOPzilla
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Viewpoint Media Player
VZAccess Manager
Watchtower Library 2005 - English Edition
Watchtower Library 2006 - English Edition
WebCyberCoach 3.2 Dell
Windows Driver Package - Microsoft WPD (12/01/2006 1.2.0.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10
Windows Media Recorder
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WordPerfect Office 12
Zune

Smitfraud rapport

SmitFraudFix v2.202

Scan done at 21:10:17.37, Tue 07/24/2007
Run from C:\Documents and Settings\sabastian\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\sabastian


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\sabastian\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SABAST~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 24.93.41.125
DNS Server Search Order: 24.93.41.126

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C1FE25E6-4BAB-4C39-A14E-9142FACEF511}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C1FE25E6-4BAB-4C39-A14E-9142FACEF511}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C1FE25E6-4BAB-4C39-A14E-9142FACEF511}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.93.41.125 24.93.41.126


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Combofix


"sabastian" - 2007-07-25 18:40:34 - ComboFix 07-07-23.6 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 )))))))))))))))))))))))))))))))


2007-07-24 21:15 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-24 21:10 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-07-24 21:10 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-24 21:10 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-24 21:07 <DIR> d-------- C:\Program Files\Hijack This
2007-07-22 02:51 <DIR> d-------- C:\MyAudio
2007-07-20 23:04 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
2007-07-10 18:21 <DIR> d-------- C:\DOCUME~1\heather\APPLIC~1\Talkback
2007-07-09 23:31 113,128 --a------ C:\WINDOWS\system32\drivers\keyscrambler.sys
2007-07-09 23:31 <DIR> d-------- C:\Program Files\KeyScrambler
2007-07-09 01:55 368 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-07 02:20 <DIR> d-------- C:\Program Files\AoA Audio Extractor
2007-07-05 18:27 <DIR> d-------- C:\Program Files\KeepV Converter
2007-07-02 23:43 <DIR> d-------- C:\Program Files\RoamDrive
2007-07-02 23:32 <DIR> d-------- C:\DOCUME~1\SABAST~1\APPLIC~1\RoamDrive
2007-07-02 23:03 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-07-02 23:03 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-07-02 23:02 991,232 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll
2007-07-02 23:02 679,936 --a------ C:\WINDOWS\system32\NCTMPEGFile.dll
2007-07-02 23:02 626,688 --a------ C:\WINDOWS\system32\NCTImageFile.dll
2007-07-02 23:02 589,824 --a------ C:\WINDOWS\system32\NCTVideoView.dll
2007-07-02 23:02 315,392 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll
2007-07-02 23:02 3,031,040 --a------ C:\WINDOWS\system32\NCTVideoTransform.dll
2007-07-02 23:02 294,912 --a------ C:\WINDOWS\system32\NCTAVIFile.dll
2007-07-02 23:02 2,260,992 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll
2007-07-02 23:02 196,608 --a------ C:\WINDOWS\system32\NCTWMVFile.dll
2007-07-02 23:02 139,264 --a------ C:\WINDOWS\system32\NCTVideoPlayer.dll
2007-07-02 23:02 139,264 --a------ C:\WINDOWS\system32\NCTVideoFile.dll
2007-07-02 23:02 1,810,432 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll
2007-07-02 23:02 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-07-02 23:02 1,245,184 --a------ C:\WINDOWS\system32\NCTRMFile.dll
2007-07-02 23:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-07-02 22:02 <DIR> d-------- C:\DOCUME~1\SABAST~1\APPLIC~1\COWON
2007-07-02 19:17 <DIR> d-------- C:\Program Files\GetFLV
2007-07-02 15:55 <DIR> d-------- C:\DOCUME~1\SABAST~1\APPLIC~1\Talkback
2007-07-02 15:43 <DIR> d-------- C:\Program Files\NBFree MP3 to WMA Converter
2007-07-01 14:33 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2007-07-01 14:33 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-07-01 14:33 307,200 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-07-01 14:33 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2007-07-01 14:33 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2007-07-01 14:33 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-07-01 14:33 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-07-01 14:33 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-07-01 01:05 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-01 00:51 <DIR> d-------- C:\DOCUME~1\SABAST~1\APPLIC~1\Real
2007-07-01 00:49 1,535 --a------ C:\WINDOWS\mozver.dat
2007-06-29 22:32 <DIR> d-------- C:\DOCUME~1\SABAST~1\APPLIC~1\Printer Info Cache
2007-06-29 22:21 <DIR> d-------- C:\DOCUME~1\SABAST~1\APPLIC~1\Wal-Mart Digital Photo Manager
2007-06-29 22:17 <DIR> d-------- C:\DOCUME~1\SABAST~1\APPLIC~1\Wal-Mart Digital Photo Viewer
2007-06-28 11:53 217,088 -ra------ C:\WINDOWS\system32\SZBase5.dll
2007-06-27 14:02 <DIR> d-------- C:\DOCUME~1\heather\APPLIC~1\U3


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-24 07:36:18 -------- d-----w C:\Program Files\STOPzilla!
2007-07-23 07:30:22 -------- d-----w C:\DOCUME~1\SABAST~1\APPLIC~1\U3
2007-07-09 05:25:11 -------- d-----w C:\Program Files\Enigma Software Group
2007-07-03 03:23:28 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-01 19:36:37 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-01 19:36:37 104 --sh--r C:\WINDOWS\system32\A4762F337B.sys
2007-06-22 19:59:18 126,976 ----a-r C:\WINDOWS\system32\IS3HTUI5.dll
2007-06-22 19:59:10 294,912 ----a-r C:\WINDOWS\system32\IS3DBA5.dll
2007-06-22 19:58:22 372,736 ----a-r C:\WINDOWS\system32\IS3UI5.dll
2007-06-22 19:58:08 69,632 ----a-r C:\WINDOWS\system32\IS3Hks5.dll
2007-06-22 19:57:48 23,040 ----a-r C:\WINDOWS\system32\IS3XDat5.dll
2007-06-22 19:57:30 184,320 ----a-r C:\WINDOWS\system32\IS3Win325.dll
2007-06-22 19:57:10 94,208 ----a-r C:\WINDOWS\system32\IS3Inet5.dll
2007-06-22 19:56:58 90,112 ----a-r C:\WINDOWS\system32\IS3Svc5.dll
2007-06-22 19:56:34 688,128 ----a-r C:\WINDOWS\system32\IS3Base5.dll
2007-06-17 04:51:44 37,240 ----a-w C:\DOCUME~1\SABAST~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-06-14 18:38:15 -------- d-sh--w C:\Program Files\outlook
2007-06-14 17:04:24 -------- d-----w C:\Program Files\Common Files\iS3
2007-06-14 04:41:33 1,811,326 --sha-w C:\WINDOWS\system32\jmllm.ini2
2007-06-13 23:09:15 1,816,099 --sha-w C:\WINDOWS\system32\jmllm.bak2
2007-06-13 22:49:58 9,216 ----a-w C:\WINDOWS\system32\avgwlntf.dll
2007-06-13 22:49:56 110,592 ----a-w C:\WINDOWS\system32\avgfwafu.dll
2007-06-13 22:29:23 167 ----a-w C:\2902.bat
2007-06-10 03:16:33 384 ----a-w C:\DOCUME~1\SABAST~1\APPLIC~1\internaldb6334.dat
2007-06-10 02:49:27 167 ----a-w C:\WINDOWS\system32\4011.bat
2007-06-10 02:23:31 194 ----a-w C:\DOCUME~1\SABAST~1\APPLIC~1\internaldb8467.dat
2007-06-08 17:17:31 167 ----a-w C:\WINDOWS\system32\7451.bat
2007-06-08 03:19:55 1,808,551 --sha-w C:\WINDOWS\system32\jmllm.bak1
2007-06-07 21:50:45 167 ----a-w C:\WINDOWS\system32\8554.bat
2007-06-07 21:50:40 73 ----a-w C:\WINDOWS\system32\n.bat
2007-06-07 21:50:26 0 ----a-w C:\WINDOWS\system32\x.dat
2007-06-07 21:50:23 86,016 ----a-w C:\WINDOWS\system32\ps.exe
2007-06-07 21:49:51 0 ----a-w C:\WINDOWS\system32\taskkill.exe
2007-06-07 06:10:29 -------- d-----w C:\Program Files\Charter High-Speed Security Suite
2007-06-07 06:10:22 -------- d-----w C:\DOCUME~1\SABAST~1\APPLIC~1\U3(2)
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-10 03:00:57 118,842 ------r C:\WINDOWS\bwUnin-6.3.2.129-3528733L.exe
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2006-09-02 22:38:50 1,603 ----a-w C:\Program Files\uninstal.log


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C002426B-D6AA-FC21-DD06-FAADDAE273E1}]
C:\WINDOWS\system32\hvrwactf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C70C163A-D3A8-FE2D-8C06-FAADDAE273B3}]
C:\WINDOWS\system32\tpmfij.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-02 15:08]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"Kzmlhqw"="C:\Program Files\??crosoft\?hkntfs.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [2006-03-13 17:50:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-06-13 17:49 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Charter High-Speed Security Suite.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Charter High-Speed Security Suite.lnk
backup=C:\WINDOWS\pss\Charter High-Speed Security Suite.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=C:\WINDOWS\pss\Personal Coach.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"C:\Program Files\Zune\ZuneLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneNetworkSvc"=2 (0x2)
"FSMA"=2 (0x2)
"fshttps"=3 (0x3)
"FSDFWD"=3 (0x3)
"BackWeb Plug-in - 3528733"=2 (0x2)
"FSBWSYS"=2 (0x2)
"F-Secure Gatekeeper Handler Starter"=2 (0x2)

R1 AvgMfx86;AVG Minifilter x86 Resident Driver;C:\WINDOWS\system32\Drivers\avgmfx86.sys
R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscdbhk5.sys
R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.sys
R2 ASCTRM;ASCTRM;C:\WINDOWS\system32\drivers\ASCTRM.sys
R2 drvnddm;drvnddm;C:\WINDOWS\system32\drivers\drvnddm.sys
R2 dsunidrv;DellSupport UniDriver;C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
R2 tfsnboio;tfsnboio;C:\WINDOWS\system32\dla\tfsnboio.sys
R2 tfsncofs;tfsncofs;C:\WINDOWS\system32\dla\tfsncofs.sys
R2 tfsndrct;tfsndrct;C:\WINDOWS\system32\dla\tfsndrct.sys
R2 tfsndres;tfsndres;C:\WINDOWS\system32\dla\tfsndres.sys
R2 tfsnifs;tfsnifs;C:\WINDOWS\system32\dla\tfsnifs.sys
R2 tfsnopio;tfsnopio;C:\WINDOWS\system32\dla\tfsnopio.sys
R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool.sys
R2 tfsnudf;tfsnudf;C:\WINDOWS\system32\dla\tfsnudf.sys
R2 tfsnudfa;tfsnudfa;C:\WINDOWS\system32\dla\tfsnudfa.sys
R3 Dot4;MS IEEE-1284.4 Driver;C:\WINDOWS\system32\DRIVERS\Dot4.sys
R3 Dot4Print;Print Class Driver for IEEE-1284.4;C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
R3 DSproct;DSproct;\??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
R3 E100B;Intel® PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
R3 IntelC51;IntelC51;C:\WINDOWS\system32\DRIVERS\IntelC51.sys
R3 IntelC52;IntelC52;C:\WINDOWS\system32\DRIVERS\IntelC52.sys
R3 IntelC53;IntelC53;C:\WINDOWS\system32\DRIVERS\IntelC53.sys
R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys
R3 mohfilt;mohfilt;C:\WINDOWS\system32\DRIVERS\mohfilt.sys
R3 senfilt;senfilt;C:\WINDOWS\system32\drivers\senfilt.sys
S0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
S0 szkg;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys
S2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\Win2K\FSfilter.sys
S2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\Win2K\FSgk.sys
S2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\Win2K\FSrec.sys
S2 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
S4 BackWeb Plug-in - 3528733;Charter High-Speed Security Suite;C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
S4 F-Secure Gatekeeper Handler Starter;FSGKHS;"C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe"


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-25 18:49:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000004ea

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-25 18:51:30
C:\ComboFix-quarantined-files.txt ... 2007-07-25 18:51

--- E O F ---
Thanks in advance :whistling:
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP