Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spysheriff?


  • Please log in to reply

#1
thealps

thealps

    New Member

  • Member
  • Pip
  • 1 posts
Hi there!

Last week I got the Spysheriff virus and I can't seem to get rid of it. When I got it I got a false windows warning saying something like "your system has been infected... etc." and then windows was shut down. On reboot I hardly noticed anything except on internet and when searching on google, where clicking on one of the searchresults led me to another search page every time. I did a full system scan with Norton and it found "Spysheriff" and deleted the files according to itself.
The next day my dial up Adsl modem was not working anymore (nothing happened when clicking the icon) and IE did not respond at all. I can't access the network settings on the control panel since nothing happens when clicking there. It seems like my modem has been unistalled.
A was also not able to reboot windows into safe mode with the F8 key on startup, but had to go through "Run", "msconfig" and so on.

I've read on a lot of forums and have tried several ways to get rid of this *%&! I've downloaded Hijackthis, Combofix, Smitfraudfix, AVG, Spysweeper, Spywaredoctor etc. Spywaredoctor actually finds something but I have to upgrade to the full version for them to remove it, which I can't since I can't connect to the internet.
I haven't had any of the symtoms that are usually described for Spysheriff, my desktop background still stays the same and I don't get any pop-ups.


I would be extremely grateful if anyone would have the time to take a look at my files to see what is wrong.

Here's the hijackthis log;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:21, on 2007-12-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Gigaset DECT\gigaset-m34-usb\dlrblckr.exe
C:\Program Files\Gigaset DECT\gigaset-m34-software\skypeclient.exe
C:\Program Files\Gigaset DECT\gigaset-m34-software\messengerservice.exe
C:\Program Files\Gigaset DECT\gigaset-m34-software\keymap.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Gigaset DECT\gigaset-m34-software\appsvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth-programvara\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\SoftwareDistribution\Download\208c1a8c52f47d7b2df4baa21f58d3da\update\update.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelper - {F3CFA533-7680-4943-A863-B8216390E847} - C:\WINDOWS\system32\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [dlrblckr.exe] "C:\Program Files\Gigaset DECT\gigaset-m34-usb\dlrblckr.exe"
O4 - HKLM\..\Run: [skypeclient.exe] "C:\Program Files\Gigaset DECT\gigaset-m34-software\skypeclient.exe"
O4 - HKLM\..\Run: [messengerservice.exe] "C:\Program Files\Gigaset DECT\gigaset-m34-software\messengerservice.exe"
O4 - HKLM\..\Run: [keymap.exe] "C:\Program Files\Gigaset DECT\gigaset-m34-software\keymap.exe"
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] "dslagent.exe" USB
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Regen] "C:\Program Files\OnSpec\All Users\Regen\Regen.exe" /STARTUP
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-73586283-1220945662-682003330-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-73586283-1220945662-682003330-1004\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" (User '?')
O4 - HKUS\S-1-5-21-73586283-1220945662-682003330-1004\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-73586283-1220945662-682003330-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-73586283-1220945662-682003330-1004\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-programvara\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-programvara\btsendto_ie.htm
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://chkr-web.ifol...loader_chkr.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6F1AF9D5-68BB-4A81-93F1-481CB8AB0D0B} (PhotocolorUploader Control) - http://web3.photocol...lorUploader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper-Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 13308 bytes



-------------------------------------------------------------------------------------------------------------
And here the combofix log;

ComboFix 07-12-09.1 - Jonas 2007-12-11 10:40:06.1 - NTFSx86
Running from: G:\ComboFix.exe
.
/wow section - STAGE 28

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\config\system~1\applic~1\install.dat
C:\WINDOWS\system32\G11F5.tmp.exe
C:\WINDOWS\system32\GA3DE.tmp.exe
C:\WINDOWS\system32\GA92.tmp.exe
C:\WINDOWS\system32\GBC87.tmp.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MSUPDATE
-------\msupdate


((((((((((((((((((((((((( Files Created from 2007-11-11 to 2007-12-11 )))))))))))))))))))))))))))))))
.

2007-12-11 11:05 . <DIR> C:\WINDOWS\LastGood.Tmp
2007-12-10 11:24 . 2007-12-10 11:24 16,384 --a------ C:\WINDOWS\windisk.dll
2007-12-07 17:45 . 2007-12-07 17:45 5,112 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-07 17:25 . 2007-12-07 17:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2007-12-07 17:00 . 2007-12-07 17:00 <DIR> d-------- C:\Program Files\Uniblue
2007-12-07 16:51 . 2007-12-07 16:51 28,929 --a------ C:\WINDOWS\trayicons.exe
2007-12-07 16:20 . 2007-12-07 16:20 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-12-07 16:20 . 2007-12-07 16:20 <DIR> d-------- C:\Documents and Settings\Jonas Gullstrand\Application Data\Webroot
2007-12-07 06:47 . 2007-12-07 06:47 <DIR> d-------- C:\Program Files\Webroot
2007-12-07 06:47 . 2007-12-07 06:47 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-12-07 06:47 . 2007-12-07 06:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-12-07 06:47 . 2007-12-07 06:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-12-07 06:47 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2007-12-07 06:47 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-12-07 06:47 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-12-07 06:47 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-12-07 06:47 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-12-07 06:42 . 2007-12-07 18:05 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-07 06:42 . 2007-12-07 06:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2007-12-07 06:42 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-07 06:42 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-07 06:42 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-07 06:42 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-06 21:42 . 2007-12-06 21:42 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-06 21:37 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-06 21:35 . 2007-12-06 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-06 21:34 . 2007-12-06 21:34 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-06 21:18 . 2007-12-06 21:18 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-12-06 12:46 . 2007-12-06 12:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-12-06 10:21 . 2007-12-06 10:21 <DIR> d-------- C:\Documents and Settings\Jonas Gullstrand\Application Data\Grisoft
2007-12-04 22:50 . 2007-12-04 22:50 <DIR> d-------- C:\Documents and Settings\Lisa\Application Data\Grisoft
2007-12-04 22:50 . 2007-12-04 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-04 22:50 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-04 10:19 . 2007-12-04 10:19 11,776 --a------ C:\WINDOWS\wsystmp_pia.exe
2007-12-03 22:44 . 2007-12-03 22:44 2,852 --a------ C:\WINDOWS\system32\AcroIEHelper.xml
2007-12-03 22:39 . 2007-12-03 22:39 528,896 --a------ C:\WINDOWS\system32\AcroIEHelper.dll
2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-25 16:32 . 2007-11-25 16:32 <DIR> d-------- C:\Documents and Settings\Lisa\Application Data\Canon
2007-11-12 12:45 . 2007-11-12 12:45 <DIR> d-------- C:\Documents and Settings\Jonas Gullstrand\Application Data\Apple Computer
2007-11-12 12:45 . 2007-12-11 11:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-12 12:45 . 2007-11-12 12:45 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-12 12:44 . 2007-11-12 12:44 <DIR> d-------- C:\Program Files\iTunes
2007-11-12 12:44 . 2007-11-12 12:44 <DIR> d-------- C:\Program Files\iPod
2007-11-12 12:43 . 2007-11-12 12:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-12 12:43 . 2007-11-12 12:44 <DIR> d-------- C:\Program Files\QuickTime
2007-11-12 12:43 . 2007-11-12 12:43 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-11-12 12:43 . 2007-11-12 12:43 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-12 12:43 . 2007-11-12 12:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-12 12:43 . 2007-11-12 12:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-12 12:43 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-07 16:23 --------- d-----w C:\Program Files\Google
2007-12-06 20:35 --------- d-----w C:\Program Files\Lavasoft
2007-12-06 10:29 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-06 10:29 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-06 10:29 123,952 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-06 10:29 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-06 10:29 --------- d-----w C:\Program Files\Symantec
2007-12-06 10:26 --------- d-----w C:\Program Files\Logitech
2007-12-04 21:49 --------- d-----w C:\Program Files\ewido anti-malware
2007-11-27 21:49 --------- d-----w C:\Documents and Settings\Lisa\Application Data\ZoomBrowser EX
2007-11-27 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-11-27 21:26 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-25 19:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-17 01:27 --------- d-----w C:\Documents and Settings\Jonas Gullstrand\Application Data\uTorrent
2007-11-13 21:34 --------- d-----w C:\Documents and Settings\Jonas Gullstrand\Application Data\Skype
2007-11-12 17:11 12,879,808 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-11-01 16:42 --------- d-----w C:\Documents and Settings\Jonas Gullstrand\Application Data\ZoomBrowser EX
2007-11-01 08:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-30 18:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-30 18:55 39,856 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-10-30 18:55 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-30 18:55 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-10-30 18:55 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-30 18:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-30 18:55 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-30 18:55 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-10-30 18:55 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-10-30 18:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-30 18:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2005-05-24 12:56 29,319,454 -c--a-w C:\Program Files\setpoint231sve.exe
2005-03-21 16:09 10,078,941 -c--a-w C:\Program Files\private tax 2004.exe
2005-02-13 13:49 6,670,952 -c--a-w C:\Program Files\zlsSetup_55_062_011.exe
2005-01-04 10:59 52,794,585 -c--a-w C:\Program Files\setpoint222sve.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3CFA533-7680-4943-A863-B8216390E847}]
2007-12-03 22:39 528896 --a------ C:\WINDOWS\system32\AcroIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-21 18:22]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-04-13 10:25]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 19:54 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 21:10]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-02 08:34 C:\WINDOWS\KHALMNPR.Exe]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2005-07-19 09:05]
"PCMService"="C:\Program Files\Logitech\MediaLife\MediaLifeService.exe" [2004-09-09 19:58]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2005-07-19 09:05]
"dlrblckr.exe"="C:\Program Files\Gigaset DECT\gigaset-m34-usb\dlrblckr.exe" [2005-08-18 07:33]
"skypeclient.exe"="C:\Program Files\Gigaset DECT\gigaset-m34-software\skypeclient.exe" [2005-08-18 07:51]
"messengerservice.exe"="C:\Program Files\Gigaset DECT\gigaset-m34-software\messengerservice.exe" [2005-08-18 07:48]
"keymap.exe"="C:\Program Files\Gigaset DECT\gigaset-m34-software\keymap.exe" [2005-08-18 07:37]
"GSICONEXE"="GSICON.EXE" [2001-10-04 10:04 C:\WINDOWS\system32\gsicon.exe]
"DSLAGENTEXE"="dslagent.exe" [2001-10-02 02:42 C:\WINDOWS\system32\dslagent.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 18:22]
"Regen"="C:\Program Files\OnSpec\All Users\Regen\Regen.exe" []
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-18 19:57:32]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth-programvara\BTTray.exe [2004-10-28 17:36:32]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-21 18:22:10]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2005-07-05 16:15:53]
Personal.lnk - C:\Program Files\Personal\bin\Personal.exe [2004-11-27 12:46:14]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-11-16 11:07:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTServ]
C:\Program Files\Common Files\Logitech\Bluetooth\lbtserv.dll 2004-12-02 08:34 1404928 C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e38a98ad-de01-11db-949c-00a0c5300101}]
\Shell\AutoRun\command - G:\OnSpcLCK.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-24 17:11:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-17 00:53:38 C:\WINDOWS\Tasks\Norton AntiVirus - Vollständige Systemprüfung ausführen - Jonas Gullstrand.job"
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-11 11:09:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-11 11:13:17 - machine was rebooted
.
--- E O F ---
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP