Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My Sys Vol Info & Other on my ex's storage device, [CLOSED]

Started by inksy , May 18 2008 02:46 AM

  • This topic is locked This topic is locked

#16
Stamper19
Posted 23 May 2008 - 10:33 AM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi inksy,

To answer your question, your machine is not that heavily infected.

----------------------------------------------------------------

We are going to use ComboFix to delete some things.

  • Copy the entire contents of the Code Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
File::
C:\WINDOWS\rproxy32.exe
C:\WINDOWS\xpsm.exe
C:\WINDOWS\slog.dll
C:\WINDOWS\system32\muzika.xm
C:\WINDOWS\system32\ccRSpool\ccSvcHst.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccNortApp"=-

Posted Image

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

----------------------------------------------------------------

Please update Java.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 5 and save it to your desktop.
  • Scroll down to where it says "JJava Runtime Environment (JRE) 6 Update 5...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u5-windows-i586-p.exe to install the newest version.

----------------------------------------------------------------

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

----------------------------------------------------------------

Information to include in your next post:
  • Combofix Log
  • Kapersky Scan Log

  • 0

Advertisements

#17
inksy
Posted 23 May 2008 - 01:49 PM

inksy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:49:10 AM, on 24/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lil L\Desktop\procexp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=5061129
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://au.rd.yahoo.c...earch.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccNortApp] C:\WINDOWS\system32\ccRSpool\ccSvcHst.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - ?p=ZNxmk134YYAU
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?5ae9b11a20934ba3bf15bfb6efbe9646
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?5ae9b11a20934ba3bf15bfb6efbe9646
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab57176.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll,
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe

--
End of file - 12891 bytes
  • 0

#18
Stamper19
Posted 23 May 2008 - 02:10 PM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi inksy,

I asked for the ComboFix and Kapersky Logs - not the HiJack This Log :)
  • 0

#19
inksy
Posted 23 May 2008 - 08:58 PM

inksy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
These scans took so long to complete but hopefully this is what you were after :)
Thankyou


ComboFix 08-05-21.3 - Lil L 2008-05-24 9:17:24.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.406 [GMT 10:00]
Running from: C:\Documents and Settings\Lil L\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lil L\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\rproxy32.exe
C:\WINDOWS\slog.dll
C:\WINDOWS\system32\ccRSpool\ccSvcHst.exe
C:\WINDOWS\system32\muzika.xm
C:\WINDOWS\xpsm.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\rproxy32.exe
C:\WINDOWS\slog.dll
C:\WINDOWS\system32\muzika.xm
C:\WINDOWS\xpsm.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))
.

2008-05-24 08:07 . 2008-05-24 09:16 <DIR> d-------- C:\Documents and Settings\Lil L\.SunDownloadManager
2008-05-24 01:42 . 2008-05-24 01:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-24 01:42 . 2008-05-24 01:42 <DIR> d-------- C:\Documents and Settings\Lil L\Application Data\Malwarebytes
2008-05-24 01:42 . 2008-05-24 01:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-24 01:42 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-24 01:42 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-23 23:11 . 2008-05-23 23:11 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-23 23:04 . 2008-05-23 23:34 <DIR> d-------- C:\SDFix
2008-05-23 22:01 . 2008-05-23 22:01 <DIR> d-------- C:\Deckard
2008-05-23 18:58 . 2008-05-23 19:06 <DIR> d-------- C:\MSNCleaner
2008-05-21 22:37 . 2007-12-07 12:21 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-21 22:37 . 2007-04-17 19:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-21 22:37 . 2007-03-08 15:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-21 22:37 . 2007-12-07 12:21 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-21 22:37 . 2007-12-07 12:21 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-21 22:37 . 2007-12-07 12:21 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-21 22:37 . 2007-12-07 12:21 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-21 22:37 . 2007-12-07 12:21 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-21 22:37 . 2007-12-06 21:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-21 22:31 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2008-05-21 22:16 . 2008-05-21 22:38 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-05-20 04:12 . 2008-05-20 04:12 135,168 --a------ C:\WINDOWS\msmgr.exe
2008-05-19 23:59 . 2008-05-23 23:55 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-19 23:26 . 2008-05-19 23:26 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-19 23:26 . 2008-05-19 23:26 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-19 23:26 . 2008-05-19 23:26 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-19 23:26 . 2008-05-19 23:26 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-19 23:25 . 2008-05-24 05:41 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-19 23:25 . 2008-05-19 23:25 <DIR> d-------- C:\Program Files\AVG
2008-05-19 23:25 . 2008-05-23 19:15 <DIR> d-------- C:\Documents and Settings\Lil L\Application Data\AVGTOOLBAR
2008-05-19 23:25 . 2008-05-19 23:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-19 23:25 . 2008-05-19 23:25 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-05-19 23:25 . 2008-05-19 23:25 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-05-19 21:25 . 2008-05-19 21:25 <DIR> d-------- C:\Program Files\Innovative Solutions
2008-05-19 19:26 . 2008-05-19 19:46 <DIR> d-------- C:\WINDOWS\ScreenShots
2008-05-19 19:06 . 2008-05-19 19:06 4,288 --a------ C:\WINDOWS\wanzip.ico
2008-05-19 19:06 . 2008-05-19 19:06 2,240 --a------ C:\WINDOWS\wapg.ico
2008-05-19 19:06 . 2008-05-19 19:06 2,240 --a------ C:\WINDOWS\wailes.ico
2008-05-19 18:29 . 2008-05-19 19:44 <DIR> d-------- C:\WINDOWS\msndebug
2008-05-19 18:29 . 2008-05-19 17:58 36,864 --a------ C:\WINDOWS\ompx.exe
2008-05-19 15:26 . 2008-05-19 19:06 2,240 --a------ C:\WINDOWS\2wapg.ico
2008-05-19 15:26 . 2008-05-19 19:06 2,240 --a------ C:\WINDOWS\2wanzip.ico
2008-05-19 15:25 . 2008-05-19 20:06 <DIR> d-------- C:\Program Files\Accessories
2008-05-19 00:38 . 2008-05-19 00:38 <DIR> d-------- C:\Documents and Settings\Lil L\Application Data\Grisoft
2008-05-19 00:38 . 2007-05-30 22:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-19 00:20 . 2008-05-19 00:23 <DIR> d-------- C:\Program Files\Privacy Guardian
2008-05-19 00:20 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-05-18 22:26 . 2008-05-18 22:27 <DIR> d-------- C:\Program Files\Panda Security
2008-05-18 18:57 . 2008-05-18 19:06 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-18 15:51 . 2008-05-18 15:51 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-18 15:51 . 2008-05-18 15:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-18 15:14 . 2008-05-18 15:14 <DIR> d-------- C:\Documents and Settings\Lil L\IGC
2008-05-18 14:14 . 2008-05-18 14:14 <DIR> d-------- C:\Program Files\IGC
2008-05-18 12:09 . 2008-05-18 12:09 <DIR> d-------- C:\Program Files\OTS Software
2008-05-18 11:45 . 2008-05-18 11:45 <DIR> d-------- C:\Program Files\Dopewars
2008-05-18 11:28 . 1997-09-23 14:01 17,410,851 --a------ C:\WINDOWS\SHARE.SHR
2008-05-18 11:28 . 1997-02-27 15:13 19,431 --a------ C:\WINDOWS\MONO320.PCX
2008-05-18 11:15 . 2008-05-18 11:15 0 --a------ C:\WINDOWS\BABY_FRG.SLD
2008-05-16 23:53 . 2008-05-17 00:03 <DIR> d-------- C:\Program Files\Diji Album
2008-05-11 20:12 . 2008-05-11 20:12 <DIR> d-------- C:\!KillBox
2008-05-11 15:22 . 2008-05-11 15:22 <DIR> d-------- C:\Program Files\ID Security Suite
2008-05-10 20:32 . 2008-05-10 20:32 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-05-10 20:14 . 2008-05-10 20:14 <DIR> d-------- C:\Documents and Settings\Lil L\Application Data\Yahoo!
2008-05-10 01:20 . 2008-05-10 01:20 <DIR> d-------- C:\Program Files\EyetoyOnComputer Project
2008-05-04 00:17 . 2008-05-04 00:17 <DIR> d-------- C:\Program Files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 11:25 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-19 16:54 180,224 ---ha-w C:\WINDOWS\hpreg.dll
2008-05-19 13:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-19 13:22 --------- d-----w C:\Documents and Settings\Lil L\Application Data\uTorrent
2008-05-19 04:09 --------- d-----w C:\Program Files\Modem Helper
2008-05-18 04:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 11:34 --------- d-----w C:\Program Files\mIRC
2008-05-15 10:07 --------- d-----w C:\Documents and Settings\Lil L\Application Data\Image Zone Express
2008-05-10 10:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-07 15:39 --------- d-----w C:\Program Files\PartyGaming
2008-05-03 18:55 50,968 ----a-w C:\Documents and Settings\Lil L\Application Data\GDIPFONTCACHEV1.DAT
2008-04-15 19:43 78,848 ----a-w C:\WINDOWS\system32\svers.dll
2008-04-13 03:04 --------- d-----w C:\Program Files\MSN Messenger
2008-04-07 13:30 --------- d-----w C:\Program Files\Windows Live
2008-04-06 15:18 --------- d-----w C:\Program Files\MessengerDiscovery
2008-04-06 12:46 --------- d-----w C:\Program Files\McAfee.com
2008-04-06 12:46 --------- d-----w C:\Program Files\McAfee
2008-04-06 12:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-05 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-05 16:04 --------- d-----w C:\Program Files\Google
2008-04-05 11:18 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-04-05 11:13 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-02 01:27 --------- d-----w C:\Program Files\VirtualDJ
2008-03-27 09:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2007-09-02 05:00 24,192 ----a-w C:\Documents and Settings\Lil L\usbsermptxp.sys
2007-09-02 05:00 22,768 ----a-w C:\Documents and Settings\Lil L\usbsermpt.sys
2007-09-02 04:48 92,064 ----a-w C:\Documents and Settings\Lil L\mqdmmdm.sys
2007-09-02 04:48 9,232 ----a-w C:\Documents and Settings\Lil L\mqdmmdfl.sys
2007-09-02 04:48 79,328 ----a-w C:\Documents and Settings\Lil L\mqdmserd.sys
2007-09-02 04:48 66,656 ----a-w C:\Documents and Settings\Lil L\mqdmbus.sys
2007-09-02 04:48 6,208 ----a-w C:\Documents and Settings\Lil L\mqdmcmnt.sys
2007-09-02 04:48 5,936 ----a-w C:\Documents and Settings\Lil L\mqdmwhnt.sys
2007-09-02 04:48 4,048 ----a-w C:\Documents and Settings\Lil L\mqdmcr.sys
2007-07-29 05:17 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-01-18 13:53 126 ----a-w C:\Documents and Settings\Lil L\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-05-24_ 0.11.36.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-23 13:20:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-23 20:57:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 10:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-19 23:25 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-19 23:25 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-19 23:25 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 10:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04 139264]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-15 11:03 1831936]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 19:20 282624 C:\WINDOWS\stsystra.exe]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-07-22 01:47 81920]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50 221184]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:00 208952]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-07-22 01:48 98304]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 09:15 151552]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-22 01:50 86016]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 05:12 94208]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 07:20 122940]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 14:07 49263]
"SnoopFreeUI"="SnoopFreeUI.exe" [2007-07-08 00:14 221184 C:\WINDOWS\SnoopFreeUI.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 19:25 6731312]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-19 23:25 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 23:01:50 734872]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-11-29 14:01:23 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22 288472]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 21:56:14 282624]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 13:12:08 16423]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^Lil L^Start Menu^Programs^Startup^Tycoon City_ New York Registration.lnk]
backup=C:\WINDOWS\pss\Tycoon City_ New York Registration.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\MSN BackUp\\MSNBackup.exe"=
"C:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\msndebug\\lsass.exe"=
"C:\\WINDOWS\\msndebug\\cmss.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-19 23:26]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-19 23:26]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-19 23:25]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-19 23:25]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-05-19 23:25]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-19 23:26]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-19 23:25]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-19 23:25]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
S3 NPF;WinPcap Packet Driver (NPF);C:\WINDOWS\system32\drivers\NPF.sys [2007-01-26 03:31]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc05b2bb-1c4b-11dd-93ef-001676d9ef7e}]
\Shell\1\Command - E:\.\readme.txt.exe
\Shell\2\Command - E:\.\readme.txt.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\readme.txt.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-23 22:28:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-17 04:36:02 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-05-23 21:00:27 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 09:19:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-24 9:20:34
ComboFix-quarantined-files.txt 2008-05-23 23:20:03
ComboFix2.txt 2008-05-23 21:08:17
ComboFix3.txt 2008-05-23 14:12:55

Pre-Run: 26,205,839,360 bytes free
Post-Run: 26,192,121,856 bytes free

262 --- E O F --- 2008-05-21 12:38:36



Saturday, May 24, 2008 12:55:15 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/05/2008
Kaspersky Anti-Virus database records: 799423
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
F:\
Scan Statistics
Total number of scanned objects 122658
Number of viruses found 14
Number of infected objects 24
Number of suspicious objects 0
Duration of the scan process 02:27:53

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg8\AvgAm\avgam.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\emc\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgam.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgns.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsrm.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\commonpriv.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\commonpub.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-06192007-131539.log Object is locked skipped
C:\Documents and Settings\Lil L\Application Data\Mozilla\Firefox\Profiles\rjwvav6k.default\cert8.db Object is locked skipped
C:\Documents and Settings\Lil L\Application Data\Mozilla\Firefox\Profiles\rjwvav6k.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Lil L\Application Data\Mozilla\Firefox\Profiles\rjwvav6k.default\history.dat Object is locked skipped
C:\Documents and Settings\Lil L\Application Data\Mozilla\Firefox\Profiles\rjwvav6k.default\key3.db Object is locked skipped
C:\Documents and Settings\Lil L\Application Data\Mozilla\Firefox\Profiles\rjwvav6k.default\parent.lock Object is locked skipped
C:\Documents and Settings\Lil L\Application Data\Mozilla\Firefox\Profiles\rjwvav6k.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Lil L\Application Data\Mozilla\Firefox\Profiles\rjwvav6k.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Lil L\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Lil L\Desktop\DESKTOP\Desktop Download Crap\mirc621.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Documents and Settings\Lil L\Desktop\DESKTOP\Desktop Download Crap\mirc621.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Documents and Settings\Lil L\Desktop\DESKTOP\Desktop Download Crap\mirc621.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Lil L\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\Application Data\Ahead\Nero Home\is2.db-journal Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_C440_4630_4046_298E\dfsr.db Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_C440_4630_4046_298E\fsr.log Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_C440_4630_4046_298E\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_C440_4630_4046_298E\tmp.edb Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/05 Dec 2006 07:56 from jerry:test/data.txt.cmd Infected: Email-Worm.Win32.Warezov.fb skipped
C:\Documents and Settings\Lil L\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst MailMSMaill: infected - 1 skipped
C:\Documents and Settings\Lil L\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\Application Data\Mozilla\Firefox\Profiles\rjwvav6k.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\Application Data\Mozilla\Firefox\Profiles\rjwvav6k.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\Application Data\Mozilla\Firefox\Profiles\rjwvav6k.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\Application Data\Mozilla\Firefox\Profiles\rjwvav6k.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\History\History.IE5\MSHist012008052420080525\index.dat Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\Temp\~DF5AE8.tmp Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\Temp\~DF5B5D.tmp Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\Temp\~DF6F52.tmp Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\Temp\~DF6F63.tmp Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Lil L\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lil L\My Documents\My Received Files\MsnMsgr.txt Object is locked skipped
C:\Documents and Settings\Lil L\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Lil L\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Lil L\Shared\Rare Recording.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\Documents and Settings\Lil L\Shared\the bump and grind.wm Infected: Trojan-Downloader.WMA.Wimad.m skipped
C:\Documents and Settings\Lil L\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\MSNCleaner\BackUpMSNCleaner\msn.exe.vir Infected: Trojan-Spy.Win32.WinSpy.me skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000066.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\LimeWire\.NetworkShare\(full version) dancelife theme song 19.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP426\A0058613.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP431\A0058809.exe/WISE0060.BIN Infected: not-a-virus:AdWare.Win32.Gator.3013 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP431\A0058809.exe WiseSFX: infected - 1 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP431\A0058813.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP433\A0058875.exe Infected: Trojan-Spy.Win32.WinSpy.ql skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP433\A0058883.dll Infected: not-a-virus:Monitor.Win32.WinSpy.bj skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP433\A0058884.dll Infected: not-a-virus:Monitor.Win32.WinSpy.bj skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0061535.exe Infected: Trojan-Spy.Win32.WinSpy.me skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP442\A0061544.exe Infected: Trojan-Spy.Win32.WinSpy.ql skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP444\A0061669.dll Infected: not-a-virus:Monitor.Win32.WinSpy.bj skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP445\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\msndebug\lsass.exe Infected: Trojan-Proxy.Win32.VB.az skipped
C:\WINDOWS\ompx.exe Infected: Trojan-Spy.Win32.WinSpy.qr skipped
C:\WINDOWS\pfirewall.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\SnopFree.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd0749.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\svers.dll Infected: not-a-virus:Monitor.Win32.WinSpy.bj skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
  • 0

#20
Stamper19
Posted 24 May 2008 - 06:51 AM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi inksy,

Getting close :)

Lets delete some ill mannered files.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\Lil L\Shared\Rare Recording.wma
C:\Documents and Settings\Lil L\Shared\the bump and grind.wm
C:\Program Files\LimeWire\.NetworkShare\(full version) dancelife theme song 19.wma
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
C:\Program Files\MSN Messenger\riched20.dll
C:\WINDOWS\msndebug\lsass.exe
C:\WINDOWS\ompx.exe
C:\WINDOWS\system32\svers.dll
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Also let me know how the computer is running.
  • 0

#21
inksy
Posted 24 May 2008 - 07:07 PM

inksy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
C:\Documents and Settings\Lil L\Shared\Rare Recording.wma moved successfully.
C:\Documents and Settings\Lil L\Shared\the bump and grind.wm moved successfully.
C:\Program Files\LimeWire\.NetworkShare\(full version) dancelife theme song 19.wma moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll NOT unregistered.
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\MSN Messenger\riched20.dll
C:\Program Files\MSN Messenger\riched20.dll NOT unregistered.
C:\Program Files\MSN Messenger\riched20.dll moved successfully.
C:\WINDOWS\msndebug\lsass.exe moved successfully.
C:\WINDOWS\ompx.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\svers.dll
C:\WINDOWS\system32\svers.dll NOT unregistered.
C:\WINDOWS\system32\svers.dll moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05252008_110443



Thankyou :)

Is that msn file a spy file? I hate to think that msn messages are being read- although i get the feeling everything is.

I have an idea of the date my ex put his crap on my computer and there is a whole heap of adobe programs. he works with autocad (not sure if that means anything) but adobe seems to have taken over.
  • 0

#22
Stamper19
Posted 25 May 2008 - 08:41 AM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi inksy,

Is that msn file a spy file? I hate to think that msn messages are being read- although i get the feeling everything is.

Nope - just a file related to some rather common adware. Nothing particularly devious about it.

I have an idea of the date my ex put his crap on my computer and there is a whole heap of adobe programs. he works with autocad (not sure if that means anything) but adobe seems to have taken over.

I did notice a whole bunch of adobe programs, but those are legitimate applications. If you dont want them then you can feel free to remove them through Add/Remove programs.

Your logs are actually clean at this point. How is the computer running?
  • 0

#23
inksy
Posted 25 May 2008 - 01:39 PM

inksy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
It's not running any differently than before we started cleaning it out.

It runs nothing like what it used to but that happens I guess. I'm really tempted to reload the whole thing- just a bit scared cos I'm not sure if I know how.

I get worried about files that don't get picked up by anti virus scans- I have been searching through all files and connected files to processes lately and found things like webcam captures and so forth.

I even found a file called signons2 which opened in notepad and listed all sites I visit and user name and passwords....

I wish there was a way I could read my processes and applications and connections and understand them.


Your help has been brilliant. :) Thankyou.

How can I be sure my screens and keystrokes are not being captured?
  • 0

#24
Stamper19
Posted 25 May 2008 - 02:51 PM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi inksy,

I even found a file called signons2 which opened in notepad and listed all sites I visit and user name and passwords....

Thats not a malware file. It is a file created by Mozilla Firefox that stores user names and passwords - nothing to worry about there.

I wish there was a way I could read my processes and applications and connections and understand them.

Thats what I am here for :)

Your help has been brilliant. Thankyou.

You are very welcome :)

How can I be sure my screens and keystrokes are not being captured?

As I said before, your logs are all clean at this point. Anything that was there that might have been doing any sort of trojan process has been removed. That said, since you are still a bit uneasy, lets run one last scan and see if it picks anything up.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0

#25
Stamper19
Posted 11 June 2008 - 06:26 AM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP