Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Yahoo Re-direct / Scan keeps finding Troj/JSRedirect-O


  • Please log in to reply

#31
ascollick

ascollick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Jimmy,

I am unsure ; it is any page of my website and that pops up ? It seems strange that it is happening on my own website ??

Thanks ! Amber
  • 0

Advertisements


#32
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello ascollick,

I would not worry about that then, as long as you checked everything on your website and it was fine. I think it is just giving you a false positive.
  • 0

#33
ascollick

ascollick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hey Jimmy,

Is there anything else I should do ? My computer is running terribly slow and still acting strange.

For instance ; I tried to defragment and it would not let me ( it said check disc scheduled to run ) I did ran the check disc and it still wont let me analyze or defrag.

Sometimes when I try to close a browser window ; it says operation can not be performed locked by system ( even if I control alt delete )

Also when I open IE ..it says it was closed abruptly and do I want to return to last page etc ( even when it was shut down properly )

I have never had any of these messages before ? and it is soooooooo slow :)

?? Amber
  • 0

#34
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello ascollick,
Please run the following program.


We will now do a deep search of your processes and files

Download avz4.zip from here
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again


  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Investigation" check box.
  • Click on the “Execute selected scripts”.
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.

When restarted

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Investigation" check box.
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both zip files to your next post

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#35
ascollick

ascollick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hey Jimmy :)

Thanks again so much for your help ! Here are the two logs ; Amber


Attached File  virusinfo_syscheck.htm   246.46KB   198 downloadsAttached File  virusinfo_syscure.xml   90.32KB   261 downloads
  • 0

#36
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello ascollick,

Could you please upload both of the .zip files.
  • 0

#37
ascollick

ascollick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Attached File  virusinfo_syscure.zip   48.99KB   132 downloadsAttached File  virusinfo_syscheck.zip   49.21KB   134 downloads

Hi Jimmy,

Sorry about that ! Thanks ! Amber

Edited by ascollick, 04 May 2009 - 07:02 PM.

  • 0

#38
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello ascollick,
Those logs look clean, please see if the following can help find anything.



Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.

Please post the log from Dr.Web Cureit in your next reply.
  • 0

#39
ascollick

ascollick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hey Jimmy,

I have tried several times to run this program and I can not get it to do what you are asking ; I never have any options for drives etc. It will run a short scan ( it detects one file ) but says incurable and it locks up.

Is there another one I can try ?

I am getting re-directed again :)

Thanks ! Amber
  • 0

#40
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello ascollick,

Please delete ComboFix.exe and please re-download it by doing the following.




Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

  • 0

Advertisements


#41
ascollick

ascollick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Jimmy :)

Here is the log ; I had to run it twice ; the first time right before the log was created the computer froze up ; hope that is ok.

THanks !

ComboFix 09-05-11.08 - Amber Scollick 05/12/2009 11:57.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.105 [GMT -5:00]
Running from: c:\documents and settings\Amber Scollick\Desktop\Combo-Fix.exe
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated)
FW: Webroot AntiVirus with AntiSpyware *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\mly.tbp

.
((((((((((((((((((((((((( Files Created from 2009-04-12 to 2009-05-12 )))))))))))))))))))))))))))))))
.

2009-05-09 16:28 . 2009-05-09 16:28 -------- d-----w c:\documents and settings\Amber Scollick\DoctorWeb
2009-05-03 16:06 . 2009-05-03 16:06 -------- d-----w c:\documents and settings\Amber Scollick\Local Settings\Application Data\Dell
2009-05-03 16:04 . 2009-05-03 16:04 -------- d-----w c:\documents and settings\Amber Scollick\Local Settings\Application Data\SupportSoft
2009-05-03 16:04 . 2009-05-03 16:04 -------- d-----w c:\program files\PCCheckupOnline
2009-05-03 15:57 . 2009-05-03 15:58 -------- d-----w c:\temp\_vti_cnf
2009-05-02 02:08 . 2009-05-02 08:25 -------- d-----w c:\documents and settings\All Users\Application Data\SITEguard
2009-05-02 02:07 . 2009-05-02 02:07 -------- d-----w c:\program files\Common Files\iS3
2009-05-02 02:07 . 2009-05-02 14:09 -------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!
2009-05-01 04:37 . 2009-05-01 04:37 -------- d-sh--w c:\documents and settings\Amber Scollick\IECompatCache
2009-04-24 21:56 . 2009-04-24 21:53 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-24 03:44 . 2009-04-24 03:44 -------- d-----w C:\_OTListIt
2009-04-21 19:24 . 2009-04-21 19:24 -------- d-----w c:\program files\Alwil Software
2009-04-20 15:43 . 2009-04-20 15:43 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-04-20 04:55 . 2009-04-20 04:55 -------- d-----w c:\program files\Common Files\Scanner
2009-04-20 04:55 . 2009-05-01 14:16 -------- d-----w c:\program files\CA Yahoo! Anti-Spy
2009-04-20 04:52 . 2009-04-20 04:52 -------- d-sh--w c:\documents and settings\Amber Scollick\PrivacIE
2009-04-20 04:46 . 2009-04-20 04:46 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-20 04:44 . 2009-04-20 04:44 -------- d-sh--w c:\documents and settings\Amber Scollick\IETldCache
2009-04-20 04:30 . 2009-05-03 15:44 -------- d-----w C:\Rooter$
2009-04-20 04:03 . 2009-04-20 04:03 -------- d-----w c:\windows\ie8updates
2009-04-20 03:59 . 2009-04-20 04:24 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-20 03:45 . 2009-04-20 03:57 -------- dc-h--w c:\windows\ie8
2009-04-20 03:42 . 2009-04-20 04:04 -------- d--h--w c:\windows\msdownld.tmp
2009-04-20 03:32 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll
2009-04-20 01:30 . 2009-04-20 01:30 -------- d-----w c:\documents and settings\Amber Scollick\Application Data\Malwarebytes
2009-04-20 01:30 . 2009-04-20 01:30 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-18 03:57 . 2009-04-18 03:57 9924040 ----a-w C:\windowsremoval.exe
2009-04-17 14:57 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-17 14:57 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-17 14:57 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 14:57 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-17 14:57 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 14:57 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 14:57 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 14:57 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 14:57 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 14:57 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 14:56 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-14 14:07 . 2009-04-06 18:32 1563008 ----a-w c:\windows\WRSetup.dll
2009-04-14 14:07 . 2009-04-14 14:07 -------- d-----w c:\documents and settings\Amber Scollick\Application Data\Webroot
2009-04-14 14:07 . 2009-04-14 14:18 -------- d-----w c:\documents and settings\All Users\Application Data\Webroot
2009-04-14 14:07 . 2009-04-14 14:07 -------- d-----w c:\program files\Webroot
2009-04-14 14:03 . 2009-04-14 14:03 164 ----a-w c:\windows\install.dat
2009-04-13 02:41 . 2009-04-13 02:43 -------- d-----w c:\program files\ATT-SST

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 16:05 . 2005-08-25 05:53 -------- d-----w c:\program files\Dell
2009-05-03 02:58 . 2006-01-08 01:57 -------- d-----w c:\program files\Print Workshop 2006
2009-05-01 16:17 . 2007-04-05 17:34 -------- d-----w c:\program files\Free Offers from Freeze.com
2009-04-24 21:52 . 2005-08-25 06:08 -------- d-----w c:\program files\Java
2009-04-20 03:59 . 2005-11-03 18:22 -------- d-----w c:\program files\Yahoo!
2009-04-13 02:43 . 2005-11-03 18:33 -------- d-----w c:\program files\Common Files\Motive
2009-04-13 02:42 . 2005-11-03 18:32 -------- d-----w c:\program files\SBC Self Support Tool
2009-04-02 19:30 . 2009-04-02 19:30 176752 ----a-w c:\windows\system32\drivers\ssidrv.sys
2009-04-02 19:30 . 2009-04-02 19:30 23152 ----a-w c:\windows\system32\drivers\sshrmd.sys
2009-04-02 19:30 . 2009-04-02 19:30 29808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys
2009-03-23 03:58 . 2009-03-23 03:58 531270 ----a-w C:\flower-pink-fresh.zip
2009-03-23 03:52 . 2009-03-23 03:52 22 ----a-w C:\pink.zip
2009-03-08 09:34 . 2004-08-10 17:51 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 09:34 . 2004-08-10 17:51 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 09:33 . 2004-08-10 17:50 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 09:33 . 2004-08-10 17:51 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 09:32 . 2004-08-10 17:50 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2004-08-10 17:51 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 09:31 . 2004-08-10 17:51 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2004-08-10 17:51 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2004-08-10 17:51 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 09:22 . 2004-08-10 17:51 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-01-15 22:50 . 2005-09-02 14:34 56 --sh--r c:\windows\system32\A5B7C537E9.sys
2009-01-15 22:50 . 2005-09-02 14:34 2516 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-04-06 18:26 238968 ----a-w c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-02-29 4670704]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-08-25 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-08-25 98304]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 221184]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-08-20 483328]
"YBrowser"="c:\program files\Yahoo!\browser\ybrwicon.exe" [2003-07-11 57344]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"Lexmark 4200 Series"="c:\program files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 57344]
"FaxCenterServer4_in_1"="c:\program files\Lexmark 4200 Series\Fax\fm3032.exe" [2004-01-22 151552]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2008-09-19 1529856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-24 148888]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-04-06 6345840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\Amber Scollick\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-11-27 368640]
PictureProject In Touch.lnk - c:\program files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe [2005-3-21 8384512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-1-15 118784]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/2/2009 2:30 PM 29808]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [4/14/2009 9:08 AM 1181040]
R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [11/9/2008 3:48 PM 602392]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-04-14 c:\windows\Tasks\HP DArC Task 2003-08-20 09:23ewlett-Packard76002003-08-20 19:57Y39S331J7K3.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-08-20 19:57]

2009-05-12 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-08-25 17:24]

2009-05-09 c:\windows\Tasks\wrSpySweeper_LA52014E956244F98ACB8DEB6167137AF.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-04-14 18:32]

2009-05-09 c:\windows\Tasks\wrSpySweeper_LA52014E956244F98ACB8DEB6167137AF.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-04-14 18:32]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: steelers.com\www
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-12 12:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3756)
c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-05-12 12:05
ComboFix-quarantined-files.txt 2009-05-12 17:04
ComboFix2.txt 2009-04-25 16:26

Pre-Run: 50,863,415,296 bytes free
Post-Run: 50,851,311,616 bytes free

225 --- E O F --- 2009-04-30 08:03
  • 0

#42
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello ascollick,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\program files\Free Offers from Freeze.com

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt. Please post the following report into your next reply:
  • Combofix.txt .

  • 0

#43
ascollick

ascollick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Jimmy;

Thanks again soooo much ; here goes.

1 ) I had to re-save Combofix ( it was gone )
2) I proceeded with your instructions
3) Combo ran ; and it showed where it was deleting those files etc
( then it started acting super strange )
4) While Combo was running ; a message popped up "Windows cannot find" C:\documents\amber scollick\local settings ; File is Corupt and Unreadable ; please run chkdsk ( this message popped up real fast and then went away )
5) The computer re-started
6) Combo was still running ( then all the other programs that normally start when I turn on the computer turned on ) I shut them all off ; and waited for Combo to create the log ( it never did )
7) An other error message popped up ; that stated " Windows cannot find file HideC.exe ; please run chkdsk
7) I re-ran Combo by saving the CFS text again and dragging it over
8) It re-ran and here are the results ;

ComboFix 09-05-14.03 - Amber Scollick 05/14/2009 21:20.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.184 [GMT -5:00]
Running from: c:\documents and settings\Amber Scollick\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Amber Scollick\Desktop\CFScript.txt
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Webroot AntiVirus with AntiSpyware *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\Free Offers from Freeze.com
c:\program files\Free Offers from Freeze.com\101_Free_Songs.ico
c:\program files\Free Offers from Freeze.com\3735.url
c:\program files\Free Offers from Freeze.com\3763.url
c:\program files\Free Offers from Freeze.com\3764.url
c:\program files\Free Offers from Freeze.com\3767.url
c:\program files\Free Offers from Freeze.com\3769.url
c:\program files\Free Offers from Freeze.com\control.txt
c:\program files\Free Offers from Freeze.com\FREE_Games.ico
c:\program files\Free Offers from Freeze.com\graflatscreen.ico
c:\program files\Free Offers from Freeze.com\Ringtones.ico
c:\windows\lkheyed.fic

.
((((((((((((((((((((((((( Files Created from 2009-04-15 to 2009-05-15 )))))))))))))))))))))))))))))))
.

2009-05-15 02:15 . 2009-05-15 02:16 -------- d-----w C:\32788R22FWJFW.0.tmp
2009-05-12 16:56 . 2009-05-15 01:43 -------- d-----w C:\Combo-Fix
2009-05-09 16:28 . 2009-05-09 16:28 -------- d-----w c:\documents and settings\Amber Scollick\DoctorWeb
2009-05-03 16:06 . 2009-05-03 16:06 -------- d-----w c:\documents and settings\Amber Scollick\Local Settings\Application Data\Dell
2009-05-03 16:04 . 2009-05-03 16:04 -------- d-----w c:\documents and settings\Amber Scollick\Local Settings\Application Data\SupportSoft
2009-05-03 16:04 . 2009-05-03 16:04 -------- d-----w c:\program files\PCCheckupOnline
2009-05-03 15:57 . 2009-05-03 15:58 -------- d-----w c:\temp\_vti_cnf
2009-05-02 02:08 . 2009-05-02 08:25 -------- d-----w c:\documents and settings\All Users\Application Data\SITEguard
2009-05-02 02:07 . 2009-05-02 02:07 -------- d-----w c:\program files\Common Files\iS3
2009-05-02 02:07 . 2009-05-02 14:09 -------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!
2009-05-01 04:37 . 2009-05-01 04:37 -------- d-sh--w c:\documents and settings\Amber Scollick\IECompatCache
2009-04-24 21:56 . 2009-04-24 21:53 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-24 03:44 . 2009-04-24 03:44 -------- d-----w C:\_OTListIt
2009-04-21 19:24 . 2009-04-21 19:24 -------- d-----w c:\program files\Alwil Software
2009-04-20 15:43 . 2009-04-20 15:43 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-04-20 04:55 . 2009-04-20 04:55 -------- d-----w c:\program files\Common Files\Scanner
2009-04-20 04:55 . 2009-05-01 14:16 -------- d-----w c:\program files\CA Yahoo! Anti-Spy
2009-04-20 04:52 . 2009-04-20 04:52 -------- d-sh--w c:\documents and settings\Amber Scollick\PrivacIE
2009-04-20 04:46 . 2009-04-20 04:46 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-20 04:44 . 2009-04-20 04:44 -------- d-sh--w c:\documents and settings\Amber Scollick\IETldCache
2009-04-20 04:30 . 2009-05-03 15:44 -------- d-----w C:\Rooter$
2009-04-20 04:03 . 2009-04-20 04:03 -------- d-----w c:\windows\ie8updates
2009-04-20 03:59 . 2009-04-20 04:24 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-20 03:45 . 2009-04-20 03:57 -------- dc-h--w c:\windows\ie8
2009-04-20 03:42 . 2009-04-20 04:04 -------- d--h--w c:\windows\msdownld.tmp
2009-04-20 03:32 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll
2009-04-20 01:30 . 2009-04-20 01:30 -------- d-----w c:\documents and settings\Amber Scollick\Application Data\Malwarebytes
2009-04-20 01:30 . 2009-04-20 01:30 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-18 03:57 . 2009-04-18 03:57 9924040 ----a-w C:\windowsremoval.exe
2009-04-17 14:57 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-17 14:57 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-17 14:57 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 14:57 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-17 14:57 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 14:57 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 14:57 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 14:57 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 14:57 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 14:57 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 14:56 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 16:05 . 2005-08-25 05:53 -------- d-----w c:\program files\Dell
2009-05-03 02:58 . 2006-01-08 01:57 -------- d-----w c:\program files\Print Workshop 2006
2009-04-24 21:52 . 2005-08-25 06:08 -------- d-----w c:\program files\Java
2009-04-20 03:59 . 2005-11-03 18:22 -------- d-----w c:\program files\Yahoo!
2009-04-14 14:07 . 2009-04-14 14:07 -------- d-----w c:\program files\Webroot
2009-04-14 14:03 . 2009-04-14 14:03 164 ----a-w c:\windows\install.dat
2009-04-13 02:43 . 2009-04-13 02:41 -------- d-----w c:\program files\ATT-SST
2009-04-13 02:43 . 2005-11-03 18:33 -------- d-----w c:\program files\Common Files\Motive
2009-04-13 02:42 . 2005-11-03 18:32 -------- d-----w c:\program files\SBC Self Support Tool
2009-04-06 18:32 . 2009-04-14 14:07 1563008 ----a-w c:\windows\WRSetup.dll
2009-04-02 19:30 . 2009-04-02 19:30 176752 ----a-w c:\windows\system32\drivers\ssidrv.sys
2009-04-02 19:30 . 2009-04-02 19:30 23152 ----a-w c:\windows\system32\drivers\sshrmd.sys
2009-04-02 19:30 . 2009-04-02 19:30 29808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys
2009-03-23 03:58 . 2009-03-23 03:58 531270 ----a-w C:\flower-pink-fresh.zip
2009-03-23 03:52 . 2009-03-23 03:52 22 ----a-w C:\pink.zip
2009-03-08 09:34 . 2004-08-10 17:51 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 09:34 . 2004-08-10 17:51 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 09:33 . 2004-08-10 17:50 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 09:33 . 2004-08-10 17:51 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 09:32 . 2004-08-10 17:50 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2004-08-10 17:51 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 09:31 . 2004-08-10 17:51 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2004-08-10 17:51 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2004-08-10 17:51 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 09:22 . 2004-08-10 17:51 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-01-15 22:50 . 2005-09-02 14:34 56 --sh--r c:\windows\system32\A5B7C537E9.sys
2009-01-15 22:50 . 2005-09-02 14:34 2516 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-05-12_16.33.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-15 02:03 . 2009-05-15 02:03 16384 c:\windows\Temp\Perflib_Perfdata_3a4.dat
- 2005-08-30 20:19 . 2009-05-12 16:29 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-08-30 20:19 . 2009-05-15 02:03 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-30 20:19 . 2009-05-12 16:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-30 20:19 . 2009-05-15 02:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-30 20:19 . 2009-05-15 02:03 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-08-30 20:19 . 2009-05-12 16:29 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-18 16:40 . 2009-04-30 08:03 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-01-18 16:40 . 2009-05-13 15:14 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-01-18 16:40 . 2009-04-30 08:03 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-01-18 16:40 . 2009-05-13 15:14 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-01-18 16:40 . 2009-04-30 08:03 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-01-18 16:40 . 2009-05-13 15:14 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-01-18 16:40 . 2009-05-13 15:14 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-01-18 16:40 . 2009-04-30 08:03 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-01-18 16:40 . 2009-05-13 15:14 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-01-18 16:40 . 2009-04-30 08:03 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-01-18 16:40 . 2009-04-30 08:03 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-01-18 16:40 . 2009-05-13 15:14 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-01-18 16:40 . 2009-05-13 15:14 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-01-18 16:40 . 2009-04-30 08:03 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-01-18 16:40 . 2009-04-30 08:03 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-01-18 16:40 . 2009-05-13 15:14 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-01-18 16:40 . 2009-05-13 15:14 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-01-18 16:40 . 2009-04-30 08:03 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-01-18 16:40 . 2009-04-30 08:03 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-01-18 16:40 . 2009-05-13 15:14 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-05-13 15:14 . 2009-05-13 15:14 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
- 2009-01-18 16:40 . 2009-04-30 08:03 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-01-18 16:40 . 2009-05-13 15:14 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-01-18 16:40 . 2009-05-13 15:14 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-01-18 16:40 . 2009-04-30 08:03 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2005-11-03 17:36 . 2009-05-07 07:16 24699336 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-04-06 18:26 238968 ----a-w c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-02-29 4670704]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-08-25 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-08-25 98304]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 221184]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-08-20 483328]
"YBrowser"="c:\program files\Yahoo!\browser\ybrwicon.exe" [2003-07-11 57344]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"Lexmark 4200 Series"="c:\program files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 57344]
"FaxCenterServer4_in_1"="c:\program files\Lexmark 4200 Series\Fax\fm3032.exe" [2004-01-22 151552]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2008-09-19 1529856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-24 148888]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-04-06 6345840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\Amber Scollick\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-11-27 368640]
PictureProject In Touch.lnk - c:\program files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe [2005-3-21 8384512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-1-15 118784]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/2/2009 2:30 PM 29808]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [4/14/2009 9:08 AM 1181040]
R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [11/9/2008 3:48 PM 602392]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-04-14 c:\windows\Tasks\HP DArC Task 2003-08-20 09:23ewlett-Packard76002003-08-20 19:57Y39S331J7K3.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-08-20 19:57]

2009-05-13 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-08-25 17:24]

2009-05-09 c:\windows\Tasks\wrSpySweeper_LA52014E956244F98ACB8DEB6167137AF.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-04-14 18:32]

2009-05-09 c:\windows\Tasks\wrSpySweeper_LA52014E956244F98ACB8DEB6167137AF.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-04-14 18:32]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: steelers.com\www
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 21:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2480)
c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-05-15 21:27
ComboFix-quarantined-files.txt 2009-05-15 02:26
ComboFix2.txt 2009-05-12 17:05
ComboFix3.txt 2009-04-25 16:26

Pre-Run: 50,700,070,912 bytes free
Post-Run: 50,687,127,552 bytes free

271 --- E O F --- 2009-05-13 15:14
  • 0

#44
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello ascollick,

Has there been any change in your computer?
  • 0

#45
ascollick

ascollick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Jimmy,

Still running slow ; but better.

I am not getting re-directed right now ; but it keeps coming and going.

It is still acting strange ; it freezes up quite a bit ( which it never did before )

Also one thing I am not sure about ; when I have to ctrl alt delete when I freeze up ; when it pulls up the processes there are TONS of things running ( alot of which I do not recognize ) could that be an issue ? I tried to screen shot for you but it wont let me ??

Still every single time I go to my website the computer goes terribly slow ; and most of the time freezes up ??

Thanks !

Edited by ascollick, 16 May 2009 - 07:59 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP