|
hi i am having a few problems with my computer,
firstly there are a few web pagees that do no work (i.e. hotmail, slingshot.co.nz) and my microsoft outlook will not allow me to send and receive any messages.
and also my msn messenger will not allow me to log on..
i couldnt get a superantispyware log but Here are my logs i hope that you can help :)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:24:02 p.m., on 7/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
G:\bullguard help\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-21-1547161642-842925246-1708537768-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-1547161642-842925246-1708537768-1003\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\system32\shdocvw.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O15 - Trusted IP range: 209.8.20.130 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe --
End of file - 7258 bytes
ComboFix 08-09-26.01 - Rick 2008-10-07 14:15:40.1 - NTFSx86
Running from: G:\bullguard help\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\Program Files\Common Files\companion wizard
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\sc.html
C:\WA6P
C:\WINDOWS\cookies.ini
C:\WINDOWS\installer.exe
C:\WINDOWS\onfwbsak.dll
C:\WINDOWS\peltodgx.dll
C:\WINDOWS\rwlfsdmk.dll
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\stera.log
.
((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 )))))))))))))))))))))))))))))))
.
2008-10-07 13:51 . 2008-10-07 13:51 <DIR> d----c--- C:\Program Files\SUPERAntiSpyware
2008-10-07 13:51 . 2008-10-07 13:51 <DIR> d----c--- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-07 13:51 . 2008-10-07 13:51 <DIR> d----c--- C:\Documents and Settings\Rick\Application Data\SUPERAntiSpyware.com
2008-10-07 13:51 . 2008-10-07 13:51 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-07 13:17 . 2008-10-07 13:18 <DIR> d----c--- C:\Program Files\CCleaner
2008-10-07 10:29 . 2008-10-07 10:29 32 --a--c--- C:\WINDOWS\system32\thxcfg.ini
2008-10-07 10:25 . 2008-10-07 08:45 372,736 --a--c--- C:\WINDOWS\vortsgbqasx.dll
2008-10-07 10:25 . 2008-10-07 08:45 266,240 --a--c--- C:\WINDOWS\qmafxprs.dll
2008-10-07 10:25 . 2008-10-07 08:45 258,048 --a--c--- C:\WINDOWS\lfstbwvd.dll
2008-10-07 10:25 . 2008-10-07 08:45 217,088 --a--c--- C:\WINDOWS\olnmraew.dll
2008-10-07 10:25 . 2008-10-07 08:45 94,208 --a--c--- C:\WINDOWS\elra.exe
2008-10-07 10:25 . 2008-10-07 08:45 86,016 --a--c--- C:\WINDOWS\qkeftmxn.exe
2008-10-07 10:23 . 2008-10-01 05:04 335,872 --a--c--- C:\WINDOWS\dfmlxbpkvlo.dll
2008-10-07 10:23 . 2008-10-01 05:04 94,208 --a--c--- C:\WINDOWS\fbxrqtwn.exe
2008-10-07 10:14 . 2008-10-07 11:35 <DIR> d--h-c--- C:\$AVG8.VAULT$
2008-10-07 09:37 . 2008-10-07 09:52 <DIR> d----c--- C:\WINDOWS\system32\drivers\Avg
2008-10-07 09:37 . 2008-10-07 09:37 <DIR> d----c--- C:\Program Files\AVG
2008-10-07 09:37 . 2008-10-07 09:37 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-07 09:37 . 2008-10-07 09:37 97,928 --a--c--- C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-07 09:37 . 2008-10-07 09:37 10,520 --a--c--- C:\WINDOWS\system32\avgrsstx.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-07 00:49 --------- dc----w C:\Program Files\TrojanHunter 5.0
2008-10-07 00:48 --------- dc----w C:\Documents and Settings\Rick\Application Data\IGN_DLM
2008-10-07 00:24 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-06 23:39 356,368 -c--a-w C:\WINDOWS\system32\PerfStringBackup.TMP
2008-07-18 10:10 94,920 -c--a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 10:10 53,448 -c--a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 10:10 45,768 -c--a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 10:10 36,552 -c--a-w C:\WINDOWS\system32\wups.dll
2008-07-18 10:09 563,912 -c--a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 10:09 325,832 -c--a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 10:09 205,000 -c--a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 10:09 1,811,656 -c--a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 10:07 270,880 -c--a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 10:07 210,976 -c--a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 -c--a-w C:\WINDOWS\system32\es.dll
2006-12-15 08:46 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2005-02-15 05:06 218,112 -c--a-w C:\Program Files\HijackThis.exe
2004-08-22 02:29 708 -c--a-w C:\Documents and Settings\All Users\Documents.zip
2003-03-27 03:36 32 -csha-w C:\WINDOWS\{35C80B41-63C1-44F5-8C3C-2AA2AAB07BD2}.dat
2003-03-25 00:51 32 -csha-w C:\WINDOWS\{90B798A1-866D-4DAD-8FDF-4982E99F3BF5}.dat
2003-03-25 01:09 32 -csha-w C:\WINDOWS\{95D7FC67-F69F-43C5-BF1A-8A6C3E1B326F}.dat
2003-03-25 00:51 32 -csha-w C:\WINDOWS\{A13EC8D3-59A9-4CF6-96DD-9D3E7E4F8416}.dat
2003-03-25 00:51 32 -csha-w C:\WINDOWS\{CA2B9575-875B-4314-8BCA-FDB8A86982E1}.dat
2003-03-25 00:44 32 -csha-w C:\WINDOWS\{E075325B-5525-43D7-B84E-278422A7BBAA}.dat
2007-12-05 18:47 106,435 -csha-w C:\WINDOWS\system32\ccbeg.bak1
2007-05-06 08:05 599,181 -csha-w C:\WINDOWS\system32\gjlnn.bak1
2007-05-11 05:23 598,673 -csha-w C:\WINDOWS\system32\gjlnn.bak2
2007-05-11 05:37 597,460 -csha-w C:\WINDOWS\system32\gjlnn.ini2
2007-12-04 18:26 106,432 -csha-w C:\WINDOWS\system32\kjllm.bak1
2007-11-28 02:47 109,624 -csha-w C:\WINDOWS\system32\knnmp.bak1
2007-11-28 10:14 114,852 -csha-w C:\WINDOWS\system32\knnmp.bak2
2007-12-01 19:57 106,432 -csha-w C:\WINDOWS\system32\lmllm.bak1
2007-10-15 06:02 375,854 -csha-w C:\WINDOWS\system32\onpoq.bak1
2007-11-21 18:04 115,951 -csha-w C:\WINDOWS\system32\onpoq.bak2
2007-11-22 10:19 115,037 -csha-w C:\WINDOWS\system32\onpoq.ini2
2007-11-27 19:39 109,664 -csha-w C:\WINDOWS\system32\prqss.bak1
2007-11-28 17:38 112,054 -csha-w C:\WINDOWS\system32\prqss.bak2
2007-12-02 08:44 106,472 -csha-w C:\WINDOWS\system32\qrutv.bak1
2007-12-03 01:13 120,106 -csha-w C:\WINDOWS\system32\qrutv.bak2
2007-11-29 09:16 107,500 -csha-w C:\WINDOWS\system32\qtstv.bak1
2007-11-30 08:13 107,499 -csha-w C:\WINDOWS\system32\rrqss.bak1
2007-12-02 18:12 108,937 -csha-w C:\WINDOWS\system32\rrqss.bak2
2007-12-03 23:41 106,473 -csha-w C:\WINDOWS\system32\rttss.bak1
2007-11-22 20:16 109,624 -csha-w C:\WINDOWS\system32\srutv.bak1
2007-11-27 05:55 158,179 -csha-w C:\WINDOWS\system32\srutv.bak2
2007-12-02 10:25 106,433 -csh--w C:\WINDOWS\system32\sstwa.bak1
2007-11-29 18:19 107,540 -csh--w C:\WINDOWS\system32\tstwa.bak1
2007-12-04 06:07 106,433 -csh--w C:\WINDOWS\system32\vvvwa.bak1
2007-12-03 18:39 106,473 -csh--w C:\WINDOWS\system32\xbeeg.bak1
2007-11-29 07:40 107,499 -csh--w C:\WINDOWS\system32\yycdd.bak1
2003-03-27 03:36 32 -csha-w C:\WINDOWS\system32\{585A702D-1FAB-439A-A0D9-FC420466FBE3}.dat
2003-03-25 00:44 32 -csha-w C:\WINDOWS\system32\{76D8154E-2109-4099-BBC5-65EDA8E0C0B9}.dat
2003-03-25 00:51 32 -csha-w C:\WINDOWS\system32\{C3FE3E29-E357-4D42-8FB8-67A08A8FF25D}.dat
2003-03-25 01:09 32 -csha-w C:\WINDOWS\system32\{D2A42AD0-062E-4053-96EA-0C1591AD37E7}.dat
2003-03-25 00:51 32 -csha-w C:\WINDOWS\system32\{DC889F52-547A-4B52-92CC-8059CC82BCE5}.dat
2003-03-25 00:51 32 -csha-w C:\WINDOWS\system32\{E09CDC6C-CCB9-4FD9-AB05-617503D609E1}.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-07 149040]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-07 1234712]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"= 0 (0x0)
"Btn_Forward"= 0 (0x0)
"Btn_Stop"= 0 (0x0)
"Btn_Refresh"= 0 (0x0)
"Btn_Home"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"Btn_History"= 0 (0x0)
"Btn_Favorites"= 0 (0x0)
"Btn_Folders"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_MailNews"= 0 (0x0)
"Btn_Size"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Discussions"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
"NoInstrumentation"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 13:32 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\\WINDOWS\\system32\\vturs
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo PopUpBlocker
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BroadWaveRun
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GLSetIT32
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailSkinner
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopupJammer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordPadRun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2007-03-09 12:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CpeStart]
-ra--c--- 2001-04-03 14:07 36864 C:\WINDOWS\system32\CpeStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2008-04-14 13:12 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2007-11-15 13:11 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
--a--c--- 2007-04-17 14:03 63048 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2007-03-07 17:14 161328 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2007-11-14 23:43 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a--c--- 2007-10-15 16:46 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuikShield]
--a--c--- 2003-05-25 22:15 516744 C:\WINDOWS\qkshield.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"usnjsvc"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"ScsiAccess"=2 (0x2)
"Schedule"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ose"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LMIMaint"=2 (0x2)
"KodakCCS"=2 (0x2)
"ImapiService"=3 (0x3)
"IDriverT"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"a2free"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c41b04f0-939b-11db-b025-843a771a5ec6}]
\Shell\AutoRun\command - E:\
\Shell\explore\Command - WScript.exe .\autorun.vbs
\Shell\open\Command - WScript.exe .\autorun.vbs
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASENUM
*Newly Created Service* - SASKUTIL
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
BHO-{1E97E3C4-A249-4912-8919-3C4A5C138A3B} - (no file)
BHO-{55A8B384-7B11-4DF0-AFE0-78F6FF7A0774} - (no file)
BHO-{76760EE6-03CA-4898-98FB-05C32309D7C5} - (no file)
Notify-fcccaxy - fcccaxy.dll
MSConfigStartUp-msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-NeroCheck - C:\WINDOWS\system32\NeroCheck.exe
MSConfigStartUp-PAS_Check - C:\Program Files\Common Files\DriveCleaner Free\udcpas.exe
MSConfigStartUp-SDR6_Check - C:\Program Files\Common Files\DriveCleaner Free\udcsdr.exe
. ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.co.nz/ R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} R1 -: HKCU-Internet Settings,ProxyOverride = localhost O8 -: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 -: Download ALL with IDA O8 -: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 -: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 -: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 -: Download with IDA O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 -: {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - . **************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-10-07 14:16:30 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-07 14:18:14
ComboFix-quarantined-files.txt 2008-10-07 01:18:11
Pre-Run: 5,449,338,880 bytes free
Post-Run: 5,449,646,080 bytes free
283 --- E O F --- 2008-09-21 08:19:42
| 
