new log 05/13 - Techist - Tech Forum

Go Back   Techist - Tech Forum > Security | Computer, Devices, Software and Systems > Viruses, Spyware and Malware > HijackThis Logs (finished)
Click Here to Login
 
 
Thread Tools Display Modes
 
Old 05-13-2008, 11:42 PM   #1 (permalink)
True Techie
 
Join Date: Apr 2008
Posts: 125
Default new log 05/13

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:11 PM, on 5/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Documents and Settings\Jermaine\Local Settings\Temp\wzf0a8\HijackThis.exe
C:\Documents and Settings\Jermaine\Desktop\New Folder\osiris anti virus\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Start Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Dell Start Page
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Microsoft copyright - {971D5B7B-F7DF-43ee-B771-6B7FA09975C3} - tcprp.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: (no name) - {C15F692A-02A3-4656-953F-C7BD1F52FDA1} - C:\WINDOWS\system32\geeba.dll (file missing)
O2 - BHO: Flash Module - {C87FA4A3-2474-4a3f-B413-67D515905024} - rasmoesa.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [default] C:\Documents and Settings\Jermaine\winmain.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\RunOnce: [winmz] C:\Documents and Settings\Jermaine\winmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsck2.dll' missing
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1181628151203
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx. dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7765 bytes

thanks
__________________

__________________
generalaxes is offline  
Old 05-14-2008, 07:18 AM   #2 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: new log 05/13

Remove these entries

O2 - BHO: Microsoft copyright - {971D5B7B-F7DF-43ee-B771-6B7FA09975C3} - tcprp.dll (file missing)

O2 - BHO: (no name) - {C15F692A-02A3-4656-953F-C7BD1F52FDA1} - C:\WINDOWS\system32\geeba.dll (file missing)

O2 - BHO: Flash Module - {C87FA4A3-2474-4a3f-B413-67D515905024} - rasmoesa.dll (file missing)

O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)

O4 - HKCU\..\Run: [default] C:\Documents and Settings\Jermaine\winmain.exe

O4 - HKCU\..\RunOnce: [winmz] C:\Documents and Settings\Jermaine\winmain.exe

O10 - Broken Internet access because of LSP provider 'winsck2.dll' missing

then post a new log
__________________

__________________
Osiris is offline  
Old 05-14-2008, 05:03 PM   #3 (permalink)
Super Techie
 
Join Date: Aug 2007
Posts: 451
Default Re: new log 05/13

@Osiris: I am sorry to say but the deletion of 010 would make the user lose internet access. It must be deleted with the use of LSPFix to be removed correctly.

Hello GeneralAxes,

Let's get down to business by removing that WinSock Item first to return your internet access . Since there is a lot of adware in that PC we will run CF to remove the bulk of that junk

Step1

A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.
  1. Please download LSPFix from here.
  2. Run the LSPFix.exe that you have just finished downloading.
  3. Check the I know what I'm doing box.
  4. In the Keep box you should see one or more instances of winsck2.dll.
  5. Select every instance of winsck2.dll and move each one to the Remove box by clicking the >> button.
  6. When you are done click Finish>>.

Step2

Download CWShredder here to its own folder.

Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows.

Step3

Download ComboFix from Here or Here to your Desktop.
Read first: "How to download and use ComboFix"
If you downloaded ComboFix previously, delete that version and download it again as the tool is frequently updated!
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
  • Be sure to re-enable your anti-virus and other security programs, after ComboFix finished.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Extra-Note: Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist. Please read Combofix's Disclaimer

Logs Required In Next Post
----------------------------

ComboFix Log
Update On Internet Access
__________________
techpro5238 is offline  
Old 05-14-2008, 09:39 PM   #4 (permalink)
True Techie
 
Join Date: Apr 2008
Posts: 125
Default Re: new log 05/13

*hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:02 PM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Zune\ZuneNss.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jermaine\Desktop\New Folder\osiris anti virus\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Dell Start Page
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1181628151203
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx. dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7095 bytes

*combofix
ComboFix 08-05-12.1 - Jermaine 2008-05-14 21:13:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.359 [GMT -5:00]
Running from: C:\Documents and Settings\Jermaine\Desktop\New Folder\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\salesmonitor
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Jermaine\Application Data\BestsellerAntivirus
C:\Documents and Settings\Jermaine\Application Data\BestsellerAntivirus\avtasks.dat
C:\Documents and Settings\Jermaine\Application Data\BestsellerAntivirus\Logs\av.log
C:\Documents and Settings\Jermaine\Application Data\BestsellerAntivirus\Logs\ga6Support.log
C:\Documents and Settings\Jermaine\Application Data\BestsellerAntivirus\Logs\update.log
C:\Documents and Settings\Jermaine\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Jermaine\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Jermaine\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Jermaine\ResErrors.log
C:\Documents and Settings\Jermaine\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Jermaine\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Jermaine\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\inetget2
C:\Program Files\Insider
C:\Program Files\ISM
C:\Program Files\ISM\dictionary.gz
C:\Program Files\ISM\ISMModule8.exe
C:\Program Files\ISM\targets.gz
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\ISM2
C:\Program Files\ISM2\dictionary.gz
C:\Program Files\ISM2\ISMPack5.exe
C:\Program Files\ISM2\targets.gz
C:\Program Files\WinAble
C:\Program Files\Words
C:\Program Files\Words\list.txt
C:\Program Files\Words\script.txt
C:\UGA6P
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\aawvtjap.ini
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\abeeg.bak2
C:\WINDOWS\system32\abeeg.ini
C:\WINDOWS\system32\aludvokf.ini
C:\WINDOWS\system32\cmds.txt
C:\WINDOWS\system32\conf.dat
C:\WINDOWS\system32\dyustkso.ini
C:\WINDOWS\system32\efaacomr.ini
C:\WINDOWS\system32\geocafpb.ini
C:\WINDOWS\system32\iygafwtk.ini
C:\WINDOWS\system32\kiptxfxj.ini
C:\WINDOWS\system32\mbfrqpqb.ini
C:\WINDOWS\system32\nffjgeaw.ini
C:\WINDOWS\system32\qtwryniw.ini
C:\WINDOWS\system32\svgflrym.ini
C:\WINDOWS\system32\tmdoihqf.ini
C:\WINDOWS\system32\vipiuaud.ini
C:\WINDOWS\system32\voqkyqwp.ini
C:\WINDOWS\system32\vvrprtqt.ini
C:\WINDOWS\system32\yfwwckjq.ini

----- BITS: Possible infected sites -----

hxxp://store.zune.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE
-------\Legacy_FMTR
-------\Service_DomainService


((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))
.

2008-05-12 22:27 . 2008-05-12 22:27 <DIR> d--hs---- C:\found.000
2008-05-12 18:49 . 2008-05-12 20:17 <DIR> d-------- C:\VundoFix Backups
2008-05-12 18:21 . 2008-05-13 01:41 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-12 18:00 . 2008-05-12 18:00 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-12 18:00 . 2008-05-12 18:00 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-12 18:00 . 2008-05-12 18:00 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-12 18:00 . 2008-05-12 18:00 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-12 17:59 . 2008-05-12 17:59 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-12 17:56 . 2008-05-12 17:56 <DIR> d-------- C:\Program Files\AVG
2008-05-12 17:56 . 2008-05-12 17:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-12 17:56 . 2008-05-12 17:56 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-05-12 17:56 . 2008-05-12 17:56 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-05-12 17:49 . 2008-05-12 17:49 <DIR> d-------- C:\Program Files\MSConfig CleanUp
2008-05-12 17:46 . 2008-05-12 17:46 <DIR> d-------- C:\Program Files\CleanUp!
2008-05-12 17:46 . 2008-05-12 17:47 <DIR> d-------- C:\Program Files\CCleaner
2008-05-12 17:45 . 2008-05-12 17:45 <DIR> d-------- C:\Program Files\Trojan Remover
2008-05-12 17:45 . 2008-05-12 17:45 <DIR> d-------- C:\Documents and Settings\Jermaine\Application Data\Simply Super Software
2008-05-12 17:45 . 2008-05-12 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-05-12 17:45 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-05-12 17:45 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-05-12 17:45 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-05-12 17:45 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-05-12 17:45 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-05-12 17:37 . 2008-05-12 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-09-09 04:11 636 ----a-w C:\Documents and Settings\Jermaine\Application Data\wklnhst.dat
2006-09-11 00:28 251 ----a-w C:\Program Files\wt3d.ini
2007-10-09 23:40 88 --sh--r C:\WINDOWS\system32\BF9B34DF23.sys
2007-10-09 23:40 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-08-21 14:14 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-03-14 19:03 24104]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-12 17:59 1177368]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-12 05:17 1065800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~ 1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\ avgrkx86.sys [2008-05-12 18:00]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-12 18:00]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-12 17:59]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-12 17:59]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-05-12 17:59]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-12 17:59]
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 18:55]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwd x.sys [2008-05-12 17:56]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-12 17:56]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 05:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-22 01:03:42 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 21:20:54
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\PROGRA~1\Google\GOOGLE~1\GOA66E~1.DLL
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\Program Files\Zune\ZuneNss.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pccguide.exe
C:\WINDOWS\system32\verclsid.exe
.
************************************************** ************************
.
Completion time: 2008-05-14 21:25:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 02:25:17

Pre-Run: 16,960,589,824 bytes free
Post-Run: 16,990,285,824 bytes free

207 --- E O F --- 2007-10-10 08:03:31

*internet access- not tested. not connected, hardware issue
__________________
generalaxes is offline  
Old 05-15-2008, 05:35 PM   #5 (permalink)
Super Techie
 
Join Date: Aug 2007
Posts: 451
Default Re: new log 05/13

Hello GeneralAxes,

Step1

1. Please open Notepad
  • Click Start, then Run
  • Type "notepad.exe" in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
KillAll::

File::
C:\found.000
C:\Program Files\wt3d.ini
E:\setup.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
3. Then in the text file go to FILE => SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply

Step2

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
    • C:\Documents and Settings\Jermaine\Application Data\wklnhst.dat
  • Click on the submit button
  • Please post the results in your next reply.

Please follow these steps for the following files:
C:\WINDOWS\system32\BF9B34DF23.sys
C:\WINDOWS\system32\KGyGaAvL.sys


Step3

Download SpSeHjfix Here.

Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

Step4

What Anti-Virus/Firewall are you using currently? How many security programs are installed currently, and which ones do you have running actively? Explain more on this internet issue. What is happening, and what do you mean by hardware? Please try to be detailed.

There is a big chance that these logs won't fit all into one post so please post them one by one into new posts (eg. ComboFix in one post, all the Jotti's in one post, and the SpSeHjfix Log in one post)

Logs Required In Next Post
-----------------------------

ComboFix Log
SpSeHjfix Log
Jotti Logs (3)
Answer To Questions


Kind Regards,
Techpro5238
__________________
techpro5238 is offline  
Old 05-17-2008, 08:10 PM   #6 (permalink)
True Techie
 
Join Date: Apr 2008
Posts: 125
Default Re: new log 05/13

combofix log
ComboFix 08-05-12.1 - Jermaine 2008-05-17 19:51:12.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.618 [GMT -5:00]
Running from: C:\Documents and Settings\Jermaine\Desktop\New Folder\osiris anti virus\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jermaine\Desktop\New Folder\osiris anti virus\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\found.000
C:\Program Files\wt3d.ini
E:\setup.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\wt3d.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.

2008-05-17 15:15 . 2004-07-21 11:40 17,920 --a------ C:\WINDOWS\system32\apintfnt.dll
2008-05-17 15:14 . 2008-05-17 15:15 <DIR> d-------- C:\Program Files\Sierra Wireless
2008-05-17 15:14 . 2008-05-17 15:14 <DIR> d-------- C:\desktop
2008-05-17 15:13 . 2008-05-17 15:13 <DIR> d-------- C:\WINDOWS\Sierra
2008-05-12 22:27 . 2008-05-12 22:27 <DIR> d--hs---- C:\found.000
2008-05-12 18:49 . 2008-05-12 20:17 <DIR> d-------- C:\VundoFix Backups
2008-05-12 18:21 . 2008-05-17 17:43 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-12 18:00 . 2008-05-17 15:28 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-12 18:00 . 2008-05-12 18:00 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-12 18:00 . 2008-05-12 18:00 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-12 18:00 . 2008-05-12 18:00 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-12 17:59 . 2008-05-12 17:59 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-12 17:56 . 2008-05-12 17:56 <DIR> d-------- C:\Program Files\AVG
2008-05-12 17:56 . 2008-05-17 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-12 17:56 . 2008-05-12 17:56 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-05-12 17:56 . 2008-05-12 17:56 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-05-12 17:49 . 2008-05-12 17:49 <DIR> d-------- C:\Program Files\MSConfig CleanUp
2008-05-12 17:46 . 2008-05-12 17:46 <DIR> d-------- C:\Program Files\CleanUp!
2008-05-12 17:46 . 2008-05-12 17:47 <DIR> d-------- C:\Program Files\CCleaner
2008-05-12 17:45 . 2008-05-12 17:45 <DIR> d-------- C:\Program Files\Trojan Remover
2008-05-12 17:45 . 2008-05-12 17:45 <DIR> d-------- C:\Documents and Settings\Jermaine\Application Data\Simply Super Software
2008-05-12 17:45 . 2008-05-12 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-05-12 17:45 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-05-12 17:45 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-05-12 17:45 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-05-12 17:45 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-05-12 17:45 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-05-12 17:37 . 2008-05-12 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-16 00:50 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-16 00:44 --------- d-----w C:\Program Files\Modem Helper
2007-09-09 04:11 636 ----a-w C:\Documents and Settings\Jermaine\Application Data\wklnhst.dat
2007-10-09 23:40 88 --sh--r C:\WINDOWS\system32\BF9B34DF23.sys
2007-10-09 23:40 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-14_21.24.43.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-15 02:18:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-18 00:54:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-17 20:14:23 65,536 ----a-r C:\WINDOWS\Installer\{6DCBB845-0FA4-4723-A40A-1F320C221C30}\ARPPRODUCTICON.exe
+ 2008-05-18 00:53:10 14,166 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{4C44C9 64-F012-40B8-B15B-6A5CC1BF65F5}.bin
+ 2007-02-22 22:26:46 71,168 ----a-w C:\WINDOWS\system32\drivers\swmx00.sys
+ 2007-01-12 19:26:42 102,144 ----a-w C:\WINDOWS\system32\drivers\SWNC5E00.sys
+ 2008-05-18 00:54:14 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_3ac.dat
+ 2008-05-18 00:54:14 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-08-21 14:14 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-03-14 19:03 24104]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-12 17:59 1177368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~ 1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"&#37;windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\ avgrkx86.sys [2008-05-12 18:00]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-12 18:00]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-12 17:59]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-12 17:59]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-05-12 17:59]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-12 17:59]
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 18:55]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwd x.sys [2008-05-12 17:56]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-12 17:56]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 05:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-22 01:03:42 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 19:55:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\Program Files\Zune\ZuneNss.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pccguide.exe
.
************************************************** ************************
.
Completion time: 2008-05-17 20:00:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-18 01:00:04
ComboFix2.txt 2008-05-15 02:25:31

Pre-Run: 16,705,392,640 bytes free
Post-Run: 16,698,019,840 bytes free

156 --- E O F --- 2007-10-10 08:03:31

jotti logs
i could not complete the instructed process due to lack of internet

SpSeHjfix logs
when SpSeHjfix was downloaded the zip file was empty

answer to questions
-the internet
at first i decided not to connect the computer to the internet. this computer is a whore and its pretty obvious. now the computer has a tested and working internet hardware
-anti virus programs
the main program in AVG 8 used my me. other installed but now disabled (i think) programs are norton security scan and something ive never heard of "trend micro pc chillin internet security"

-hopefully these details help and i was able to answer everything
__________________
generalaxes is offline  
Old 05-17-2008, 08:30 PM   #7 (permalink)
Super Techie
 
Join Date: Aug 2007
Posts: 451
Default Re: new log 05/13

Is there any possible way for you to get those files on a flash drive and scan them through Jotti? I can't really remove them unless I have information on them first because I might be removing something vital to the PC.

They seem like malware to me. Would you like to give me permission to delete them?

Step1

1. Please open Notepad
  • Click Start, then Run
  • Type "notepad.exe" in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
DirLook::
C:\desktop

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
3. Then in the text file go to FILE => SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply

Step2

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Extended (if available otherwise Standard)
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
__________________
techpro5238 is offline  
Old 05-24-2008, 12:42 AM   #8 (permalink)
True Techie
 
Join Date: Apr 2008
Posts: 125
Default Re: new log 05/13

osiris thank you for leaving this old(er) topic in the analyze part
techpro thanks for your patience
ive had some trouble but here is what i have:
internet connection
it is partial i can update avg and i now have regained control of my own internet
jotti logs
i tried using a flash drive to move them over.
C:\Documents and Settings\Jermaine\Application Data\wklnhst.dat- i got a prompt saying that it did not exist anymore
as for the other two i managed jotti's virus scan is being blocked (online)
new issue
there is a program on the system that is becoming a problem for the following reasons
one- it is an "anti-virus"
two- i cannot shut it down
three- when i try to shut it down it asks for a password
four- when i try to uninstall it (control panel add/remove programs) again it asks for a password
five- no one seems to know the password.
the program is that "trend micro pc chillin internet secuirty"
kaspersky
the web scan is in progress and i will post the results as soon as i can
combofix
the same with the combo fix logs i will have them up soon or thats the plan anyway
thanks
__________________
generalaxes is offline  
Old 05-27-2008, 01:10 PM   #9 (permalink)
Super Techie
 
Join Date: Aug 2007
Posts: 451
Default Re: new log 05/13

Hows this coming?
__________________
techpro5238 is offline  
Old 05-29-2008, 11:04 PM   #10 (permalink)
True Techie
 
Join Date: Apr 2008
Posts: 125
Default Re: new log 05/13

this is the CF log after adding your latest script:
ComboFix 08-05-29.1 - Jermaine 2008-05-29 22:28:41.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.400 [GMT -5:00]
Running from: C:\Documents and Settings\Jermaine\Desktop\New Folder\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jermaine\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))
.

2008-05-29 22:13 . 2008-05-29 22:13 <DIR> d-------- C:\WINDOWS\LastGood
2008-05-24 00:48 . 2008-05-24 00:48 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-24 00:48 . 2008-05-24 00:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-17 20:12 . 2008-05-17 20:17 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-05-17 15:15 . 2004-07-21 11:40 17,920 --a------ C:\WINDOWS\system32\apintfnt.dll
2008-05-17 15:14 . 2008-05-17 15:15 <DIR> d-------- C:\Program Files\Sierra Wireless
2008-05-17 15:14 . 2008-05-17 15:14 <DIR> d-------- C:\desktop
2008-05-17 15:13 . 2008-05-17 15:13 <DIR> d-------- C:\WINDOWS\Sierra
2008-05-12 22:27 . 2008-05-12 22:27 <DIR> d--hs---- C:\found.000
2008-05-12 18:49 . 2008-05-12 20:17 <DIR> d-------- C:\VundoFix Backups
2008-05-12 18:21 . 2008-05-29 21:57 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-12 18:00 . 2008-05-29 22:15 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-12 18:00 . 2008-05-12 18:00 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-12 18:00 . 2008-05-12 18:00 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-12 18:00 . 2008-05-12 18:00 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-12 17:59 . 2008-05-12 17:59 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-12 17:56 . 2008-05-12 17:56 <DIR> d-------- C:\Program Files\AVG
2008-05-12 17:56 . 2008-05-17 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-12 17:56 . 2008-05-12 17:56 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-05-12 17:56 . 2008-05-12 17:56 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-05-12 17:49 . 2008-05-12 17:49 <DIR> d-------- C:\Program Files\MSConfig CleanUp
2008-05-12 17:46 . 2008-05-12 17:46 <DIR> d-------- C:\Program Files\CleanUp!
2008-05-12 17:46 . 2008-05-12 17:47 <DIR> d-------- C:\Program Files\CCleaner
2008-05-12 17:45 . 2008-05-12 17:45 <DIR> d-------- C:\Program Files\Trojan Remover
2008-05-12 17:45 . 2008-05-12 17:45 <DIR> d-------- C:\Documents and Settings\Jermaine\Application Data\Simply Super Software
2008-05-12 17:45 . 2008-05-12 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-05-12 17:45 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-05-12 17:45 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-05-12 17:45 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-05-12 17:45 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-05-12 17:45 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-05-12 17:37 . 2008-05-12 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-16 00:50 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-16 00:44 --------- d-----w C:\Program Files\Modem Helper
2008-03-31 00:07 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-03-31 00:07 204,816 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-03-30 23:50 1,169,240 ----a-w C:\WINDOWS\system32\drivers\VsapiNT.sys
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 23:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-09-09 04:11 636 ----a-w C:\Documents and Settings\Jermaine\Application Data\wklnhst.dat
2007-10-09 23:40 88 --sh--r C:\WINDOWS\system32\BF9B34DF23.sys
2007-10-09 23:40 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))) )))))))
.

---- Directory of C:\desktop ----

2008-05-29 22:11 840 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\call.log
2008-05-23 22:29 6 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\RWOutbox.sms
2008-05-23 22:29 6 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\RWInbox.sms
2007-04-02 18:22 77824 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\Vision_hiSwiEVDODevice.dll
2007-04-02 18:22 61440 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\Vision_hiSwiAc580.dll
2007-04-02 18:22 53248 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\UpdateFiles.exe
2007-04-02 18:22 110592 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\coinstaller.dll
2007-04-02 18:21 57344 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSCMVision_siXP.dll
2007-04-02 18:21 57344 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSCMVision_si2K.dll
2007-04-02 18:21 450560 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSCMVision.dll
2007-04-02 18:21 2490368 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSCMVision_Res001.dll
2007-04-02 18:21 131072 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
2007-04-02 18:20 942080 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSCM_Res001.dll
2007-04-02 18:20 229376 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSCM.exe
2007-04-02 18:20 221184 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\GenUtil.dll
2007-04-02 18:19 65536 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\AutomatedUpdate.dll
2007-04-02 18:19 32768 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\DebugLog.exe
2007-04-02 18:19 28672 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\DebugLogDLL.dll
2007-03-28 14:50 49152 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\usbmuxstats.exe
2007-03-28 14:48 819284 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\swi_evdowrappermx.dll
2007-03-28 14:42 4860 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\ReleaseNotes.txt
2007-03-08 19:26 242176 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\DriverInstall64.exe
2007-03-08 19:26 184320 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\DriverInstaller.exe
2007-03-08 10:29 3997869 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\bin\cct_ac595.exe
2007-03-07 11:47 2096878 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\bin\cct_nb.exe
2007-03-06 13:15 4045109 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\bin\cct_ac595u.exe
2007-02-28 14:30 446538 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\swi_evdomx.dll
2007-02-22 17:22 19456 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\swmxintf.dll
2007-01-30 14:31 659456 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\Swi_EvdoWrapper.dll
2007-01-30 14:30 266240 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SwiDiagUtil.dll
2007-01-30 14:29 372736 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\Swi_Evdo.dll
2007-01-19 17:29 8844 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\installer_parameters.xml
2007-01-15 17:08 671815 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\CM.chm
2007-01-15 17:08 658883 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\CMDL.chm
2006-09-22 19:08 10124 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\Drivers_WinNT\swmd580.cat
2006-09-19 15:23 44264 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\Drivers_WinNT\swmd580.inf
2006-09-05 10:13 705 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\Drivers_WinNT\installer_parameters.xml
2006-08-24 16:57 12800 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\Drivers_WinNT\apusbdcox64.dll
2006-08-24 16:57 11776 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\Drivers_WinNT\apusbdco.dll
2006-08-24 16:56 51200 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\Drivers_WinNT\apusbsntx64.sys
2006-08-24 16:56 40832 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\Drivers_WinNT\apusbsnt.sys
2006-08-24 16:56 2514 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\Drivers_WinNT\swsr580.inf
2005-06-23 16:37 36 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\alerts.log
2005-03-14 20:10 204800 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SWIPSA.dll
2005-03-09 11:59 67 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\bin\cct_mc5725.exe
2005-03-09 11:59 67 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\bin\cct_mc5720.exe
2005-03-09 11:59 67 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\bin\cct_em.exe
2005-03-09 11:59 67 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\bin\cct_ac597e.exe
2005-02-03 11:42 43012 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\swdrvintf9x.dll
2005-02-03 11:42 17920 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\swdrvintfnt.dll
2004-11-30 14:01 16896 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\VSP_Drivers\apvspdnt.sys
2004-11-30 14:01 1084 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\VSP_Drivers\apvspdrv.inf
2004-07-21 11:40 32768 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\Drivers_WinNT\apcontrl.exe
2004-07-21 11:40 17920 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\Drivers_WinNT\apintfnt.dll
2004-07-08 17:09 401462 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\Msvcp60.dll
2004-05-07 10:14 290885 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\reminfs.exe
2004-05-07 10:14 100 --a------ C:\desktop\Sprint\Sierra Wireless\Sprint PCS Connection Manager\StaleInfs.bat


((((((((((((((((((((((((((((( snapshot@2008-05-14_21.24.43.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-15 02:18:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-30 00:26:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2000-08-31 13:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 13:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
+ 2007-08-20 10:04:34 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2006-10-17 17:58:06 346,624 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-08-20 10:04:34 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-08-20 10:04:34 132,608 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-08-20 10:04:34 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-08-17 10:20:54 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-08-20 10:04:34 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-08-20 10:04:35 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-08-17 07:34:25 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-08-20 10:04:35 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-08-20 10:04:35 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-08-20 10:04:37 6,058,496 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-08-20 10:04:38 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-08-20 10:04:38 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-08-17 10:20:54 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-08-17 10:21:21 625,152 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-08-20 10:04:39 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-08-20 10:04:39 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-08-20 10:04:39 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-08-20 10:04:41 3,584,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-08-20 10:04:41 477,696 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-08-20 10:04:41 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-08-20 10:04:42 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-08-20 10:04:42 102,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2006-10-17 17:58:08 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-08-20 10:04:42 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-08-20 10:04:42 1,152,000 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-08-20 10:04:42 232,960 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-08-20 10:04:43 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
+ 2008-05-17 20:14:23 65,536 ----a-r C:\WINDOWS\Installer\{6DCBB845-0FA4-4723-A40A-1F320C221C30}\ARPPRODUCTICON.exe
- 2007-08-20 10:04:34 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-08-20 10:04:34 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 13:06:20 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-25 04:50:25 554,008 ------w C:\WINDOWS\system32\dllcache\dao360.dll
- 2006-10-17 17:58:06 346,624 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-20 10:04:34 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-20 10:04:34 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-08-20 10:04:34 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-03-01 13:06:21 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-08-20 10:04:34 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-08-20 10:04:35 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-08-20 10:04:35 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-08-20 10:04:35 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-08-20 10:04:37 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-08-20 10:04:38 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-08-20 10:04:38 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-03-01 13:06:25 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-08-20 10:04:39 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2006-08-17 12:28:27 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-07-06 10:05:47 72,960 ------w C:\WINDOWS\system32\dllcache\mqac.sys
+ 2007-07-06 12:46:59 138,240 ------w C:\WINDOWS\system32\dllcache\mqad.dll
+ 2007-07-06 12:46:59 47,104 ------w C:\WINDOWS\system32\dllcache\mqdscli.dll
+ 2007-07-06 12:46:59 16,896 ------w C:\WINDOWS\system32\dllcache\mqise.dll
+ 2007-07-06 12:46:59 660,992 ------w C:\WINDOWS\system32\dllcache\mqqm.dll
+ 2007-07-06 12:46:59 177,152 ------w C:\WINDOWS\system32\dllcache\mqrt.dll
+ 2007-07-06 12:46:59 95,744 ------w C:\WINDOWS\system32\dllcache\mqsec.dll
+ 2007-07-06 12:46:59 48,640 ------w C:\WINDOWS\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:46:59 471,552 ------w C:\WINDOWS\system32\dllcache\mqutil.dll
+ 2007-12-18 09:51:35 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
+ 2008-03-25 04:50:28 518,944 ------w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:30 326,432 ------w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2007-08-20 10:04:39 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-08-20 10:04:39 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-08-20 10:04:41 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-25 04:50:34 1,516,568 ------w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:40 355,112 ------w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:42 60,192 ------w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 248,608 ------w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:44 219,936 ------w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:45 355,104 ------w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2007-08-20 10:04:41 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll

break 1/2
__________________

__________________
generalaxes is offline  
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Hi Guys, Can someone help me with smitfraud. here is mu HJT log Rosco_beats HijackThis Logs (finished) 13 05-15-2008 07:05 AM
HJT Log. Internet Issues Lukey114 HijackThis Logs (finished) 4 04-16-2008 08:02 AM
HijackThis log file oobern HijackThis Logs (finished) 13 03-03-2008 08:20 PM
HJT Log Preacher HijackThis Logs (finished) 9 12-15-2007 02:32 PM
New Log enigm@tic HijackThis Logs (finished) 4 12-13-2007 07:45 PM



Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 09:15 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2018, vBulletin Solutions, Inc.