help with vundo [Archive] - Safer-Networking Forums

kushums

2007-07-03, 01:31

can somone check if im clean please:alien:

Logfile of HijackThis v1.99.1
Scan saved at 15:29, on 2007-07-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\HP_Owner\My Documents\scanner.exe\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?type=3&tp=iehome&locale=en_us&c=q404&bd=pavilion&pf=desktop
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Tinypic Publisher - http://tinypic.com/flix/tinypic_publisher.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183280723531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183280716781
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

"HP_Owner" - 2007-07-02 9:44:51 - ComboFix 07-06-27.7 - Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\HP_Owner\APPLIC~1.\macromedia\Flash Player\#SharedObjects\3KJQ6T6G\www.broadcaster.com
C:\DOCUME~1\HP_Owner\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\HP_Owner\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\HP_Owner\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\HP_Owner\APPLIC~1.\winantispyware 2007\Logs\update.log
C:\DOCUME~1\HP_Owner\APPLIC~1\Microsoft\20509.dat
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Program Files\Common Files\{1C370~1
C:\Program Files\Common Files\{1C370~2
C:\Program Files\Common Files\{3C370~1
C:\Program Files\Common Files\crosof~1
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
C:\WINDOWS\inf\kbdb32.dll
C:\WINDOWS\notedad.exe
C:\WINDOWS\poolsv.exe
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\explorer.exe
C:\WINDOWS\system32\jbihrpmi.exe
C:\WINDOWS\system32\update.exe
C:\WINDOWS\wr.txt

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 )))))))))))))))))))))))))))))))

2007-07-02 09:43 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-07-01 21:15 <DIR> dr-h----- C:\DOCUME~1\HP_Owner\APPLIC~1\SecuROM
2007-07-01 21:14 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-07-01 21:08 <DIR> d-------- C:\Program Files\Tomb Raider - Anniversary
2007-07-01 13:26 <DIR> d-------- C:\Program Files\Activision
2007-06-30 23:41 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-06-30 23:41 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-06-30 23:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2007-06-30 23:39 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-06-30 23:32 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-06-30 23:31 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-29 23:37 4,628 --a------ C:\WINDOWS\system32\ldqdxkjy.exe
2007-06-29 19:33 <DIR> d-------- C:\Program Files\Nero
2007-06-29 19:33 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-06-29 15:43 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Ahead
2007-06-29 11:07 <DIR> d-------- C:\Program Files\Apple Software Update
2007-06-28 22:46 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-28 21:50 45,056 --a------ C:\WINDOWS\system32\Wnaspi32.dll
2007-06-28 21:50 4,455 --a------ C:\WINDOWS\system\Winaspi.dll
2007-06-28 21:50 3,535 --a------ C:\WINDOWS\system\Wowpost.exe
2007-06-28 21:50 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-28 21:50 16,877 --a------ C:\WINDOWS\system32\drivers\Aspi32.sys
2007-06-28 21:50 <DIR> d-------- C:\Program Files\XviD
2007-06-28 21:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-06-28 12:36 <DIR> d-------- C:\WINDOWS\speech
2007-06-28 12:36 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\WinRAR
2007-06-28 12:35 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-06-27 13:29 <DIR> d-------- C:\WINDOWS\Lhsp
2007-06-27 00:11 <DIR> d-------- C:\Program Files\XP Codec Pack
2007-06-25 09:51 2,048 --a------ C:\WINDOWS\winrmv.exe
2007-06-20 19:14 <DIR> d-------- C:\Program Files\Driver-Soft
2007-06-18 22:58 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2007-06-18 21:14 <DIR> d-------- C:\Program Files\DivX
2007-06-18 10:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
2007-06-17 15:04 <DIR> d-------- C:\WINDOWS\nview
2007-06-17 14:58 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-06-17 14:58 <DIR> d-------- C:\NVIDIA
2007-06-16 11:18 <DIR> C:\WINDOWS\Mafia
2007-06-16 11:18 <DIR> C:\Program Files\Mafia
2007-06-07 12:10 20,480 --a------ C:\WINDOWS\system32\ac3config.exe
2007-06-05 21:31 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-03 21:56 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-03 10:29 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\ArtificialStudios

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-02 16:47:45 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\uTorrent
2007-07-01 20:34:36 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-29 18:08:13 -------- d-----w C:\Program Files\QuickTime
2007-06-28 19:36:23 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\dvdcss
2007-06-28 19:35:43 -------- d-----w C:\Program Files\Google
2007-06-17 20:37:38 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-06-16 03:21:16 -------- d-----w C:\Program Files\RegCure
2007-06-01 22:08:26 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\Image Zone Express
2007-05-27 21:21:38 117,158 ----a-w C:\WINDOWS\hpoins11.dat
2007-05-27 21:16:26 -------- d-----w C:\Program Files\Common Files\HP
2007-05-27 21:12:46 -------- d-----w C:\Program Files\HP
2007-05-27 21:12:46 -------- d-----w C:\Program Files\Hewlett-Packard
2007-05-27 02:06:23 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\HP
2007-05-15 07:32:27 -------- d-----w C:\Program Files\Common Files\Real
2007-05-15 07:32:16 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\Real
2007-05-14 19:58:26 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-14 14:54:53 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-14 05:16:41 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\MusicIP
2007-05-14 05:07:01 -------- d-----w C:\Program Files\Symantec
2007-05-14 03:57:36 -------- d-----w C:\Program Files\Microsoft Works
2007-05-14 03:48:28 3,884 ----a-w C:\WINDOWS\viassary-hp.reg
2007-05-14 03:40:27 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\Symantec
2007-05-14 03:40:14 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\Apple Computer
2007-05-14 03:38:39 50 ----a-w C:\AUTOEXEC.BAT
2007-05-14 03:22:09 -------- d-----w C:\Program Files\Windows NT
2007-05-13 17:04:24 -------- d-----w C:\Program Files\Alcohol Soft
2007-05-11 19:19:02 -------- d-----w C:\Program Files\uTorrent
2007-05-10 22:16:24 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\BitTorrent
2007-05-09 23:42:11 1,024 ----a-w C:\WINDOWS\kadsaka.exe
2007-05-07 01:38:53 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\SpywareBot
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:43:44 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2004-12-23 18:41:04 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-19 23:55]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-18 05:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 18:58 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-06 01:05 C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [2004-07-03 02:49 C:\WINDOWS\ALCMTR.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 08:42]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-08 23:01]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 18:34]
"startkey"="C:\WINDOWS\system32\update.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}
C:\WINDOWS\system32\update.exe s

Contents of the 'Scheduled Tasks' folder
2007-07-02 16:00:00 C:\WINDOWS\tasks\9ECA19D294B5A182.job
2007-07-01 14:41:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-30 03:00:00 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (YOUR-AE066C3A9B-HP_Owner).job
2007-07-02 16:51:38 C:\WINDOWS\tasks\RegCure Program Check.job
2007-06-28 10:00:00 C:\WINDOWS\tasks\RegCure.job
2007-07-02 10:00:00 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-02 09:51:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-02 9:53:20 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-02 09:53

--- E O F ---

pskelley

2007-07-03, 17:01

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information. "BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Looks clean of malware to me...any malware problems? If not: Remove all combofix folders from your computer.

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

If you want to run a good free trial to check for hidden junk, use this one with these instruction, delete or quarantine anything it finds and post the scan results if you have questions.
http://forums.security-central.us/showthread.php?t=3165
Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

pskelley

2007-07-03, 19:23

http://forums.spybot.info/showthread.php?p=100639#post100639

Multiple poster, see this:
http://forums.spybot.info/showthread.php?t=288

Please do not start more than one topic for the same computer, during the same period. It will either be removed, or merged with your original thread.

topic is closed