if you can find the time i could really use some help [Archive]

View Full Version : if you can find the time i could really use some help

xylox

2008-05-11, 23:03

Hi my connection keeps disconnecting, im having problems with, smitfraud, zlob downloader, starware and many others.

Im not really an expert but if anyone can help please do heres a combo fix log:

ComboFix 08-05-09.1 - shade 2008-05-11 22:19:46.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1030.18.175 [GMT 2:00]
Running from: C:\Documents and Settings\shade\Skrivebord\ComboFix.exe
Command switches used :: C:\Documents and Settings\shade\Skrivebord\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\ksol.dll
.

((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.

2008-04-30 16:53 . 2008-04-30 16:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-30 00:57 . 2008-04-30 00:57 <DIR> d-------- C:\Programmer\Fælles filer\Control Panels
2008-04-30 00:42 . 2008-04-30 00:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-04-29 22:28 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-04-29 22:28 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-04-29 21:40 . 2008-04-29 21:40 <DIR> d-------- C:\Programmer\Bonjour
2008-04-29 21:03 . 2008-04-29 21:03 <DIR> d-------- C:\Programmer\Fælles filer\Macrovision Shared
2008-04-28 01:51 . 2008-04-28 01:51 <DIR> d-------- C:\Programmer\MSXML 6.0
2008-04-28 01:51 . 2008-04-28 01:51 <DIR> d-------- C:\Programmer\Microsoft Silverlight
2008-04-28 01:51 . 2008-04-28 01:51 3,252 --a------ C:\WINDOWS\SECB3.PNF
2008-04-28 01:46 . 2008-04-28 01:46 3,068 --a------ C:\WINDOWS\SEC75.PNF
2008-04-28 01:42 . 2008-04-28 01:44 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-04-26 21:17 . 2008-04-26 21:17 <DIR> d-------- C:\Programmer\DAEMON Tools Lite
2008-04-26 18:25 . 2008-04-26 18:25 <DIR> d-------- C:\Documents and Settings\shade\Application Data\DAEMON Tools
2008-04-26 18:25 . 2008-04-26 18:25 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-23 20:26 . 2008-04-23 20:26 <DIR> d-------- C:\Documents and Settings\shade\.thumbnails
2008-04-20 20:05 . 2008-04-20 20:05 <DIR> d-------- C:\Documents and Settings\shade\Application Data\TrueCrypt
2008-04-14 18:30 . 2008-04-14 18:30 <DIR> d-------- C:\unisecur
2008-04-13 23:44 . 2008-04-13 23:44 <DIR> d-------- C:\Documents and Settings\shade\Application Data\Wireshark
2008-04-13 21:39 . 2008-04-13 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 17:15 --------- d-----w C:\Programmer\Steam
2008-05-07 19:22 --------- d-----w C:\Documents and Settings\shade\Application Data\Warez
2008-05-06 06:40 --------- d-----w C:\Programmer\Windows Live Toolbar
2008-04-29 23:13 --------- d-----w C:\Programmer\Fælles filer\Adobe
2008-04-29 17:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-21 14:45 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-04-21 14:45 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-04-21 14:45 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-04-08 18:08 --------- d-----w C:\Programmer\Windows Live
2008-04-08 10:15 --------- d-----w C:\Programmer\MediaEntertainmentCodec
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-19 23:02 --------- d-----w C:\Documents and Settings\shade\Application Data\Apple Computer
2008-03-19 23:00 --------- d-----w C:\Programmer\QuickTime
2008-03-19 22:57 --------- d-----w C:\Programmer\Fælles filer\Apple
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:54 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:54 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:37 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 22:23 30,615 ----a-w C:\Documents and Settings\shade\x.exe
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
C:\Programmer\RXToolBar\sfcont.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 05:00 15360]
"Steam"="C:\Programmer\Steam\Steam.exe" [2007-01-09 09:58 1269760]
"msnmsgr"="C:\Programmer\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-02 22:05 68856]
"DAEMON Tools Lite"="C:\Programmer\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 19:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 19:32 126976]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44 98394]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43 688218]
"PCMService"="C:\Programmer\Arcade\PCMService.exe" [2005-03-09 18:59 49152]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-27 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-27 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-27 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-27 05:00 455168]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 18:04 188416]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 09:13 2880512]
"LManager"="C:\Programmer\Launch Manager\QtZgAcer.EXE" [2005-03-28 12:20 319488]
"eRecoveryService"="C:\Windows\System32\Check.exe" [2005-03-23 10:01 245760]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Programmer\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"Acrobat Assistant 8.0"="D:\mastersuite collections\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"Adobe_ID0EYTHM"="C:\PROGRA~1\FÆLLES~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 05:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmer\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\shade\\Dokumenter\\BitTorrent\\bittorrent.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmer\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 16:54]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 int15.sys;int15.sys;C:\Programmer\acer\eRecovery\int15.sys [2005-01-13 14:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00900934-072e-11dd-b372-00c09fc4c12c}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{151532fa-dc81-11dc-b31f-00c09fc4c12c}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{151532fc-dc81-11dc-b31f-00c09fc4c12c}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a5a17ca-dc12-11dc-b31e-00c09fc4c12c}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1aa18de6-a033-11dc-b2c3-00c09fc4c12c}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2833e114-c1cc-11dc-b303-00c09fc4c12c}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31a33900-dc05-11dc-b31d-00c09fc4c12c}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{393fe432-e25f-11dc-b327-00c09fc4c12c}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bc28e78-c608-11dc-b304-00c09fc4c12c}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{faeb05ac-dbfd-11dc-b31b-00c09fc4c12c}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{faeb05ae-dbfd-11dc-b31b-00c09fc4c12c}]
\Shell\AutoRun\command - F:\AutoRun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-07 18:02:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 22:23:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
Completion time: 2008-05-11 22:28:06
ComboFix-quarantined-files.txt 2008-05-11 20:27:01
ComboFix2.txt 2008-05-11 17:22:34

Pre-Run: 4,871,499,776 byte ledig
Post-Run: 4,872,593,408 byte ledig

161 --- E O F --- 2008-05-06 06:39:47€

xylox

2008-05-12, 18:42

heres a hijack this log please if any of you might have some hint for me on what to do speek up please...

Logfile of HijackThis v1.99.1
Scan saved at 22:06:00, on 11-05-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Arcade\PCMService.exe
C:\acer\epm\epm-dm.exe
C:\Programmer\Launch Manager\QtZgAcer.EXE
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
D:\mastersuite collections\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\DAEMON Tools Lite\daemon.exe
C:\Programmer\acer\eRecovery\Monitor.exe
C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmer\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\Programmer\internet explorer\iexplore.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\shade\Skrivebord\hijack this\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=22028
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmer\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\shade\DOKUME~1\ACX~1\AC05-F~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Programmer\RXToolBar\sfcont.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\mastersuite collections\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Programmer\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\mastersuite collections\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FÆLLES~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Programmer\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmer\DAEMON Tools Lite\daemon.exe" -autorun
O8 - Extra context menu item: Append to existing PDF - res://D:\mastersuite collections\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\mastersuite collections\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\mastersuite collections\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\mastersuite collections\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\mastersuite collections\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\mastersuite collections\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\mastersuite collections\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\mastersuite collections\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\shade\DOKUME~1\ACX~1\AC05-F~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\shade\DOKUME~1\ACX~1\AC05-F~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\programmer\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F14A1E4-757A-48C3-84C6-669BC364AD3F}: NameServer = 80.251.192.244 80.251.192.245
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmer\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Programmer\Fælles filer\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe

tashi

2008-05-12, 19:28

Hello,

I understand you are nervous about the machine being infected, :) however I have merged two topics, removed a third topic and edited out a helper's name from the topic title.

Please see our sticky topics so you know how we do things here and start again.

As you have connection problems just produce the HJT log, thanks.

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Note: HJT Logs
To produce a log, run Trend Micro HijackThis 2.0.2, not Beta, HijackThis v1.99.1. or any other earlier version. Do NOT run 'fixes' before helpers have analyzed HJT/KAV scans (http://forums.spybot.info/showthread.php?t=16806)

Then a helper will assist you when available.

Best regards.