Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: I think this is right

  1. #1
    Member
    Join Date
    Jan 2008
    Posts
    97

    Default I think this is right

    please let me know if this is right i am new to this forum but have used spybot to fix my computer befor but now spybot says there is no prob kaspersky says I am infested



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:21:45 AM, on 1/9/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Documents and Settings\justin2\Desktop\HiJackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mtasolutions.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtasolutions.com/
    O2 - BHO: (no name) - {134C4F85-AA35-8ECE-1E64-FB8DCB2386E8} - C:\WINDOWS\system32\qzuoshi.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Start EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\PROGRA~1\EASYWE~1\easywebcam.exe
    O9 - Extra 'Tools' menuitem: &EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\PROGRA~1\EASYWE~1\easywebcam.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/gam...ts/y/tt5_x.cab
    O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/gam...ts/y/pt3_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/gam...s/y/poti_x.cab
    O16 - DPF: Yahoo! Pyramids - http://download2.games.yahoo.com/gam...s/y/pyt1_x.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D6737CD6-3AB7-42ED-BDC7-800E554D9B42}: NameServer = 12.6.42.1 12.6.42.2
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe

    --
    End of file - 4059 bytes

  2. #2
    Member
    Join Date
    Jan 2008
    Posts
    97

    Default hi again. Is this the right log?

    Hi my kaspersky says


    KASPERSKY ONLINE SCANNER REPORT
    Wednesday, January 09, 2008 10:16:08 AM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 9/01/2008
    Kaspersky Anti-Virus database records: 504494


    Scan Settings
    Scan using the following antivirus database extended
    Scan Archives true
    Scan Mail Bases true

    Scan Target My Computer
    A:\
    C:\
    D:\

    Scan Statistics
    Total number of scanned objects 32117
    Number of viruses found 15
    Number of infected objects 25
    Number of suspicious objects 2
    Duration of the scan process 00:24:27

    Infected Object Name Virus Name Last Action
    C:\Documents and Settings\Administrator\Incomplete\T-1667963-TOTALLY HIP TRACK.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

    C:\Documents and Settings\Administrator\Incomplete\T-4076126-Top of Charts - 2005.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\YazzleSudoku.zip/Yazzle1552OinUninstaller.exe Suspicious: Password-protected-EXE skipped

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\YazzleSudoku.zip ZIP: suspicious - 1 skipped

    C:\Documents and Settings\justin2\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\justin2\Desktop\Unused Desktop Shortcuts\MagicJellybean Keyfinder and Changer.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

    C:\Documents and Settings\justin2\Desktop\Unused Desktop Shortcuts\MagicJellybean Keyfinder and Changer.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

    C:\Documents and Settings\justin2\Desktop\Unused Desktop Shortcuts\MagicJellybean Keyfinder and Changer.exe RarSFX: infected - 2 skipped

    C:\Documents and Settings\justin2\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\justin2\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\justin2\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\justin2\Local Settings\History\History.IE5\MSHist012008010820080109\index.dat Object is locked skipped

    C:\Documents and Settings\justin2\Local Settings\History\History.IE5\MSHist012008010920080110\index.dat Object is locked skipped

    C:\Documents and Settings\justin2\Local Settings\Temp\nsyCB.tmp\Install.dll Infected: not-a-virus:AdWare.Win32.180Solutions.bj skipped

    C:\Documents and Settings\justin2\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\justin2\ntuser.dat Object is locked skipped

    C:\Documents and Settings\justin2\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\qoobox\Quarantine\C\2.tmp.vir/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

    C:\qoobox\Quarantine\C\2.tmp.vir NSIS: infected - 1 skipped

    C:\qoobox\Quarantine\C\3.tmp.vir Infected: Trojan-Downloader.Win32.Small.eqn skipped

    C:\qoobox\Quarantine\C\WINDOWS\b104.exe.vir/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped

    C:\qoobox\Quarantine\C\WINDOWS\b104.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

    C:\qoobox\Quarantine\C\WINDOWS\b104.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

    C:\qoobox\Quarantine\C\WINDOWS\b104.exe.vir NSIS: infected - 3 skipped

    C:\qoobox\Quarantine\C\WINDOWS\b136.exe.vir/stream/data0002 Infected: Trojan-Dropper.Win32.Agent.bfr skipped

    C:\qoobox\Quarantine\C\WINDOWS\b136.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

    C:\qoobox\Quarantine\C\WINDOWS\b136.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

    C:\qoobox\Quarantine\C\WINDOWS\b136.exe.vir NSIS: infected - 3 skipped

    C:\qoobox\Quarantine\C\WINDOWS\FNTS~1\nоpdb.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped

    C:\qoobox\Quarantine\C\WINDOWS\IA\asappsrv.dll.vir Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

    C:\qoobox\Quarantine\C\WINDOWS\IA\command.exe.vir Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

    C:\qoobox\Quarantine\C\WINDOWS\system32\WNSXS~1\chkntfs.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.fe skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP359\A0044941.dll Infected: not-a-virus:AdWare.Win32.Shopper.q skipped

    C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP359\A0044942.dll Infected: not-a-virus:AdTool.Win32.Zango.e skipped

    C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP359\A0044943.exe Infected: not-a-virus:AdTool.Win32.Zango.e skipped

    C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP361\change.log Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\EventCache\{57B1CCC6-94AA-401B-9B48-864007C46D99}.bin Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\default Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\system Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped

    C:\WINDOWS\system32\qzuoshi.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\TEMP\Perflib_Perfdata_3dc.dat Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.
    Last edited by tashi; 2008-01-10 at 04:05. Reason: Mod: two topics merged. ;-)

  3. #3
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Hello and welcome to the forums

    My name is Katana and I will be helping you to remove any infection(s) that you may have.

    Please observe these rules while we work:
    1. If you don't know, stop and ask! Don't keep going on.
    2. Please reply to this thread. Do not start a new topic.
    3. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)

    If you can do those three things, everything should go smoothly :D

    VundoFix
    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\\vundofix.txt and a new HiJackThis log.

    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

    Download and Run ComboFix
    I see you have already used ComboFix, please can you delete the copy you have and download the updated version.
    • Download Combofix from one of the links below :

      ComboFix.exe 1
      ComboFix.exe 2
      ComboFix.exe 3
    • You must download it to and run it from your Desktop
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
    • Re-enable all the programs that were disabled during the running of ComboFix..


    Note:
    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ComboFix SHOULD NOT be used unless requested by a forum helper
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  4. #4
    Member
    Join Date
    Jan 2008
    Posts
    97

    Default thank you for your time!

    Ok here there they are I think. i hope I did it right!



    ComboFix 08-01-11.1 - justin2 2008-01-11 8:11:56.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.689 [GMT -9:00]
    Running from: C:\Documents and Settings\justin2\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\justin2\Application Data\ShoppingReport
    C:\Documents and Settings\justin2\Application Data\ShoppingReport\cs\Config.xml

    .
    ((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))
    .

    2008-01-11 07:55 . 2008-01-11 07:55 <DIR> d-------- C:\VundoFix Backups
    2008-01-11 01:57 . 2008-01-11 02:09 <DIR> d-------- C:\Program Files\Enigma Software Group
    2008-01-10 22:09 . 2008-01-10 22:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-01-10 21:39 . 2008-01-10 21:39 <DIR> d-------- C:\KAV
    2008-01-10 20:09 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-01-10 20:08 . 2008-01-10 20:09 <DIR> d-------- C:\Program Files\Java
    2008-01-10 20:08 . 2008-01-10 20:08 <DIR> d-------- C:\Program Files\Common Files\Java
    2008-01-10 13:27 . 2008-01-10 13:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-01-10 12:14 . 2008-01-10 13:55 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2008-01-10 12:14 . 2008-01-10 12:14 <DIR> d-------- C:\Documents and Settings\justin2\Application Data\SUPERAntiSpyware.com
    2008-01-10 12:14 . 2008-01-10 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-01-10 12:11 . 2008-01-10 12:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-10 11:14 . 2008-01-10 11:14 <DIR> d-------- C:\Documents and Settings\justin2\Application Data\Grisoft
    2008-01-10 11:14 . 2008-01-10 11:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-08 15:57 . 2008-01-08 15:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-12-31 12:16 . 2007-12-31 12:16 <DIR> d-------- C:\Documents and Settings\justin2\Application Data\Apple Computer
    2007-12-31 12:11 . 2008-01-11 00:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-12-31 12:11 . 2007-12-31 12:11 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-12-31 12:07 . 2008-01-07 23:56 <DIR> d-------- C:\Program Files\QuickTime
    2007-12-31 12:07 . 2007-12-31 12:07 <DIR> d-------- C:\Program Files\Apple Software Update
    2007-12-31 12:07 . 2007-12-31 12:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-12-31 12:07 . 2007-12-31 12:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2007-12-28 20:55 . 2007-12-28 20:55 <DIR> d-------- C:\Documents and Settings\justin2\Application Data\Talkback
    2007-12-12 11:40 . 2008-01-07 14:22 <DIR> d-------- C:\Documents and Settings\justin2\Application Data\FrostWire
    2007-12-12 11:39 . 2007-12-12 11:39 <DIR> d-------- C:\Program Files\FrostWire
    2007-12-12 11:39 . 2007-12-12 11:39 <DIR> d-------- C:\Program Files\AskSBar

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-20 18:46 73,728 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
    2007-12-14 06:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-04 23:35 --------- d-----w C:\Program Files\Ubi Soft
    2007-12-03 03:33 --------- d-----w C:\Program Files\ApexDC++
    2007-11-27 19:10 --------- d--h--r C:\Documents and Settings\justin2\Application Data\yahoo!
    2007-11-27 19:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
    2007-11-27 18:03 --------- d-----w C:\Program Files\Realtek AC97
    2007-11-27 18:03 --------- d-----w C:\Program Files\PC Drivers HeadQuarters(2)
    2007-11-27 18:03 --------- d-----w C:\Program Files\PC Drivers HeadQuarters
    2007-11-14 07:26 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
    2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2007-10-30 10:16 3,058,688 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
    2007-10-28 02:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-28 02:40 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    2007-10-26 03:36 8,454,656 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-11 06:13 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
    2007-10-11 06:13 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
    2007-10-11 06:13 659,456 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-10-11 06:13 615,424 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-10-11 06:13 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-10-11 06:13 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-10-11 06:13 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-10-11 06:13 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-10-11 06:13 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-10-11 06:13 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-10-11 06:13 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
    2007-10-11 06:13 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-10-11 06:13 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-10-11 06:13 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
    2007-10-11 06:13 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-10-11 06:13 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-10-11 06:13 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
    2007-10-11 06:13 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
    2007-12-12 11:39 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11D4-9B18-009027A5CD4F}
    {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

    [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-12-12 11:39 267592]

    [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2004-08-03 22:56 53760 C:\WINDOWS\system32\narrator.exe]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkAdmin]
    --a------ 2002-01-24 17:03 81920 C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]
    --a------ 2003-05-08 10:34 69632 C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrust PestPatrol Active Protection]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    --a------ 2004-11-02 07:59 126976 C:\WINDOWS\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    --a------ 2004-11-02 08:03 155648 C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --ahs---- 2007-06-12 05:08 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2006-10-22 11:22 7700480 C:\WINDOWS\system32\NvCpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2006-10-22 11:22 86016 C:\WINDOWS\system32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
    --a------ 2003-05-05 07:57 143360 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WIN32SL"=2 (0x2)
    "SoundMAX Agent Service (default)"=2 (0x2)
    "NVSvc"=2 (0x2)
    "gusvc"=3 (0x3)
    "cpqWebDmi"=2 (0x2)
    "cpqdmi"=2 (0x2)
    "CpqDfwWebAgent"=2 (0x2)
    "CPQALERT"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "EasyFreeWebCam"=
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    "nwiz"=nwiz.exe /install
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
    "DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
    "CPQDFWAG"=C:\WINDOWS\Cpqdiag\CpqDfwAg.exe

    R1 ClntMgmt;Compaq Client Management Driver;C:\WINDOWS\system32\Drivers\ClntMgmt.sys [2002-01-16 13:48]
    S3 DoradoPC;Conexant VGA Camera;C:\WINDOWS\system32\DRIVERS\drdvid40.sys [2001-12-16 17:33]
    S4 CpqDfwWebAgent;Compaq Remote Diagnostics Enabling Agent;C:\WINDOWS\Cpqdiag\Cpqdfwag.exe [2001-10-25 16:56]
    S4 cpqWebDmi;Compaq DMI Web Agent;C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe [2002-01-24 17:09]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9636d46-2b44-11dc-a62b-806d6172696f}]
    \shell\AutoRun\command - D:\autorun.exe

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-11 08:13:05
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-11 8:13:41
    ComboFix-quarantined-files.txt 2008-01-11 17:13:25
    ComboFix2.txt 2007-10-20 22:16:05
    .
    2008-01-10 12:01:06 --- E O F ---

    AND




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:22:44 AM, on 1/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\justin2\Desktop\HiJackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mtasolutions.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtasolutions.com/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Start EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\PROGRA~1\EASYWE~1\easywebcam.exe
    O9 - Extra 'Tools' menuitem: &EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\PROGRA~1\EASYWE~1\easywebcam.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/gam...ts/y/tt5_x.cab
    O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/gam...ts/y/pt3_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/gam...s/y/poti_x.cab
    O16 - DPF: Yahoo! Pyramids - http://download2.games.yahoo.com/gam...s/y/pyt1_x.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D6737CD6-3AB7-42ED-BDC7-800E554D9B42}: NameServer = 12.6.42.1 12.6.42.2
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe

    --
    End of file - 4134 bytes

  5. #5
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    That log looks fine, are you still having problems ?

    Did you deliberately install Ask Toolbar ?
    Do you have the VundoFix Log please.


    TotalScan
    Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
    Please go to this site Link >> TotalScan << LINK
    • Under Scan Now click the Full Scan button
    • Follow the prompts to install the Active X if necessary
    • Go and make a cup of tea/coffee/beverage of your choice and watch some TV
    • When the scan is finished, a report will be generated
    • Next to Scan Details click the small Save button and save the report to your desktop.
    • Please post the report in your reply.
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  6. #6
    Member
    Join Date
    Jan 2008
    Posts
    97

    Default

    no I did not install ask Toolbar and that vundofix log i dont know it found no files or probs it could fix but I do have a kaspersky log that says that i have a virus called yazzlesdoku and i think its a key logger my porb is that i click on a link or site and i have to click 3 or 4 times befor it responds or it flashes the page then goes away.so yes i am still having a small prob. but it is much better than it was!

  7. #7
    Member
    Join Date
    Jan 2008
    Posts
    97

    Default

    *yazzlesudoku*

  8. #8
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    please can you post the total scan log.
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  9. #9
    Member
    Join Date
    Jan 2008
    Posts
    97

    Default

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2008-01-11 13:16:51
    PROTECTIONS: 0
    MALWARE: 2
    SUSPECTS: 0
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00363040 Dialer.ITJ Dialers No 1 Yes No C:\Program Files\Easy Web Cam\dialler.exe
    01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\justin2\Local Settings\Application Data\Mozilla\Firefox\Profiles\7gvp34rb.default\Cache\C2152591d01[nircmd.com]
    01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\justin2\Local Settings\Application Data\Mozilla\Firefox\Profiles\7gvp34rb.default\Cache\C2152591d01[nircmd.cfexe]
    01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\justin2\Desktop\ComboFix.exe[nircmd.cfexe]
    01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP367\A0047294.exe
    01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP368\A0047336.com
    01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
    01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\justin2\Desktop\ComboFix.exe[nircmd.com]
    ;===================================================================================================================================================================================
    SUSPECTS
    Location
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================

  10. #10
    Member
    Join Date
    Jan 2008
    Posts
    97

    Default soryy about the word wrap

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2008-01-11 13:16:51
    PROTECTIONS: 0
    MALWARE: 2
    SUSPECTS: 0
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00363040 Dialer.ITJ Dialers No 1 Yes No C:\Program Files\Easy Web Cam\dialler.exe
    01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\justin2\Local Settings\Application Data\Mozilla\Firefox\Profiles\7gvp34rb.default\Cache\C2152591d01[nircmd.com]
    01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\justin2\Local Settings\Application Data\Mozilla\Firefox\Profiles\7gvp34rb.default\Cache\C2152591d01[nircmd.cfexe]
    01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\justin2\Desktop\ComboFix.exe[nircmd.cfexe]
    01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP367\A0047294.exe
    01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP368\A0047336.com
    01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
    01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\justin2\Desktop\ComboFix.exe[nircmd.com]
    ;===================================================================================================================================================================================
    SUSPECTS
    Location
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •