« previous next »
Pages: 1 2 [3]

Author Topic: Bad e-mail, I think I'm infected  (Read 1530 times)

Offline Heather

  • Jr. Member
  • **
  • Posts: 81
  • Karma: +0/-0
    • View Profile
Bad e-mail, I think I'm infected
« Reply #40 on: July 24, 2007, 09:50:17 AM »
so sorry for the delay, things have been insane around here lately.

things are better but there is still something going on, my icon's like to travel on me, going dormant is still giving me problems, sometimes an alert window will pop up but it is distorted or empty, IE is still a bit goofy.

just little things but they all add up to the fact that I'm still not where I was before that blasted e-mail.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Bad e-mail, I think I'm infected
« Reply #41 on: July 24, 2007, 02:26:24 PM »
There is too much of delay in response times
I will need to see new logs please

But first, can you do the following
I need you to update Hijackthis
Download Hijackthis 2.0.2 from my signature below
SAVE it to your desktop

Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open

Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum

Also, can I have you update combofix
Delete combofix.exe from your desktop
Also delete if found this folder >> C:\Combofix
and these text files >>C:\Combofix.txt
Redownload this updated version from HERE
and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the log from combofix as well
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Heather

  • Jr. Member
  • **
  • Posts: 81
  • Karma: +0/-0
    • View Profile
Bad e-mail, I think I'm infected
« Reply #42 on: September 14, 2007, 03:01:36 AM »
Please forgive the extensive delay, tonight I attempted to restore to a point previous to the origonal issue and things were immediately faster however the AVS would not start up and I was having problems with a couple of other programs. I attempted to un-re-install AVS and upon re-install was instructed to disable firewall to complete installation. I tried to disable firewall, and recieved this "Due to an unidentified problem, Windows cannot display Windows firewall settings"
I then tried to uninstall Kerio so as to load AVS and install a new firewall, recieved this [attachment=3827:error.bmp]

clicked ok and got this [attachment=3828:error_2.bmp]
and this [attachment=3829:error_3.bmp]

I tried to download latest version from kerio and recieved same results yet my system is saying I am running Kerio.

posting HJT and Combo in following post.
 
I appreciate any time you can give.
thank you, Heather
Logged

Offline Heather

  • Jr. Member
  • **
  • Posts: 81
  • Karma: +0/-0
    • View Profile
Bad e-mail, I think I'm infected
« Reply #43 on: September 14, 2007, 03:02:59 AM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:43 AM, on 9/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - Unknown owner - C:\Program Files\ewido anti-malware\ewidoctrl.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (file missing)

--
End of file - 7993 bytes




ComboFix 07-09-14.1 - "Heather" 2007-09-14  0:34:25.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.253 [GMT -7:00]
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat

.
(((((((((((((((((((((((((   Files Created from 2007-08-14 to 2007-09-14  )))))))))))))))))))))))))))))))
.

2007-09-14 00:31   <DIR>   d--------   C:\Program Files\Trend Micro
2007-09-13 23:32   76,560   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-09-13 22:34   <DIR>   d--------   C:\DOCUME~1\Heather\.housecall6.6
2007-09-13 21:49   <DIR>   d--------   C:\Program Files\Error Expert
2007-09-13 19:44   <DIR>   d--------   C:\KAV
2007-09-04 10:08   <DIR>   d--------   C:\Program Files\MyWebSearchWB
2007-09-04 10:08   <DIR>   d--------   C:\Program Files\AWS
2007-09-04 10:08   <DIR>   d--------   C:\DOCUME~1\Heather\APPLIC~1\WeatherBug
2007-08-16 00:10   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
2007-08-14 11:57   664   --a------   C:\WINDOWS\SYSTEM32\d3d9caps.dat

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-13 19:33   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-09-13 19:22   ---------   d--------   C:\Program Files\Rhapsody
2007-09-13 18:49   ---------   d--------   C:\Program Files\Real
2007-09-13 18:47   ---------   d--------   C:\DOCUME~1\Heather\APPLIC~1\Real
2007-09-08 23:59   ---------   d--------   C:\DOCUME~1\Heather\APPLIC~1\U3
2007-08-13 15:18   ---------   d--------   C:\DOCUME~1\Heather\APPLIC~1\Ahead
2007-08-13 15:07   ---------   d--------   C:\Program Files\Common Files\LightScribe
2007-08-13 15:00   ---------   d--------   C:\Program Files\Common Files\Ahead
2007-08-13 14:57   ---------   d--------   C:\Program Files\Nero
2007-08-13 14:57   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-08-12 06:57   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
2007-08-12 06:56   ---------   d--------   C:\Program Files\Verizon
2007-07-30 19:19   92504   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2007-07-30 19:19   92504   --a------   C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 19:19   549720   --a------   C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 19:19   549720   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2007-07-30 19:19   53080   --a------   C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 19:19   53080   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2007-07-30 19:19   43352   --a------   C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 19:19   325976   --a------   C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 19:19   325976   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2007-07-30 19:19   271224   --a------   C:\WINDOWS\SYSTEM32\mucltui.dll
2007-07-30 19:19   207736   --a------   C:\WINDOWS\SYSTEM32\muweb.dll
2007-07-30 19:19   203096   --a------   C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 19:19   203096   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2007-07-30 19:19   1712984   --a------   C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 19:19   1712984   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2007-07-30 19:18   33624   --a------   C:\WINDOWS\SYSTEM32\wups.dll
2007-07-30 19:18   33624   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2007-07-18 23:59   3583488   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-07-15 16:25   ---------   d--------   C:\Program Files\HP
2007-07-12 16:31   765952   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\vgx.dll
2007-07-09 19:46   164   --a------   C:\install.dat
2007-06-27 07:34   823808   --a-s----   C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-06-27 07:34   671232   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-06-27 07:34   6058496   ---------   C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-06-27 07:34   52224   ---------   C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-06-27 07:34   477696   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-06-27 07:34   459264   ---------   C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-06-27 07:34   44544   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-06-27 07:34   384512   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-06-27 07:34   383488   ---------   C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-06-27 07:34   27648   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-06-27 07:34   267776   ---------   C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-06-27 07:34   232960   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-06-27 07:34   230400   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-06-27 07:34   193024   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-06-27 07:34   153088   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-06-27 07:34   132608   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-06-27 07:34   124928   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-06-27 07:34   1152000   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-06-27 07:34   105984   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-06-27 07:34   102400   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-06-27 01:27   63488   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-06-27 01:27   625152   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-06-27 01:27   13824   ---------   C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-06-27 00:00   161792   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-06-25 23:08   1104896   --a------   C:\WINDOWS\SYSTEM32\msxml3.dll
2007-06-25 23:08   1104896   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\msxml3.dll
2007-06-19 06:31   282112   --a------   C:\WINDOWS\SYSTEM32\gdi32.dll
2007-06-19 06:31   282112   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
2007-06-17 00:11   51200   --a------   C:\WINDOWS\nircmd.exe
2007-02-20 12:51   439296   --a------   C:\DOCUME~1\Heather\GoToAssist_phone__317_en.exe
2007-02-17 21:07   8   --a------   C:\DOCUME~1\Heather\APPLIC~1\usb.dat.bin
2006-02-19 04:28   12288   --a------   C:\WINDOWS\Fonts\RandFont.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 10:50 C:\WINDOWS\LOGI_MWX.EXE]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-17 00:24]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 14:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 15:24]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
DESKTOP.INI [2002-09-03 07:00:00]

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]

C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]

C:\DOCUME~1\Heather\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]

C:\DOCUME~1\Tim\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)

S0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS
S1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
S1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
S3 VisorUsb;Handspring USB;C:\WINDOWS\system32\DRIVERS\VisorUsb.sys

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-13 00:13:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2004-04-17 03:57:12 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
"2007-01-02 03:58:06 C:\WINDOWS\Tasks\WebReg .job"
- C:\Program Files\HP\digital imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-14 00:37:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-09-14  0:39:08
C:\ComboFix-quarantined-files.txt ... 2007-09-14 00:38
.
   --- E O F ---
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Bad e-mail, I think I'm infected
« Reply #44 on: September 18, 2007, 11:00:01 PM »
Sorry for the delay Heather, unfortunately this topic was started early in July
I should of locked it long ago
If you still need a hand, please start a new topic
I'm going to lock this now and you can continue with a new topic if you wish
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: 1 2 [3]
« previous next »