Thread: Serious HELP! yet others welcome
View Single Post
Old 12-10-2007, 07:41 AM   #21 (permalink)
wtrmn76
Registered User
 
Join Date: Nov 2007
Posts: 36
OS: windows XP SP2


Re: Serious HELP! yet others welcome
here ya go!!

ComboFix 07-12-07.5 - Brad 2007-12-10 8:36:34.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.632 [GMT -6:00]
Running from: C:\Documents and Settings\Brad\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Brad\Application Data\Dcads Advanced Toolbar
C:\Documents and Settings\Brad\Application Data\Dcads Advanced Toolbar\advertbuttons.xml
C:\Documents and Settings\Brad\Application Data\Dcads Advanced Toolbar\selected.xml
C:\Program Files\ContextTool
C:\Program Files\ContextTool\ContextHelper.dat
C:\Program Files\ContextTool\ContextTool-2.dll
C:\Program Files\ContextTool\pcre3.dll
C:\Program Files\ContextTool\uninstall.exe
C:\WINDOWS\S72C093FB.tmp
C:\WINDOWS\system32\CDUninst.isu
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\Npad.exe
C:\WINDOWS\system32\sprt_ads.dll
C:\WINDOWS\system32\superiorads-uninst.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-10 to 2007-12-10 )))))))))))))))))))))))))))))))
.

2007-12-09 12:48 . 2007-12-09 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Support.com
2007-12-09 12:45 . 2007-12-09 12:45 <DIR> d-------- C:\Program Files\SupportSoft
2007-12-08 01:39 . 2007-12-08 01:39 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-12-08 01:39 . 2007-12-08 01:39 <DIR> d-------- C:\WINDOWS\system32\restore
2007-12-08 01:39 . 2007-12-08 01:39 <DIR> d-------- C:\WINDOWS\srchasst
2007-12-08 01:39 . 2007-12-08 01:39 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-12-07 21:13 . 2007-12-09 08:31 <DIR> d-------- C:\Program Files\Wootalyzer
2007-12-07 21:13 . 2007-12-09 08:31 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\Wootalyzer
2007-11-27 18:17 . 2007-11-27 18:29 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-27 18:17 . 2007-11-27 18:17 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-27 18:17 . 2007-11-27 18:17 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-27 18:17 . 2007-11-27 18:17 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-26 19:02 . 2007-11-26 19:02 <DIR> d-------- C:\Deckard
2007-11-26 17:43 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2007-11-24 13:40 . 2007-11-26 02:18 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-24 13:40 . 2007-11-24 13:40 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\PC Tools
2007-11-24 13:40 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-24 13:40 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-24 13:40 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-24 13:40 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-24 13:39 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-24 12:42 . 2007-11-24 13:14 <DIR> d-------- C:\Documents and Settings\Brad\.housecall6.6
2007-11-24 12:42 . 2007-11-24 12:42 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-16 18:57 . 1998-02-13 14:30 143,872 --a------ C:\WINDOWS\system32\iacenc.dll
2007-11-16 18:57 . 1997-06-13 08:56 56,832 --a------ C:\WINDOWS\system32\Iyvu9_32.dll
2007-11-16 18:28 . 2007-11-18 10:23 <DIR> d-------- C:\Program Files\Dcads Advanced Toolbar
2007-11-16 18:03 . 2007-11-16 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-11-16 18:00 . 2007-11-22 08:41 <DIR> d-------- C:\Program Files\SlySoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-10 14:36 --------- d-----w C:\Documents and Settings\Brad\Application Data\Skype
2007-12-02 19:53 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-02 18:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-22 14:44 --------- d-----w C:\Program Files\Yahoo!
2007-11-17 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-17 00:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-11-17 00:08 --------- d-----w C:\Program Files\LimeWire
2007-11-11 02:50 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-11-10 00:57 --------- d-----w C:\Program Files\Guild Wars
2007-11-08 23:45 --------- d-----w C:\Program Files\QuickTime Alternative
2007-11-08 23:45 --------- d-----w C:\Program Files\iTunes
2007-11-08 23:45 --------- d-----w C:\Program Files\iPod
2007-11-06 01:53 --------- d-----w C:\Program Files\Stamps.com Internet Postage
2007-10-26 22:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-10-26 21:48 --------- d-----w C:\Program Files\IVT Corporation
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\DllCache\shell32.dll
2007-10-23 22:42 --------- d-----w C:\Program Files\Apple Software Update
2007-10-23 22:41 --------- d-----w C:\Program Files\Common Files\Apple
2007-10-23 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-21 16:47 --------- d--h--r C:\Documents and Settings\Brad\Application Data\yahoo!
2007-10-20 21:49 --------- d-s---w C:\Program Files\Xfire
2007-10-20 21:48 --------- d-----w C:\Documents and Settings\Brad\Application Data\Xfire
2007-10-20 18:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-10-11 01:42 --------- d-----w C:\Program Files\Starcraft
2007-10-11 01:42 --------- d-----w C:\Program Files\Folding@Home
2007-10-11 01:30 --------- d-----w C:\Program Files\Summitsoft
2007-09-18 01:35 164 ----a-w C:\install.dat
2007-09-17 23:46 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-09-13 00:45 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-03-10 20:28 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2006-11-19 17:13 209,893 ----a-w C:\Program Files\wap11_fw_v22.zip
2006-11-19 17:12 1,098,187 ----a-w C:\Program Files\wap11_dr_ver22.zip
.

((((((((((((((((((((((((((((( snapshot@2007-12-08_ 1.40.05.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-09-13 09:02:56 204,800 ----a-w C:\WINDOWS\Downloaded Program Files\tgctlcm.dll
+ 2004-07-15 05:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1800\_aspnet_isapi.dll
+ 2004-07-15 04:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1800\_CORPerfMonExt.dll
+ 2004-07-15 04:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1800\_fusion.dll
+ 2004-07-15 04:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1800\_mscorjit.dll
+ 2004-07-15 18:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1800\_mscorlib.dll
+ 2003-02-20 23:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1800\_mscorsn.dll
+ 2004-07-15 04:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1800\_mscorsvr.dll
+ 2004-07-15 04:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1800\_mscorwks.dll
+ 2003-02-21 08:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1800\_msvcr71.dll
+ 2004-07-15 04:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1800\_PerfCounter.dll
+ 2004-07-15 05:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_aspnet_isapi.dll
+ 2004-07-15 04:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_CORPerfMonExt.dll
+ 2004-07-15 04:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_fusion.dll
+ 2004-07-15 04:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_mscorjit.dll
+ 2004-07-15 18:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_mscorlib.dll
+ 2003-02-20 23:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_mscorsn.dll
+ 2004-07-15 04:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_mscorsvr.dll
+ 2004-07-15 04:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_mscorwks.dll
+ 2003-02-21 08:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_msvcr71.dll
+ 2004-07-15 04:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_PerfCounter.dll
+ 2004-07-15 05:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW628\_aspnet_isapi.dll
+ 2004-07-15 04:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW628\_CORPerfMonExt.dll
+ 2004-07-15 04:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW628\_fusion.dll
+ 2004-07-15 04:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW628\_mscorjit.dll
+ 2004-07-15 18:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW628\_mscorlib.dll
+ 2003-02-20 23:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW628\_mscorsn.dll
+ 2004-07-15 04:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW628\_mscorsvr.dll
+ 2004-07-15 04:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW628\_mscorwks.dll
+ 2003-02-21 08:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW628\_msvcr71.dll
+ 2004-07-15 04:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW628\_PerfCounter.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
C:\Program Files\ContextTool\ContextTool-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AD44D3E-7316-4251-B754-9B10EC96AF92}]
C:\WINDOWS\system32\sprt_ads.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-01 12:18]
"npad_ql"="C:\WINDOWS\system32\Npad.exe" []
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" []
"Vistadrv"="C:\WINDOWS\system32\vsdrv.exe" [2006-07-30 03:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50]
"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 22:56 C:\WINDOWS\system32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 22:56 C:\WINDOWS\system32\rundll32.exe]
"hcsystray"="C:\Program Files\Kuma Games\hcsystray\hc_tray.exe" []
"DXDllRegExe"="dxdllreg.exe" []
"EPSON Stylus CX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.exe" [2005-03-07 13:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"RegistryMechanic"="" []
"spa_start"="C:\WINDOWS\System32\Rundll32.exe" [2004-08-03 22:56]
"SansaDispatch"="C:\Documents and Settings\Brad\Desktop\SansaDispatch.exe" [2007-05-02 19:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2006-08-25 08:18]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"npad_ql"="C:\WINDOWS\system32\Npad.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoRecentDocsMenu"= 1 (0x1)
"NoRecentDocsHistory"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoRecentDocsMenu"= 1 (0x1)
"NoRecentDocsHistory"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
"LClock"=C:\Program Files\LClock\LClock.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-12-06 23:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-10 02:30:15 C:\WINDOWS\Tasks\User_Feed_Synchronization-{AE75908B-8294-4A09-9F36-23EE90111646}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 08:37:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-10 8:38:08
C:\ComboFix2.txt ... 2007-12-08 11:42
C:\ComboFix3.txt ... 2007-12-08 01:43
.
--- E O F ---
wtrmn76 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here