Thread: Dss and HiJack this log, HElp please
View Single Post
Old 05-04-2008, 04:52 PM   #4 (permalink)
nimaste7
Registered User
 
Join Date: May 2008
Posts: 5
OS: windows xp home edition


Re: Dss and HiJack this log, HElp please
I dont have a virus program,, i was wondering if you could make a suggestion for a good,small, and free program.


ComboFix 08-05-01.3 - Brian 2008-05-04 17:27:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.98 [GMT -5:00]
Running from: C:\Documents and Settings\Brian\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Brian\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\B.tmp
C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\matrix.dll
C:\WINDOWS\123messenger.per
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\browserad.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\default.htm
C:\WINDOWS\didduid.ini
C:\WINDOWS\lfn.exe
C:\WINDOWS\licencia.txt
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\muotr.so
C:\WINDOWS\ntnut.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\swin32.dll
C:\WINDOWS\SYSTEM32\000070.exe
C:\WINDOWS\SYSTEM32\000080.exe
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\SYSTEM32\MSBIlUtv.ini
C:\WINDOWS\SYSTEM32\MSBIlUtv.ini2
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\telefonos.txt
C:\WINDOWS\textos.txt
C:\WINDOWS\voiceip.dll
C:\WINDOWS\winsb.dll
C:\WINDOWS\winself.exe
C:\WINDOWS\wintst32.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSECURITY1.209.4
-------\Service_MsSecurity1.209.4


((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.

2008-05-02 14:54 . 2008-05-02 14:54 <DIR> d-------- C:\Deckard
2008-05-02 14:42 . 2008-05-02 14:42 <DIR> d-------- C:\ie-spyad_zo
2008-05-02 14:39 . 2008-05-02 15:53 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-02 14:39 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\SYSTEM32\MSINET.OCX
2008-05-02 14:27 . 2008-05-04 17:09 <DIR> d-------- C:\Program Files\Panda Security
2008-05-01 18:43 . 2008-05-01 18:43 <DIR> d-------- C:\Program Files\IObit
2008-05-01 18:27 . 2008-05-01 18:27 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\Uniblue
2008-05-01 18:08 . 2008-05-01 18:33 <DIR> d-------- C:\Program Files\Uniblue
2008-04-28 14:47 . 2008-04-28 14:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-28 00:55 . 2008-04-28 00:57 <DIR> d-------- C:\Program Files\Unlocker
2008-04-27 22:35 . 2008-04-27 22:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-04-27 22:33 . 2008-04-27 22:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-04-27 22:29 . 2005-02-24 14:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-04-27 22:29 . 2008-04-27 22:29 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-27 22:29 . 2008-05-04 17:26 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-27 22:28 . 2008-04-27 22:28 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-04-27 20:15 . 2008-04-27 20:15 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-04-27 20:15 . 2008-05-04 17:23 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-27 18:08 . 2008-04-27 18:08 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-27 18:08 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
2008-04-27 18:08 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2008-04-27 18:08 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
2008-04-27 18:08 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0BB9.sys
2008-04-27 18:07 . 2008-04-27 18:07 <DIR> d-------- C:\Program Files\Webroot
2008-04-27 18:07 . 2008-04-27 18:07 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\Webroot
2008-04-27 18:07 . 2008-04-27 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-27 18:07 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-04-27 18:06 . 2008-04-27 18:06 164 --a------ C:\install.dat
2008-04-27 15:20 . 2008-04-27 15:20 9,662 --a------ C:\WINDOWS\SYSTEM32\ZoneAlarmIconUS.ico
2008-04-27 15:19 . 2008-04-27 15:19 9,662 --a------ C:\WINDOWS\SYSTEM32\ZoneAlarmIconUK.ico
2008-04-27 15:19 . 2008-04-27 15:19 9,662 --a------ C:\WINDOWS\SYSTEM32\ZoneAlarmIconFR.ico
2008-04-27 15:11 . 2008-04-27 15:11 57,546 --a------ C:\WINDOWS\promogif3.gif
2008-04-27 15:11 . 2008-04-27 15:11 24,351 --a------ C:\WINDOWS\promogif1.gif
2008-04-27 15:11 . 2008-04-27 15:11 24,066 --a------ C:\WINDOWS\promogif2.gif
2008-04-27 13:11 . 2004-08-04 06:00 4,224 --a------ C:\WINDOWS\SYSTEM32\beep.sys
2008-04-15 23:10 . 2008-04-15 23:10 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\Smith Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 20:01 --------- d-----w C:\Program Files\eSoftware
2008-04-09 08:04 --------- d-----w C:\Program Files\QuickTime
2008-04-09 08:04 --------- d-----w C:\Program Files\DellSupport
2008-04-04 02:44 --------- d-----w C:\Program Files\Samsung
2008-04-04 02:43 --------- d-----w C:\Program Files\Verizon Wireless
2008-03-10 20:26 --------- d-----w C:\Documents and Settings\Brian\Application Data\MySpace
2008-03-05 03:33 --------- d-----w C:\Program Files\Java
2008-03-05 03:32 --------- d-----w C:\Program Files\Common Files\Java
2007-12-08 20:04 39,504 ----a-w C:\Documents and Settings\Brian\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 00:10 15872]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"= {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Brian^Start Menu^Programs^Startup^V CAST Music Monitor.lnk]
path=C:\Documents and Settings\Brian\Start Menu\Programs\Startup\V CAST Music Monitor.lnk
backup=C:\WINDOWS\pss\V CAST Music Monitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
rundll32 sockins32.dll,InitModule
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 17:33:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\explorer.exe [1500] 0xFF955DA0

scanning hidden autostart entries ...

scanning hidden files ...


folder error: C:\DOCUME~1\Brian\LOCALS~1\Temp\

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
.
**************************************************************************
.
Completion time: 2008-05-04 17:39:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-04 22:39:40

Pre-Run: 27,311,087,616 bytes free
Post-Run: 27,584,159,744 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

190 --- E O F --- 2008-05-04 05:30:20


new hijack this log


Deckard's System Scanner v20071014.68
Run by Brian on 2008-05-04 17:45:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis (run as Brian.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:46:03 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Brian\Desktop\nick, nikki docs\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Brian.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - https://vmodlms.widerthanam.com/comp...WDLManager.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mail.gdls.com/whalecomf6528f...0/iNotes6W.cab
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 4308 bytes

-- Files created between 2008-04-04 and 2008-05-04 -----------------------------

2008-05-04 17:26:59 0 d-------- C:\cmdcons
2008-05-04 17:25:58 68096 --a------ C:\WINDOWS\zip.exe
2008-05-04 17:25:58 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-04 17:25:58 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-04 17:25:58 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-04 17:25:58 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-04 17:25:58 98816 --a------ C:\WINDOWS\sed.exe
2008-05-04 17:25:58 80412 --a------ C:\WINDOWS\grep.exe
2008-05-04 17:25:58 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-02 14:42:21 0 d-------- C:\ie-spyad_zo
2008-05-02 14:39:32 0 d-------- C:\Program Files\SpywareBlaster
2008-05-02 14:27:06 0 d-------- C:\Program Files\Panda Security
2008-05-01 18:43:04 0 d-------- C:\Program Files\IObit
2008-05-01 18:27:00 0 d-------- C:\Documents and Settings\Brian\Application Data\Uniblue
2008-05-01 18:08:44 0 d-------- C:\Program Files\Uniblue
2008-04-28 22:21:48 0 d-------- C:\WINDOWS\pss
2008-04-28 14:47:11 0 d-------- C:\Program Files\Trend Micro
2008-04-27 22:35:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-04-27 22:33:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-04-27 22:29:05 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-27 22:29:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-04-27 22:29:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-27 22:29:04 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-27 22:29:04 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-27 22:29:04 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-27 22:29:04 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-27 22:29:04 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-27 22:29:04 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-27 22:29:04 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-27 22:29:04 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-27 22:29:04 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-27 22:29:04 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-27 22:29:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-04-27 22:29:03 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-27 22:29:03 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-27 22:29:02 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-27 22:28:52 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-04-27 20:15:57 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-27 20:15:27 0 d-------- C:\Program Files\Common Files\PC Tools
2008-04-27 18:08:27 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-27 18:07:58 0 d-------- C:\Program Files\Webroot
2008-04-27 18:07:58 0 d-------- C:\Documents and Settings\Brian\Application Data\Webroot
2008-04-27 18:07:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-27 1853 164 --a------ C:\install.dat
2008-04-15 23:10:49 0 d-------- C:\Documents and Settings\Brian\Application Data\Smith Micro


-- Find3M Report ---------------------------------------------------------------

2008-04-27 20:15:27 0 d-------- C:\Program Files\Common Files
2008-04-27 15:19:40 13 --a------ C:\WINDOWS\C6E9-06F1-D409-40FA.dat
2008-04-09 15:01:40 0 d-------- C:\Program Files\eSoftware
2008-04-09 03:04:05 0 d-------- C:\Program Files\DellSupport
2008-04-09 03:04:01 0 d-------- C:\Program Files\QuickTime
2008-04-09 03:04:01 0 d-------- C:\Program Files\Messenger
2008-04-03 21:44:20 0 d-------- C:\Program Files\Samsung
2008-04-03 21:43:08 0 d-------- C:\Program Files\Verizon Wireless
2008-03-10 15:26:07 0 d-------- C:\Documents and Settings\Brian\Application Data\MySpace
2008-03-04 22:33:17 0 d-------- C:\Program Files\Java
2008-03-04 22:32:12 0 d-------- C:\Program Files\Common Files\Java


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [03/01/2008 12:10 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

C:\Documents and Settings\Brian\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 2:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 2:04:12 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"= {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Brian^Start Menu^Programs^Startup^V CAST Music Monitor.lnk]
path=C:\Documents and Settings\Brian\Start Menu\Programs\Startup\V CAST Music Monitor.lnk
backup=C:\WINDOWS\pss\V CAST Music Monitor.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
rundll32 sockins32.dll,InitModule



-- End of Deckard's System Scanner: finished at 2008-05-04 17:46:35 ------------
Attached Files
File Type: txt ComboFix.txt (10.3 KB, 4 views)
Last edited by tetonbob : 05-04-2008 at 07:32 PM.
nimaste7 is offline   Reply With Quote