Tech Support Forum - View Single Post - please help me with this unknown ctpmon.exe

edchar · 01-29-2007, 09:10 PM

"user" - 07-01-30 12:05:36 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\user\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\dlh9jkd1q8.exe

((((((((((((((((((((((((((((((( Files Created from 2006-12-30 to 2007-01-30 ))))))))))))))))))))))))))))))))))

2007-01-29 19:41 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-28 16:28 <DIR> d-------- C:\DOCUME~1\user\Application Data\Symantec
2007-01-28 16:06 <DIR> d--hs---- C:\FOUND.018
2007-01-28 15:40 2,520 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-28 15:39 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-01-28 15:39 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-01-28 15:39 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-01-28 15:39 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-01-28 15:39 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-01-28 15:39 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-01-28 09:44 <DIR> d-------- C:\DOCUME~1\don\Application Data\Apple Computer
2007-01-27 12:34 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-01-27 12:22 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-01-27 12:21 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-01-27 12:16 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-01-27 12:16 <DIR> d-------- C:\DOCUME~1\don\WINDOWS
2007-01-27 12:15 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-01-27 01:05 <DIR> d-------- C:\Program Files\HijackThis
2007-01-27 01:00 <DIR> d---s---- C:\DOCUME~1\don\UserData
2007-01-27 00:51 <DIR> d-------- C:\DOCUME~1\don\Application Data\GRETECH
2007-01-27 00:43 <DIR> d--hs---- C:\FOUND.017
2007-01-26 23:44 <DIR> d-------- C:\DOCUME~1\don\Application Data\Symantec
2007-01-26 23:43 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-01-26 23:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Symantec
2007-01-26 20:47 <DIR> dr-h----- C:\DOCUME~1\don\Application Data\yahoo!
2007-01-26 12:14 <DIR> d-------- C:\DOCUME~1\don\Application Data\Google
2007-01-26 11:47 <DIR> d-------- C:\DOCUME~1\don\Application Data\AVG7
2007-01-26 11:47 <DIR> d-------- C:\DOCUME~1\don\Application Data\Adobe
2007-01-23 18:08 <DIR> d-------- C:\DOCUME~1\user\Application Data\AdobeAUM
2007-01-22 19:51 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-01-22 19:51 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2007-01-22 19:51 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-01-22 19:51 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-01-22 19:51 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-01-22 19:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-01-22 19:06 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-01-22 18:24 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-19 11:45 102,400 --a------ C:\WINDOWS\system32\advvpi32.dll
2007-01-18 20:34 38,912 --a------ C:\WINDOWS\system32\icf.exe
2007-01-16 18:21 74,938 --a------ C:\Program Files\Uninstall.exe
2007-01-11 17:47 102,400 -ra------ C:\WINDOWS\system32\grdmgr.exe
2007-01-07 13:41 <DIR> d--hs---- C:\FOUND.016
2007-01-05 22:29 <DIR> d--hs---- C:\FOUND.015
2007-01-03 20:01 <DIR> d--hs---- C:\FOUND.014

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-29 23:00 1408 --a------ C:\DOCUME~1\user\Application Data\.googlewebacchosts
2006-12-29 14:28 -------- d-------- C:\Program Files\whale communications
2006-12-26 10:53 -------- d-------- C:\Program Files\abacast
2006-12-25 22:53 -------- d-------- C:\DOCUME~1\user\Application Data\gretech
2006-12-23 02:14 1220608 -ra------ C:\WINDOWS\system32\clubbox.exe
2006-12-19 14:37 737280 --a------ C:\WINDOWS\iun6002.exe
2006-12-19 14:37 -------- d-------- C:\Program Files\andreamosaic
2006-12-01 11:33 61440 --a------ C:\WINDOWS\system32\nod.dll
2006-12-01 11:27 52778 --a------ C:\WINDOWS\system32\clubboxuninstall.exe
2006-11-29 23:41 327680 -ra------ C:\WINDOWS\system32\grdupdater.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"BigDogPath"="C:\\WINDOWS\\VM_STI.EXE ZSMC USB PC Camera"
"SoundMan"="SOUNDMAN.EXE"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"Logitech Utility"="Logi_MwX.Exe"
"ClubBox"=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"!AVG Anti-Spyware"="\"D:\\Program Files\\avg antispyware\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wbsys.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"System Registry Hook"="{309C96FA-8C40-4bce-879C-989DC33DCD25}"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"WinMedia"="C:\\WINDOWS\\TEMP\\315765.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"WinMedia"="C:\\WINDOWS\\TEMP\\315765.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRun"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_NPKCRYPT

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 07-01-30 12

57

Results of Combofix.exe

Logfile of HijackThis v1.99.1
Scan saved at 12:07:38 PM, on 1/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\avg antispyware\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\avg antispyware\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\NEWFOL~1\lavasoft\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\avg antispyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://mymail.mcdermott.com/Interna...WhlCompMgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup162.cab
O18 - Protocol: bw+0 - {43A2C705-95C1-465B-9522-18C7381F0326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\avg antispyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Results of the HJT.exe

µTorrent
Abacast Client
Ad-Aware SE Professional
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Reader 8
Adobe® Photoshop® Album Starter Edition 3.0
AnalogX NetStat Live
AndreaMosaic 3.20
Apple Software Update
Aqua Pearls
AVG Anti-Spyware 7.5
AVG Free Edition
Barbie ® Nail Designer(TM)
Chikka (3.0.47)
CleanUp!
Clubbox ÆÄÀÏÀü¼Û°ü¸®ÀÚ
Diner Dash - Flo on the Go (remove only)
EPSON Printer Software
Gift Shop (remove only)
GOM Player
Google Earth
Google Toolbar for Internet Explorer
Google Web Accelerator
HijackThis 1.99.1
iPod for Windows 2005-02-22
iTunes
J2SE Runtime Environment 5.0 Update 3
LEGO Chic Boutique (remove only)
LimeWire 4.12.6
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.79
Microsoft Cubicle Chaos for Pocket PC (Remove Only)
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Microsoft Visual C++ 2005 Redistributable
MSN
MSN Music Assistant
Network Play System (Patching)
O2Jam_PH
Panda ActiveScan
Puzzle Bobble 2x
QuickTime
Ragnarok Online
Ragnarok Online
RegFix Mantra v2.1
Sandlot Games Client Services
Shockwave
Tekken Advance
The Sims
Tumblebugs
Update for Windows XP (KB898461)
Whale Communications' Client Components v3.1.2
WindowBlinds
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinRAR archiver
WinZip
World Book Student Dictionary
XviD 1.1 final uninstall
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Quick Select Tool (PhotoMail)
Yahoo! Messenger
Yahoo! Toolbar
ZSMC USB PC Camera

Results of Uninstall list.

01-29-2007, 09:10 PM	#8 (permalink)
edchar Registered User Join Date: Jan 2007 Posts: 47 OS: XP	"user" - 07-01-30 12:05:36 Service Pack 2 ComboFix 07-01-25 - Running from: "C:\Documents and Settings\user\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\dlh9jkd1q8.exe ((((((((((((((((((((((((((((((( Files Created from 2006-12-30 to 2007-01-30 )))))))))))))))))))))))))))))))))) 2007-01-29 19:41 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-01-28 16:28 <DIR> d-------- C:\DOCUME~1\user\Application Data\Symantec 2007-01-28 16:06 <DIR> d--hs---- C:\FOUND.018 2007-01-28 15:40 2,520 --a------ C:\WINDOWS\system32\tmp.reg 2007-01-28 15:39 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-01-28 15:39 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-01-28 15:39 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-01-28 15:39 40,960 --a------ C:\WINDOWS\system32\swsc.exe 2007-01-28 15:39 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-01-28 15:39 135,168 --a------ C:\WINDOWS\system32\swreg.exe 2007-01-28 09:44 <DIR> d-------- C:\DOCUME~1\don\Application Data\Apple Computer 2007-01-27 12:34 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-01-27 12:22 <DIR> d-------- C:\Program Files\Microsoft.NET 2007-01-27 12:21 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2007-01-27 12:16 <DIR> d-------- C:\WINDOWS\SHELLNEW 2007-01-27 12:16 <DIR> d-------- C:\DOCUME~1\don\WINDOWS 2007-01-27 12:15 <DIR> d-------- C:\Program Files\Common Files\ODBC 2007-01-27 01:05 <DIR> d-------- C:\Program Files\HijackThis 2007-01-27 01:00 <DIR> d---s---- C:\DOCUME~1\don\UserData 2007-01-27 00:51 <DIR> d-------- C:\DOCUME~1\don\Application Data\GRETECH 2007-01-27 00:43 <DIR> d--hs---- C:\FOUND.017 2007-01-26 23:44 <DIR> d-------- C:\DOCUME~1\don\Application Data\Symantec 2007-01-26 23:43 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2007-01-26 23:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Symantec 2007-01-26 20:47 <DIR> dr-h----- C:\DOCUME~1\don\Application Data\yahoo! 2007-01-26 12:14 <DIR> d-------- C:\DOCUME~1\don\Application Data\Google 2007-01-26 11:47 <DIR> d-------- C:\DOCUME~1\don\Application Data\AVG7 2007-01-26 11:47 <DIR> d-------- C:\DOCUME~1\don\Application Data\Adobe 2007-01-23 18:08 <DIR> d-------- C:\DOCUME~1\user\Application Data\AdobeAUM 2007-01-22 19:51 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2007-01-22 19:51 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys 2007-01-22 19:51 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys 2007-01-22 19:51 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys 2007-01-22 19:51 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys 2007-01-22 19:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft 2007-01-22 19:06 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys 2007-01-22 18:24 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-01-19 11:45 102,400 --a------ C:\WINDOWS\system32\advvpi32.dll 2007-01-18 20:34 38,912 --a------ C:\WINDOWS\system32\icf.exe 2007-01-16 18:21 74,938 --a------ C:\Program Files\Uninstall.exe 2007-01-11 17:47 102,400 -ra------ C:\WINDOWS\system32\grdmgr.exe 2007-01-07 13:41 <DIR> d--hs---- C:\FOUND.016 2007-01-05 22:29 <DIR> d--hs---- C:\FOUND.015 2007-01-03 20:01 <DIR> d--hs---- C:\FOUND.014 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-29 23:00 1408 --a------ C:\DOCUME~1\user\Application Data\.googlewebacchosts 2006-12-29 14:28 -------- d-------- C:\Program Files\whale communications 2006-12-26 10:53 -------- d-------- C:\Program Files\abacast 2006-12-25 22:53 -------- d-------- C:\DOCUME~1\user\Application Data\gretech 2006-12-23 02:14 1220608 -ra------ C:\WINDOWS\system32\clubbox.exe 2006-12-19 14:37 737280 --a------ C:\WINDOWS\iun6002.exe 2006-12-19 14:37 -------- d-------- C:\Program Files\andreamosaic 2006-12-01 11:33 61440 --a------ C:\WINDOWS\system32\nod.dll 2006-12-01 11:27 52778 --a------ C:\WINDOWS\system32\clubboxuninstall.exe 2006-11-29 23:41 327680 -ra------ C:\WINDOWS\system32\grdupdater.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet" "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "BigDogPath"="C:\\WINDOWS\\VM_STI.EXE ZSMC USB PC Camera" "SoundMan"="SOUNDMAN.EXE" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe" "zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe" "Logitech Utility"="Logi_MwX.Exe" "ClubBox"="" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "!AVG Anti-Spyware"="\"D:\\Program Files\\avg antispyware\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "appinit_dlls"="wbsys.dll" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "System Registry Hook"="{309C96FA-8C40-4bce-879C-989DC33DCD25}" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "WinMedia"="C:\\WINDOWS\\TEMP\\315765.exe" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "WinMedia"="C:\\WINDOWS\\TEMP\\315765.exe" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRun"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 newlycreated - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_NPKCRYPT Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job Completion time: 07-01-30 1257 Results of Combofix.exe Logfile of HijackThis v1.99.1 Scan saved at 12:07:38 PM, on 1/30/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\Program Files\avg antispyware\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\VM_STI.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe D:\Program Files\avg antispyware\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\NEWFOL~1\lavasoft\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\avg antispyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://mymail.mcdermott.com/Interna...WhlCompMgr.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup162.cab O18 - Protocol: bw+0 - {43A2C705-95C1-465B-9522-18C7381F0326} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\avg antispyware\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe Results of the HJT.exe µTorrent Abacast Client Ad-Aware SE Professional Adobe Acrobat 5.0 Adobe Flash Player 9 ActiveX Adobe Reader 8 Adobe® Photoshop® Album Starter Edition 3.0 AnalogX NetStat Live AndreaMosaic 3.20 Apple Software Update Aqua Pearls AVG Anti-Spyware 7.5 AVG Free Edition Barbie ® Nail Designer(TM) Chikka (3.0.47) CleanUp! Clubbox ÆÄÀÏÀü¼Û°ü¸®ÀÚ Diner Dash - Flo on the Go (remove only) EPSON Printer Software Gift Shop (remove only) GOM Player Google Earth Google Toolbar for Internet Explorer Google Web Accelerator HijackThis 1.99.1 iPod for Windows 2005-02-22 iTunes J2SE Runtime Environment 5.0 Update 3 LEGO Chic Boutique (remove only) LimeWire 4.12.6 Logitech Desktop Messenger Logitech iTouch Software Logitech MouseWare 9.79 Microsoft Cubicle Chaos for Pocket PC (Remove Only) Microsoft Office Professional Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348) Microsoft Visual C++ 2005 Redistributable MSN MSN Music Assistant Network Play System (Patching) O2Jam_PH Panda ActiveScan Puzzle Bobble 2x QuickTime Ragnarok Online Ragnarok Online RegFix Mantra v2.1 Sandlot Games Client Services Shockwave Tekken Advance The Sims Tumblebugs Update for Windows XP (KB898461) Whale Communications' Client Components v3.1.2 WindowBlinds Windows Installer 3.1 (KB893803) Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 WinRAR archiver WinZip World Book Student Dictionary XviD 1.1 final uninstall Yahoo! Browser Services Yahoo! Install Manager Yahoo! Internet Mail Yahoo! Mail Quick Select Tool (PhotoMail) Yahoo! Messenger Yahoo! Toolbar ZSMC USB PC Camera Results of Uninstall list. Last edited by tetonbob : 01-29-2007 at 10:23 PM.