Tech Support banner
Status
Not open for further replies.
1 - 10 of 10 Posts

·
Registered
Joined
·
128 Posts
Discussion Starter · #1 · (Edited)
My browser (IE7) has gotten quite slow recently. I had a trojan (can't remember the name) pop up in my AVG Free scans twice in a row, and it said it was deleted. Nothing showed in my ZoneAlarm scans. (I have their security suite) I did an online scan with Panda (cookies only) and Kaspersky; K. showed a bunch of stuff but couldn't name them. Not sure if it's an issue or not, maybe just more cookies or whatever. Anyway, before I complain to my ISP yet again, I'd like to make sure everything is indeed clean. Here's a HJT logfile, followed by the Kaspersky data. Thank you very muchly in advance.

BTW I should mention that GameSpy did come up, but it's a part of my online game. (F.E.A.R.)


Logfile of HijackThis v1.99.1
Scan saved at 5:01:29 PM, on 05/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Tab Bar Launch\TabBrLch.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O3 - Toolbar: IDA Bar - {C70E30C7-140A-4166-A2E8-43557E62B41A} - C:\Program Files\IDA\idabar.dll
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - Startup: Shortcut to TabBrLch.exe.lnk = C:\Program Files\Tab Bar Launch\TabBrLch.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155573090656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161029103437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: sockspy.dll,wbsys.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


KASPERSKY ONLINE SCAN----------------------------

Friday, January 05, 2007 2:36:04 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 5/01/2007
Kaspersky Anti-Virus database records: 256259
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 96096
Number of viruses found: 1
Number of infected objects: 1 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:12:01

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Woody\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Woody\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Woody\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Woody\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Woody\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Woody\Local Settings\Temp\Perflib_Perfdata_1f0.dat Object is locked skipped
C:\Documents and Settings\Woody\Local Settings\Temp\Perflib_Perfdata_770.dat Object is locked skipped
C:\Documents and Settings\Woody\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Woody\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Woody\ntuser.dat Object is locked skipped
C:\Documents and Settings\Woody\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D77ED82A-DE6A-41CA-A635-ADF1B30BBC89}\RP172\A0076378.exe Infected: not-a-virus:Monitor.Win32.KeyLogger.s skipped
C:\System Volume Information\_restore{D77ED82A-DE6A-41CA-A635-ADF1B30BBC89}\RP175\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\pchealth\ERRORREP\UserDumps\DkService.exe.20060923-204041-00.hdmp Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_128.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hello Woodenhead,

Kaspersky is only reporting an item already locked away in your System Restore. We can take care of that in a bit. I'd like you to run the following diagnostic tool and we'll see if anything turns up:

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**


-------------------------------------

Close any open browsers.

-------------------------------------


Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Post the ComboFix.txt in your next reply.
 

·
Registered
Joined
·
128 Posts
Discussion Starter · #3 ·
Thanks so much! Things here on my end are getting kinda glitchy & slow (not just the browser), although not too bad. Anyway, here you go...

"Woody" - 07-01-06 19:07:26 Service Pack 2
ComboFix 07-01-06W-BetaE2 - Running from: "C:\Documents and Settings\Woody\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\vbzip11.dll
C:\Program Files\Common Files\{8CD3B~1


((((((((((((((((((((((((((((((( Files Created from 2006-12-06 to 2007-01-06 ))))))))))))))))))))))))))))))))))


2007-01-06 16:20 <DIR> d-------- C:\WINDOWS\LastGood
2007-01-05 20:17 2,198,320 --a------ C:\Procmon.exe
2007-01-05 20:08 3,623,736 --a------ C:\procexp.exe
2007-01-05 16:44 21,312 --a------ C:\WINDOWS\choice.exe
2007-01-05 13:11 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-01-04 23:59 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-01-04 23:35 <DIR> d-------- C:\Program Files\Intel Corporation
2007-01-04 20:48 2,895,168 --a------ C:\Program Files\FoxitReader.exe
2007-01-04 13:48 <DIR> d-------- C:\Program Files\Innovative Solutions
2007-01-04 12:18 <DIR> d-------- C:\Program Files\Mp3tag
2007-01-04 12:18 <DIR> d-------- C:\DOCUME~1\Woody\Application Data\Mp3tag
2007-01-03 22:02 <DIR> d-------- C:\Program Files\Switch Off
2007-01-03 21:57 <DIR> d-------- C:\DOCUME~1\Woody\Application Data\CandyLabs
2007-01-03 21:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\CandyLabs
2007-01-03 21:44 <DIR> d-------- C:\Program Files\Tab Bar Launch
2007-01-02 22:29 <DIR> d-------- C:\Program Files\DiscWizard for Windows
2007-01-02 15:08 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-02 15:08 <DIR> d-------- C:\Program Files\Grisoft
2007-01-01 19:18 <DIR> d-------- C:\Program Files\foobar2000
2007-01-01 19:18 <DIR> d-------- C:\DOCUME~1\Woody\Application Data\foobar2000
2007-01-01 17:00 <DIR> d-------- C:\Program Files\Lightscribe Extended Label Contrast Utility
2007-01-01 16:58 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-01-01 16:56 <DIR> d-------- C:\WINDOWS\MVUNINST
2007-01-01 16:56 <DIR> d-------- C:\Program Files\SureThing
2007-01-01 16:56 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2006-12-31 12:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Nero
2006-12-31 12:00 <DIR> d-------- C:\Downloads
2006-12-31 11:59 <DIR> d-------- C:\Program Files\IDA
2006-12-31 00:03 <DIR> d-------- C:\Program Files\AlbumArtAggregator
2006-12-30 23:32 <DIR> d-------- C:\All2Lame
2006-12-29 00:43 <DIR> d-------- C:\Lame
2006-12-26 12:03 60,416 --------- C:\WINDOWS\system32\tzchange.exe
2006-12-18 14:42 <DIR> d-------- C:\WINDOWS\CAVTemp
2006-12-18 13:40 1,021,504 --a------ C:\WINDOWS\system32\vete.dll
2006-12-17 11:29 <DIR> d-------- C:\WINDOWS\system32\Dell
2006-12-14 23:49 <DIR> d-------- C:\DOCUME~1\Woody\Application Data\Purple Ghost Software, Inc
2006-12-14 23:43 <DIR> d-------- C:\Program Files\Purple Ghost
2006-12-14 20:41 <DIR> d-------- C:\DOCUME~1\Woody\Application Data\Red Chair Software
2006-12-12 13:11 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-06 19:06 -------- d-------- C:\DOCUME~1\Woody\Application Data\utorrent
2007-01-06 16:13 163712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2007-01-05 17:01 8223 --a------ C:\Program Files\hijackthis.log
2007-01-05 15:03 -------- d-------- C:\Program Files\spyware doctor
2007-01-05 15:00 -------- d-------- C:\Program Files\cursorxp
2007-01-05 14:59 -------- d-------- C:\Program Files\Common Files\aolshare
2007-01-05 14:55 -------- d-------- C:\Program Files\advanced system optimizer
2007-01-05 14:09 2568 --ahs---- C:\WINDOWS\system32\kgygaavl.sys
2007-01-05 03:09 -------- d-------- C:\DOCUME~1\Woody\Application Data\ahead
2007-01-05 03:07 -------- d-------- C:\DOCUME~1\Woody\Application Data\vso
2007-01-04 14:33 -------- d-------- C:\Program Files\utorrent
2007-01-02 22:40 4768256 --a------ C:\WINDOWS\system32\logonuix.exe
2007-01-02 22:29 -------- d--h----- C:\Program Files\installshield installation information
2007-01-02 11:01 -------- d-------- C:\Program Files\backups
2006-12-31 13:01 -------- d-------- C:\Program Files\Common Files\ahead
2006-12-31 12:16 -------- d-------- C:\DOCUME~1\Woody\Application Data\internet download accelerator
2006-12-31 11:07 -------- d-------- C:\Program Files\windows installer clean up
2006-12-29 01:09 -------- d-------- C:\Program Files\exact audio copy
2006-12-26 09:54 -------- d-------- C:\Program Files\flac
2006-12-20 21:56 -------- d-------- C:\Program Files\thespringbox
2006-12-20 12:39 1212416 --a------ C:\WINDOWS\system32\incinerator.dll
2006-12-18 13:40 645904 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2006-12-18 13:40 115088 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2006-12-17 11:29 -------- d-------- C:\Program Files\dell
2006-12-14 14:04 4624 --a------ C:\DOCUME~1\Woody\Application Data\com.kennettnet.podutil.plist
2006-12-12 20:15 -------- d-------- C:\DOCUME~1\Woody\Application Data\adobe
2006-12-09 19:26 -------- d-------- C:\Program Files\truepoker
2006-12-03 01:32 -------- d-------- C:\Program Files\ccleaner
2006-11-25 01:39 -------- d-------- C:\Program Files\cablenut
2006-11-22 15:15 130048 --a------ C:\WINDOWS\system32\spoonuninstall.exe
2006-11-22 10:52 520192 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-11-21 22:25 2829824 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-11-21 22:25 261120 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-11-21 22:20 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll
2006-11-21 22:20 106496 --a------ C:\WINDOWS\system32\oemdspif.dll
2006-11-21 22:19 90112 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-11-21 22:19 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-11-21 22:19 26112 --a------ C:\WINDOWS\system32\ati2mdxx.exe
2006-11-21 22:18 430080 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-11-21 22:17 53248 --a------ C:\WINDOWS\system32\atiddc.dll
2006-11-21 22:12 2526688 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-11-21 22:11 5279744 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-11-21 22:08 1090016 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-11-21 21:57 217088 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-11-21 21:56 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-11-21 21:51 294912 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-11-21 21:50 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-11-21 21:49 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2006-11-21 21:21 303104 --a------ C:\WINDOWS\system32\atidemgr.dll
2006-11-20 19:28 -------- d-------- C:\Program Files\sierra
2006-11-18 12:23 -------- d-------- C:\Program Files\seagate
2006-11-18 11:55 -------- d-------- C:\Program Files\Common Files\aol
2006-11-18 11:55 -------- d-------- C:\Program Files\aol
2006-11-18 10:55 -------- d-------- C:\Program Files\Common Files\ati technologies
2006-11-18 10:50 -------- d-------- C:\Program Files\ati technologies
2006-11-16 02:28 -------- d-------- C:\Program Files\hercules uploader
2006-11-14 11:48 -------- d-------- C:\DOCUME~1\Woody\Application Data\.easytag
2006-11-14 11:45 -------- d-------- C:\Program Files\Common Files\gtk
2006-11-13 11:15 -------- d-------- C:\Program Files\logitech
2006-11-13 10:57 -------- d-------- C:\DOCUME~1\Woody\Application Data\cyberlink
2006-11-11 12:26 -------- d-------- C:\Program Files\aol 9.0
2006-11-10 12:13 -------- d-------- C:\Program Files\itunes
2006-11-10 12:13 -------- d-------- C:\Program Files\ipod
2006-11-10 12:12 -------- d-------- C:\Program Files\quicktime
2006-11-10 11:33 -------- d-------- C:\Program Files\apple software update
2006-11-09 18:08 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-11-09 17:58 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll
2006-11-09 17:58 -------- dr-h----- C:\DOCUME~1\Woody\Application Data\securom
2006-11-09 17:46 -------- d-------- C:\DOCUME~1\Woody\Application Data\ati
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-05 14:42 11137 --a------ C:\DOCUME~1\Woody\Application Data\gdiplusupgrade_msiapproach_wrapper.log
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-27 15:09 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-23 11:32 3082 --a------ C:\WINDOWS\system32\affv9869p2now.sys
2006-10-19 16:59 1956985 --a------ C:\TheSpringBox.exe
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-17 09:19 61678 --a------ C:\DOCUME~1\Woody\Application Data\pfp120jpr.{pb
2006-10-17 09:19 12358 --a------ C:\DOCUME~1\Woody\Application Data\pfp120jcm.{pb
2006-10-16 13:05 56 -r-hs---- C:\WINDOWS\system32\f2f6ed4574.sys
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-05 22:32 167 --a------ C:\DOCUME~1\Woody\Application Data\ipod access v2 prefs
2006-10-01 20:50 34 --a------ C:\DOCUME~1\Woody\Application Data\pcouffin.log
2006-10-01 20:49 81920 --a------ C:\DOCUME~1\Woody\Application Data\ezpinst.exe
2006-10-01 20:49 7176 --a------ C:\DOCUME~1\Woody\Application Data\pcouffin.cat
2006-10-01 20:49 47360 --a------ C:\DOCUME~1\Woody\Application Data\pcouffin.sys
2006-10-01 20:49 1144 --a------ C:\DOCUME~1\Woody\Application Data\pcouffin.inf


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CursorXP"="C:\\Program Files\\CursorXP\\CursorXP.exe"
"AOL Fast Start"="\"C:\\Program Files\\AOL 9.0\\AOL.EXE\" -b"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"BootSkin Startup Jobs"="\"C:\\Program Files\\Stardock\\WinCustomize\\BootSkin\\BootSkin.exe\" /StartupJobs"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"IconPackager Repair"="{1799460C-0BC8-4865-B9DF-4A36CD703FF0}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
"Debugger"="\"C:\\PROCEXP.EXE\""
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_PROCMON10


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 07-01-06 19:10:27
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hiya,

While combofix did delete two entries, I'm not seeing anything else in that log. Do you see the trojan AVG Free cleaned in the AVG Virus Vault? Can you post that information here?
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Thank you--unfortunately that is a very broad term and without a file name, I can't narrow it down.

Create an Uninstall List:
Open HijackThis
*Click on the "Configure" button on the bottom right
*Click on the tab "Misc Tools"
*Click on the Box that says "Open Uninstall Manager"
*Click on the button "Save list"
The list will automatically be saved in your HijackThis folder.

Please copy and paste the uninstall_list.txt here.
 

·
Registered
Joined
·
128 Posts
Discussion Starter · #7 ·
µTorrent
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Advanced System Optimizer 2.01
Advanced Uninstaller PRO 2006 - version 7
AOL Connectivity Services
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
Audacity 1.2.4
AVG Anti-Spyware 7.5
BootSkin
Cablenut 4.08
CCleaner (remove only)
ConvertXtoDVD 2.1.5.173
CursorXP
Dell Resource CD
DiscWizard for Windows
Diskeeper Professional Premier Edition
dMC AccurateRip
DVD43 v3.9.0
EAX4 Unified Redist
Exact Audio Copy 0.95b4
FEAR
FEAR Extraction Point
foobar2000 v0.9.4.2
FullShot 9 (Remove Only)
GdiplusUpgrade
Hercules uploader v0.4.0.57
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB928388)
HP Driver Diagnostics
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP PSC & OfficeJet 4.2
HP Scanjet 3800 series 7.0
HP Software Update
HP Solution Center 7.0
Intel(R) PRO Network Connections Drivers
Intel(R) Processor ID Utility
iolo technologies' System Mechanic 6
iTunes
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Kaspersky Online Scanner
Lightscribe Extended Label Contrast Utility
Logitech Desktop Messenger
Logitech SetPoint
MailFrontier Desktop
Maxtor Backup
Maxtor OneTouch III
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2)
Mp3tag v2.37a
MSXML 4.0 SP2 (KB927978)
Nero 7 Ultra Edition
OCR Software by I.R.I.S 7.0
overland
Panda ActiveScan
PowerISO
QuickTime
RealPlayer Basic
Seagate SeaTools English Online
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB926255)
SigmaTel Audio
Spy Sweeper
Spyware Doctor 4.0
Stardock Central
Super Mahjong
SureThing CD Labeler 4 SE
Switch Off
TheSpringBox
Tom Clancy's Splinter Cell Double Agent
TruePoker
TuneJack 1.2
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885295
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WordPerfect Office 12
XP TCP/IP Repair 1.0
ZoneAlarm Security Suite
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
While this isn't causing you an issue, it nonetheless needs to be uninstalled as it's no longer needed and is just taking up hdd space.

Please uninstall the following program via Start>Control Panel>Add/Remove programs:

Java 2 Runtime Environment, SE v1.4.2_03

----------------------------------------------------

One more check before you contact your ISP.


Download and install Spybot - Search & Destroy 1.4

Run Spybot and click on the 'Search for Updates' button. Install any updates that are available.
  • Now click Mode menu and choose 'Advanced Mode'.
  • Click on Immunize to your left.
  • Next, click the Immunize button on top to Immunize your computer - you need to do this each time there is an update.
  • Click 'Check for Problems' and fix all the entries, which are indicated in RED.

Please let me know if it found anything.
 

·
Registered
Joined
·
128 Posts
Discussion Starter · #9 ·
--- Search result list ---
HitBox: Tracking cookie (Internet Explorer: Woody) (Cookie, nothing done)


Tradedoubler: Tracking cookie (Internet Explorer: Woody) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Woody) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Woody) (Cookie, nothing done)


HitBox: Tracking cookie (Internet Explorer: Woody) (Cookie, nothing done)



...Just some cookies, that's all. Guess I'm clean! Unless there's anything else, I'll pester my ISP again and see what's up.

BTW I was browsing around and found this--->http://www.greatis.com/unhackme/ piece of software, and was wondering what you thought of it. I tried the evaluation briefly, and it found some things, but I felt they were false positives, so I didn't take any action & uninstalled it.
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hi,

Your system certainly appears clean. :sayyes:

I've heard of it and used it a few times in threads here, but honestly, it's not finding anything that AVG Anti Spyware or the other basic scanners are finding. Have a look at this well written article:

PC Safety and Security--What Do I Need?
 
1 - 10 of 10 Posts
Status
Not open for further replies.
Top