Hjt Log Please Look Thank You![RESOLVED]


Recommended Posts

dose this log look ok or do i need to change some stuff to make this computer run a bit better an faster ????>>>>>>>>>>>>>Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:28:04 AM, on 8/24/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\WINNT\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Program Files\TightVNC\WinVNC.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\svchost.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Program Files\Trillian Pro\trillian.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [AVG7_CC] C:\Program Files\Grisoft\AVG7\avgcc.exe \STARTUP

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O4 - Startup: Trillian.lnk = C:\Program Files\Trillian Pro\trillian.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\chris\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\chris\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187911231519

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187911210589

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--

End of file - 4910 bytes

Link to post
Share on other sites
  • Replies 52
  • Created
  • Last Reply

Top Posters In This Topic

an also here is my combofixComboFix 07-08-17.2 - "chris" 08/24/2007 3:11:29.1 - NTFSx86

Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.129 [GMT -7:00]

((((((((((((((((((((((((( Files Created from 2007-07-24 to 2007-08-24 )))))))))))))))))))))))))))))))

2007-08-24 03:08 51,200 --a------ C:\WINNT\nircmd.exe

2007-08-23 22:23 <DIR> d-------- C:\DOCUME~1\chris\APPLIC~1\gtopala

2007-08-23 22:19 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_390.dat

2007-08-23 16:21 <DIR> d-------- C:\WINNT\system32\SoftwareDistribution

2007-08-21 20:16 <DIR> d-------- C:\WINNT\Downloaded Installations

2007-08-19 18:26 75,932 --a------ C:\WINNT\system32\drivers\klick.dat

2007-08-19 18:26 75,248 --a------ C:\WINNT\zllsputility.exe

2007-08-19 18:26 74,396 --a------ C:\WINNT\system32\drivers\klin.dat

2007-08-19 18:25 14,368 --ahs---- C:\WINNT\system32\drivers\fidbox.dat

2007-08-19 18:25 110,360 --a------ C:\WINNT\system32\drivers\kl1.sys

2007-08-19 18:25 1,086,952 --a------ C:\WINNT\system32\zpeng24.dll

2007-08-19 18:25 1,056 --ahs---- C:\WINNT\system32\drivers\fidbox2.dat

2007-08-19 18:25 <DIR> d-------- C:\WINNT\system32\ZoneLabs

2007-08-18 20:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

2007-08-18 10:34 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2fc.dat

2007-08-17 17:35 <DIR> d-------- C:\Program Files\Enigma Software Group

2007-08-15 09:48 <DIR> d-------- C:\DOCUME~1\chris\APPLIC~1\OpenOffice.org2

2007-08-06 10:09 <DIR> d-------- C:\My Downloads

2007-08-05 06:56 <DIR> d--h----- C:\WINNT\PIF

2007-08-04 22:06 <DIR> d-------- C:\WINNT\pss

2007-08-04 17:08 <DIR> d-------- C:\Program Files\Crawler

2007-08-04 15:05 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive

2007-08-04 15:04 <DIR> d-a------ C:\Program Files\Common Files\Motive

2007-08-01 23:29 <DIR> d-a------ C:\WINNT\system32\appmgmt

2007-08-01 20:32 <DIR> d-------- C:\Program Files\TightVNC

2007-08-01 19:40 4,212 ---h----- C:\WINNT\system32\zllictbl.dat

2007-08-01 19:40 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier

2007-08-01 19:39 11,264 --a------ C:\WINNT\system32\SpOrder.dll

2007-08-01 19:32 <DIR> d-a------ C:\WINNT\Internet Logs

2007-08-01 18:00 <DIR> d-------- C:\Program Files\Trend Micro

2007-07-30 20:25 <DIR> d-------- C:\DOCUME~1\chris\APPLIC~1\vlc

2007-07-30 19:19 203,096 --a------ C:\WINNT\system32\wuweb.dll

2007-07-30 19:18 207,736 --a------ C:\WINNT\system32\muweb.dll

2007-07-29 10:39 <DIR> d-------- C:\DOCUME~1\chris\Shared

2007-07-29 10:39 <DIR> d-------- C:\DOCUME~1\chris\Incomplete

2007-07-29 10:38 <DIR> d-------- C:\DOCUME~1\chris\APPLIC~1\LimeWire

2007-07-28 23:02 <DIR> d-------- C:\Program Files\Absolute Poker

2007-07-28 23:02 <DIR> d-------- C:\Program Files\_uninstallation_info

2007-07-28 20:27 <DIR> d-------- C:\DOCUME~1\chris\APPLIC~1\Azureus

2007-07-28 20:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus

2007-07-28 20:19 <DIR> d-------- C:\Program Files\Azureus

2007-07-28 20:13 87,040 --a------ C:\WINNT\system32\drmstor.dll

2007-07-28 20:13 43,528 --------- C:\WINNT\system32\drivers\PxHelp20.sys

2007-07-28 20:13 306,424 --a------ C:\WINNT\system32\drmclien.dll

2007-07-28 20:13 129,784 --------- C:\WINNT\system32\pxafs.dll

2007-07-28 20:12 <DIR> d-------- C:\Program Files\Winamp

2007-07-28 20:08 765,952 --a------ C:\WINNT\system32\xvidcore.dll

2007-07-28 20:08 73,728 --a------ C:\WINNT\system32\dpl100.dll

2007-07-28 20:08 639,066 --a------ C:\WINNT\system32\divx.dll

2007-07-28 20:08 3,596,288 --a------ C:\WINNT\system32\qt-dx331.dll

2007-07-28 20:08 200,704 --a------ C:\WINNT\system32\ssldivx.dll

2007-07-28 20:08 196,608 --a------ C:\WINNT\system32\dtu100.dll

2007-07-28 20:08 180,224 --a------ C:\WINNT\system32\xvidvfw.dll

2007-07-28 20:08 10,752 --a------ C:\WINNT\system32\ff_vfw.dll

2007-07-28 20:08 1,415,680 --a------ C:\WINNT\system32\wmv9vcm.dll

2007-07-28 20:08 1,044,480 --a------ C:\WINNT\system32\libdivx.dll

2007-07-28 20:08 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

2007-07-28 19:48 <DIR> d-------- C:\WINNT\PCHEALTH

2007-07-28 19:43 <DIR> d-------- C:\WINNT\system32\URTTemp

2007-07-28 19:18 98,304 --a------ C:\WINNT\system32\wmpshell.dll

2007-07-28 19:18 940,544 --a------ C:\WINNT\system32\wmspdmoe.dll

2007-07-28 19:18 9,464 --------- C:\WINNT\system32\drivers\cdralw2k.sys

2007-07-28 19:18 9,336 --------- C:\WINNT\system32\drivers\cdr4_2K.sys

2007-07-28 19:18 895,736 --a------ C:\WINNT\system32\wmvdmod.dll

2007-07-28 19:18 774,904 --a------ C:\WINNT\system32\wmsdmod.dll

2007-07-28 19:18 716,288 --a------ C:\WINNT\system32\wmadmoe.dll

2007-07-28 19:18 7,680 --a------ C:\WINNT\system32\asferror.dll

2007-07-28 19:18 6,656 --a------ C:\WINNT\system32\laprxy.dll

2007-07-28 19:18 57,344 --a------ C:\WINNT\uneng.exe

2007-07-28 19:18 52,224 --a------ C:\WINNT\system32\mspmsnsv.dll

2007-07-28 19:18 49,152 --a------ C:\WINNT\system32\cdrtc.dll

2007-07-28 19:18 45,056 --a------ C:\WINNT\system32\cdral.dll

2007-07-28 19:18 413,944 --a------ C:\WINNT\system32\wmspdmod.dll

2007-07-28 19:18 401,462 --a------ C:\WINNT\system32\Msvcp60.dll

2007-07-28 19:18 396,528 --a------ C:\WINNT\system32\wmadmod.dll

2007-07-28 19:18 384,512 --a------ C:\WINNT\system32\mp4sdmod.dll

2007-07-28 19:18 358,912 --a------ C:\WINNT\system32\msscp.dll

2007-07-28 19:18 317,176 --a------ C:\WINNT\system32\mp43dmod.dll

2007-07-28 19:18 27,136 --a------ C:\WINNT\system32\wmdmlog.dll

2007-07-28 19:18 245,760 --a------ C:\WINNT\system32\mswmdm.dll

2007-07-28 19:18 240,640 --a------ C:\WINNT\system32\mpg4dmod.dll

2007-07-28 19:18 23,552 --a------ C:\WINNT\system32\wmdmps.dll

2007-07-28 19:18 225,280 --a------ C:\WINNT\system32\wmpdxm.dll

2007-07-28 19:18 208,896 --a------ C:\WINNT\system32\wmpns.dll

2007-07-28 19:18 201,728 --a------ C:\WINNT\system32\mspmsp.dll

2007-07-28 19:18 20,480 --a------ C:\WINNT\system32\wmpui.dll

2007-07-28 19:18 20,480 --a------ C:\WINNT\system32\wmpcore.dll

2007-07-28 19:18 20,480 --a------ C:\WINNT\system32\wmpcd.dll

2007-07-28 19:18 2,940,928 --a------ C:\WINNT\system32\wmploc.dll

2007-07-28 19:18 167,936 --a------ C:\WINNT\system32\wmerror.dll

2007-07-28 19:18 159,232 --a------ C:\WINNT\system32\CEWMDM.dll

2007-07-28 19:18 151,552 --a------ C:\WINNT\system32\wmidx.dll

2007-07-28 19:18 106,496 --a------ C:\WINNT\system32\wmpasf.dll

2007-07-28 19:18 103,936 --a------ C:\WINNT\system32\logagent.exe

2007-07-28 19:18 1,119,744 --a------ C:\WINNT\system32\wmsdmoe2.dll

2007-07-28 19:18 1,022,464 --a------ C:\WINNT\system32\wmnetmgr.dll

2007-07-28 19:18 1,003,008 --a------ C:\WINNT\system32\wmvdmoe2.dll

2007-07-28 19:18 <DIR> d-------- C:\Program Files\Common Files\Adaptec Shared

2007-07-28 19:17 696,320 --a------ C:\WINNT\system32\drmv2clt.dll

2007-07-28 19:17 294,400 --a------ C:\WINNT\system32\blackbox.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

12/31/02 05:00a 32528 --a------ C:\WINNT\inf\wbfirdma.sys

08/19/07 06:30p 1244 --ahs---- C:\WINNT\system32\drivers\fidbox.idx

08/19/07 06:30p 1172 --ahs---- C:\WINNT\system32\drivers\fidbox2.idx

07/30/07 07:19p 92504 --a------ C:\WINNT\system32\cdm.dll

07/28/07 04:25p 271 ---h----- C:\Program Files\desktop.ini

07/28/07 04:25p 21952 ---h----- C:\Program Files\folder.htt

06/26/07 02:57a 235280 --a------ C:\WINNT\system32\GDI32.DLL

06/06/07 11:50p 1119232 --a------ C:\WINNT\system32\msxml3.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [06/21/07 09:54p]

"Synchronization Manager"="mobsync.exe" [12/31/02 05:00a C:\WINNT\system32\mobsync.exe]

"AVG7_CC"="C:\Program Files\Grisoft\AVG7\avgcc.exe" [08/17/07 10:32a]

"MSConfig"="C:\Documents and Settings\chris\My Documents\msconfig.exe" [08/04/07 10:06p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\chris\Start Menu\Programs\Startup\

Trillian.lnk - C:\Program Files\Trillian Pro\trillian.exe [2007-07-28 18:14:43]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

R1 Avg7RsNT;AVG7 Resident Driver NT;C:\WINNT\system32\Drivers\avg7rsnt.sys

*Newly Created Service* - SIWIO

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-24 03:13:28

Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 08/24/2007 3:14:28

--- E O F ---

loag also someone please look an expert thank you >>>>>>>>>>>>>>>>>

Link to post
Share on other sites
an also here is my combofixComboFix 07-08-17.2 - "chris" 08/24/2007 3:11:29.1 - NTFSx86

Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.129 [GMT -7:00]

((((((((((((((((((((((((( Files Created from 2007-07-24 to 2007-08-24 )))))))))))))))))))))))))))))))

2007-08-24 03:08 51,200 --a------ C:\WINNT\nircmd.exe

2007-08-23 22:23 <DIR> d-------- C:\DOCUME~1\chris\APPLIC~1\gtopala

2007-08-23 22:19 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_390.dat

2007-08-23 16:21 <DIR> d-------- C:\WINNT\system32\SoftwareDistribution

2007-08-21 20:16 <DIR> d-------- C:\WINNT\Downloaded Installations

2007-08-19 18:26 75,932 --a------ C:\WINNT\system32\drivers\klick.dat

2007-08-19 18:26 75,248 --a------ C:\WINNT\zllsputility.exe

2007-08-19 18:26 74,396 --a------ C:\WINNT\system32\drivers\klin.dat

2007-08-19 18:25 14,368 --ahs---- C:\WINNT\system32\drivers\fidbox.dat

2007-08-19 18:25 110,360 --a------ C:\WINNT\system32\drivers\kl1.sys

2007-08-19 18:25 1,086,952 --a------ C:\WINNT\system32\zpeng24.dll

2007-08-19 18:25 1,056 --ahs---- C:\WINNT\system32\drivers\fidbox2.dat

2007-08-19 18:25 <DIR> d-------- C:\WINNT\system32\ZoneLabs

2007-08-18 20:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

2007-08-18 10:34 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2fc.dat

2007-08-17 17:35 <DIR> d-------- C:\Program Files\Enigma Software Group

2007-08-15 09:48 <DIR> d-------- C:\DOCUME~1\chris\APPLIC~1\OpenOffice.org2

2007-08-06 10:09 <DIR> d-------- C:\My Downloads

2007-08-05 06:56 <DIR> d--h----- C:\WINNT\PIF

2007-08-04 22:06 <DIR> d-------- C:\WINNT\pss

2007-08-04 17:08 <DIR> d-------- C:\Program Files\Crawler

2007-08-04 15:05 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive

2007-08-04 15:04 <DIR> d-a------ C:\Program Files\Common Files\Motive

2007-08-01 23:29 <DIR> d-a------ C:\WINNT\system32\appmgmt

2007-08-01 20:32 <DIR> d-------- C:\Program Files\TightVNC

2007-08-01 19:40 4,212 ---h----- C:\WINNT\system32\zllictbl.dat

2007-08-01 19:40 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier

2007-08-01 19:39 11,264 --a------ C:\WINNT\system32\SpOrder.dll

2007-08-01 19:32 <DIR> d-a------ C:\WINNT\Internet Logs

2007-08-01 18:00 <DIR> d-------- C:\Program Files\Trend Micro

2007-07-30 20:25 <DIR> d-------- C:\DOCUME~1\chris\APPLIC~1\vlc

2007-07-30 19:19 203,096 --a------ C:\WINNT\system32\wuweb.dll

2007-07-30 19:18 207,736 --a------ C:\WINNT\system32\muweb.dll

2007-07-29 10:39 <DIR> d-------- C:\DOCUME~1\chris\Shared

2007-07-29 10:39 <DIR> d-------- C:\DOCUME~1\chris\Incomplete

2007-07-29 10:38 <DIR> d-------- C:\DOCUME~1\chris\APPLIC~1\LimeWire

2007-07-28 23:02 <DIR> d-------- C:\Program Files\Absolute Poker

2007-07-28 23:02 <DIR> d-------- C:\Program Files\_uninstallation_info

2007-07-28 20:27 <DIR> d-------- C:\DOCUME~1\chris\APPLIC~1\Azureus

2007-07-28 20:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus

2007-07-28 20:19 <DIR> d-------- C:\Program Files\Azureus

2007-07-28 20:13 87,040 --a------ C:\WINNT\system32\drmstor.dll

2007-07-28 20:13 43,528 --------- C:\WINNT\system32\drivers\PxHelp20.sys

2007-07-28 20:13 306,424 --a------ C:\WINNT\system32\drmclien.dll

2007-07-28 20:13 129,784 --------- C:\WINNT\system32\pxafs.dll

2007-07-28 20:12 <DIR> d-------- C:\Program Files\Winamp

2007-07-28 20:08 765,952 --a------ C:\WINNT\system32\xvidcore.dll

2007-07-28 20:08 73,728 --a------ C:\WINNT\system32\dpl100.dll

2007-07-28 20:08 639,066 --a------ C:\WINNT\system32\divx.dll

2007-07-28 20:08 3,596,288 --a------ C:\WINNT\system32\qt-dx331.dll

2007-07-28 20:08 200,704 --a------ C:\WINNT\system32\ssldivx.dll

2007-07-28 20:08 196,608 --a------ C:\WINNT\system32\dtu100.dll

2007-07-28 20:08 180,224 --a------ C:\WINNT\system32\xvidvfw.dll

2007-07-28 20:08 10,752 --a------ C:\WINNT\system32\ff_vfw.dll

2007-07-28 20:08 1,415,680 --a------ C:\WINNT\system32\wmv9vcm.dll

2007-07-28 20:08 1,044,480 --a------ C:\WINNT\system32\libdivx.dll

2007-07-28 20:08 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

2007-07-28 19:48 <DIR> d-------- C:\WINNT\PCHEALTH

2007-07-28 19:43 <DIR> d-------- C:\WINNT\system32\URTTemp

2007-07-28 19:18 98,304 --a------ C:\WINNT\system32\wmpshell.dll

2007-07-28 19:18 940,544 --a------ C:\WINNT\system32\wmspdmoe.dll

2007-07-28 19:18 9,464 --------- C:\WINNT\system32\drivers\cdralw2k.sys

2007-07-28 19:18 9,336 --------- C:\WINNT\system32\drivers\cdr4_2K.sys

2007-07-28 19:18 895,736 --a------ C:\WINNT\system32\wmvdmod.dll

2007-07-28 19:18 774,904 --a------ C:\WINNT\system32\wmsdmod.dll

2007-07-28 19:18 716,288 --a------ C:\WINNT\system32\wmadmoe.dll

2007-07-28 19:18 7,680 --a------ C:\WINNT\system32\asferror.dll

2007-07-28 19:18 6,656 --a------ C:\WINNT\system32\laprxy.dll

2007-07-28 19:18 57,344 --a------ C:\WINNT\uneng.exe

2007-07-28 19:18 52,224 --a------ C:\WINNT\system32\mspmsnsv.dll

2007-07-28 19:18 49,152 --a------ C:\WINNT\system32\cdrtc.dll

2007-07-28 19:18 45,056 --a------ C:\WINNT\system32\cdral.dll

2007-07-28 19:18 413,944 --a------ C:\WINNT\system32\wmspdmod.dll

2007-07-28 19:18 401,462 --a------ C:\WINNT\system32\Msvcp60.dll

2007-07-28 19:18 396,528 --a------ C:\WINNT\system32\wmadmod.dll

2007-07-28 19:18 384,512 --a------ C:\WINNT\system32\mp4sdmod.dll

2007-07-28 19:18 358,912 --a------ C:\WINNT\system32\msscp.dll

2007-07-28 19:18 317,176 --a------ C:\WINNT\system32\mp43dmod.dll

2007-07-28 19:18 27,136 --a------ C:\WINNT\system32\wmdmlog.dll

2007-07-28 19:18 245,760 --a------ C:\WINNT\system32\mswmdm.dll

2007-07-28 19:18 240,640 --a------ C:\WINNT\system32\mpg4dmod.dll

2007-07-28 19:18 23,552 --a------ C:\WINNT\system32\wmdmps.dll

2007-07-28 19:18 225,280 --a------ C:\WINNT\system32\wmpdxm.dll

2007-07-28 19:18 208,896 --a------ C:\WINNT\system32\wmpns.dll

2007-07-28 19:18 201,728 --a------ C:\WINNT\system32\mspmsp.dll

2007-07-28 19:18 20,480 --a------ C:\WINNT\system32\wmpui.dll

2007-07-28 19:18 20,480 --a------ C:\WINNT\system32\wmpcore.dll

2007-07-28 19:18 20,480 --a------ C:\WINNT\system32\wmpcd.dll

2007-07-28 19:18 2,940,928 --a------ C:\WINNT\system32\wmploc.dll

2007-07-28 19:18 167,936 --a------ C:\WINNT\system32\wmerror.dll

2007-07-28 19:18 159,232 --a------ C:\WINNT\system32\CEWMDM.dll

2007-07-28 19:18 151,552 --a------ C:\WINNT\system32\wmidx.dll

2007-07-28 19:18 106,496 --a------ C:\WINNT\system32\wmpasf.dll

2007-07-28 19:18 103,936 --a------ C:\WINNT\system32\logagent.exe

2007-07-28 19:18 1,119,744 --a------ C:\WINNT\system32\wmsdmoe2.dll

2007-07-28 19:18 1,022,464 --a------ C:\WINNT\system32\wmnetmgr.dll

2007-07-28 19:18 1,003,008 --a------ C:\WINNT\system32\wmvdmoe2.dll

2007-07-28 19:18 <DIR> d-------- C:\Program Files\Common Files\Adaptec Shared

2007-07-28 19:17 696,320 --a------ C:\WINNT\system32\drmv2clt.dll

2007-07-28 19:17 294,400 --a------ C:\WINNT\system32\blackbox.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

12/31/02 05:00a 32528 --a------ C:\WINNT\inf\wbfirdma.sys

08/19/07 06:30p 1244 --ahs---- C:\WINNT\system32\drivers\fidbox.idx

08/19/07 06:30p 1172 --ahs---- C:\WINNT\system32\drivers\fidbox2.idx

07/30/07 07:19p 92504 --a------ C:\WINNT\system32\cdm.dll

07/28/07 04:25p 271 ---h----- C:\Program Files\desktop.ini

07/28/07 04:25p 21952 ---h----- C:\Program Files\folder.htt

06/26/07 02:57a 235280 --a------ C:\WINNT\system32\GDI32.DLL

06/06/07 11:50p 1119232 --a------ C:\WINNT\system32\msxml3.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [06/21/07 09:54p]

"Synchronization Manager"="mobsync.exe" [12/31/02 05:00a C:\WINNT\system32\mobsync.exe]

"AVG7_CC"="C:\Program Files\Grisoft\AVG7\avgcc.exe" [08/17/07 10:32a]

"MSConfig"="C:\Documents and Settings\chris\My Documents\msconfig.exe" [08/04/07 10:06p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\chris\Start Menu\Programs\Startup\

Trillian.lnk - C:\Program Files\Trillian Pro\trillian.exe [2007-07-28 18:14:43]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

R1 Avg7RsNT;AVG7 Resident Driver NT;C:\WINNT\system32\Drivers\avg7rsnt.sys

*Newly Created Service* - SIWIO

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-24 03:13:28

Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 08/24/2007 3:14:28

--- E O F ---

loag also someone please look an expert thank you >>>>>>>>>>>>>>>>>

an heres SMITHFRAUD REPORT ALSO>>>>>>>>>>>>>>>>>>>>>>>>

Link to post
Share on other sites
an also here is my combofixComboFix 07-08-17.2 - "chris" 08/24/2007 3:11:29.1 - NTFSx86

Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.129 [GMT -7:00]

((((((((((((((((((((((((( Files Created from 2007-07-24 to 2007-08-24 )))))))))))))))))))))))))))))))

2007-08-24 03:08 51,200 --a------ C:\WINNT\nircmd.exe

2007-08-23 22:23 <DIR> d-------- C:\DOCUME~1\chris\APPLIC~1\gtopala

2007-08-23 22:19 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_390.dat

2007-08-23 16:21 <DIR> d-------- C:\WINNT\system32\SoftwareDistribution

2007-08-21 20:16 <DIR> d-------- C:\WINNT\Downloaded Installations

2007-08-19 18:26 75,932 --a------ C:\WINNT\system32\drivers\klick.dat

2007-08-19 18:26 75,248 --a------ C:\WINNT\zllsputility.exe

2007-08-19 18:26 74,396 --a------ C:\WINNT\system32\drivers\klin.dat

2007-08-19 18:25 14,368 --ahs---- C:\WINNT\system32\drivers\fidbox.dat

2007-08-19 18:25 110,360 --a------ C:\WINNT\system32\drivers\kl1.sys

2007-08-19 18:25 1,086,952 --a------ C:\WINNT\system32\zpeng24.dll

2007-08-19 18:25 1,056 --ahs---- C:\WINNT\system32\drivers\fidbox2.dat

2007-08-19 18:25 <DIR> d-------- C:\WINNT\system32\ZoneLabs

2007-08-18 20:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

2007-08-18 10:34 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2fc.dat

2007-08-17 17:35 <DIR> d-------- C:\Program Files\Enigma Software Group

2007-08-15 09:48 <DIR> d-------- C:\DOCUME~1\chris\APPLIC~1\OpenOffice.org2

2007-08-06 10:09 <DIR> d-------- C:\My Downloads

2007-08-05 06:56 <DIR> d--h----- C:\WINNT\PIF

2007-08-04 22:06 <DIR> d-------- C:\WINNT\pss

2007-08-04 17:08 <DIR> d-------- C:\Program Files\Crawler

2007-08-04 15:05 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive

2007-08-04 15:04 <DIR> d-a------ C:\Program Files\Common Files\Motive

2007-08-01 23:29 <DIR> d-a------ C:\WINNT\system32\appmgmt

2007-08-01 20:32 <DIR> d-------- C:\Program Files\TightVNC

2007-08-01 19:40 4,212 ---h----- C:\WINNT\system32\zllictbl.dat

2007-08-01 19:40 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier

2007-08-01 19:39 11,264 --a------ C:\WINNT\system32\SpOrder.dll

2007-08-01 19:32 <DIR> d-a------ C:\WINNT\Internet Logs

2007-08-01 18:00 <DIR> d-------- C:\Program Files\Trend Micro

2007-07-30 20:25 <DIR> d-------- C:\DOCUME~1\chris\APPLIC~1\vlc

2007-07-30 19:19 203,096 --a------ C:\WINNT\system32\wuweb.dll

2007-07-30 19:18 207,736 --a------ C:\WINNT\system32\muweb.dll

2007-07-29 10:39 <DIR> d-------- C:\DOCUME~1\chris\Shared

2007-07-29 10:39 <DIR> d-------- C:\DOCUME~1\chris\Incomplete

2007-07-29 10:38 <DIR> d-------- C:\DOCUME~1\chris\APPLIC~1\LimeWire

2007-07-28 23:02 <DIR> d-------- C:\Program Files\Absolute Poker

2007-07-28 23:02 <DIR> d-------- C:\Program Files\_uninstallation_info

2007-07-28 20:27 <DIR> d-------- C:\DOCUME~1\chris\APPLIC~1\Azureus

2007-07-28 20:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus

2007-07-28 20:19 <DIR> d-------- C:\Program Files\Azureus

2007-07-28 20:13 87,040 --a------ C:\WINNT\system32\drmstor.dll

2007-07-28 20:13 43,528 --------- C:\WINNT\system32\drivers\PxHelp20.sys

2007-07-28 20:13 306,424 --a------ C:\WINNT\system32\drmclien.dll

2007-07-28 20:13 129,784 --------- C:\WINNT\system32\pxafs.dll

2007-07-28 20:12 <DIR> d-------- C:\Program Files\Winamp

2007-07-28 20:08 765,952 --a------ C:\WINNT\system32\xvidcore.dll

2007-07-28 20:08 73,728 --a------ C:\WINNT\system32\dpl100.dll

2007-07-28 20:08 639,066 --a------ C:\WINNT\system32\divx.dll

2007-07-28 20:08 3,596,288 --a------ C:\WINNT\system32\qt-dx331.dll

2007-07-28 20:08 200,704 --a------ C:\WINNT\system32\ssldivx.dll

2007-07-28 20:08 196,608 --a------ C:\WINNT\system32\dtu100.dll

2007-07-28 20:08 180,224 --a------ C:\WINNT\system32\xvidvfw.dll

2007-07-28 20:08 10,752 --a------ C:\WINNT\system32\ff_vfw.dll

2007-07-28 20:08 1,415,680 --a------ C:\WINNT\system32\wmv9vcm.dll

2007-07-28 20:08 1,044,480 --a------ C:\WINNT\system32\libdivx.dll

2007-07-28 20:08 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

2007-07-28 19:48 <DIR> d-------- C:\WINNT\PCHEALTH

2007-07-28 19:43 <DIR> d-------- C:\WINNT\system32\URTTemp

2007-07-28 19:18 98,304 --a------ C:\WINNT\system32\wmpshell.dll

2007-07-28 19:18 940,544 --a------ C:\WINNT\system32\wmspdmoe.dll

2007-07-28 19:18 9,464 --------- C:\WINNT\system32\drivers\cdralw2k.sys

2007-07-28 19:18 9,336 --------- C:\WINNT\system32\drivers\cdr4_2K.sys

2007-07-28 19:18 895,736 --a------ C:\WINNT\system32\wmvdmod.dll

2007-07-28 19:18 774,904 --a------ C:\WINNT\system32\wmsdmod.dll

2007-07-28 19:18 716,288 --a------ C:\WINNT\system32\wmadmoe.dll

2007-07-28 19:18 7,680 --a------ C:\WINNT\system32\asferror.dll

2007-07-28 19:18 6,656 --a------ C:\WINNT\system32\laprxy.dll

2007-07-28 19:18 57,344 --a------ C:\WINNT\uneng.exe

2007-07-28 19:18 52,224 --a------ C:\WINNT\system32\mspmsnsv.dll

2007-07-28 19:18 49,152 --a------ C:\WINNT\system32\cdrtc.dll

2007-07-28 19:18 45,056 --a------ C:\WINNT\system32\cdral.dll

2007-07-28 19:18 413,944 --a------ C:\WINNT\system32\wmspdmod.dll

2007-07-28 19:18 401,462 --a------ C:\WINNT\system32\Msvcp60.dll

2007-07-28 19:18 396,528 --a------ C:\WINNT\system32\wmadmod.dll

2007-07-28 19:18 384,512 --a------ C:\WINNT\system32\mp4sdmod.dll

2007-07-28 19:18 358,912 --a------ C:\WINNT\system32\msscp.dll

2007-07-28 19:18 317,176 --a------ C:\WINNT\system32\mp43dmod.dll

2007-07-28 19:18 27,136 --a------ C:\WINNT\system32\wmdmlog.dll

2007-07-28 19:18 245,760 --a------ C:\WINNT\system32\mswmdm.dll

2007-07-28 19:18 240,640 --a------ C:\WINNT\system32\mpg4dmod.dll

2007-07-28 19:18 23,552 --a------ C:\WINNT\system32\wmdmps.dll

2007-07-28 19:18 225,280 --a------ C:\WINNT\system32\wmpdxm.dll

2007-07-28 19:18 208,896 --a------ C:\WINNT\system32\wmpns.dll

2007-07-28 19:18 201,728 --a------ C:\WINNT\system32\mspmsp.dll

2007-07-28 19:18 20,480 --a------ C:\WINNT\system32\wmpui.dll

2007-07-28 19:18 20,480 --a------ C:\WINNT\system32\wmpcore.dll

2007-07-28 19:18 20,480 --a------ C:\WINNT\system32\wmpcd.dll

2007-07-28 19:18 2,940,928 --a------ C:\WINNT\system32\wmploc.dll

2007-07-28 19:18 167,936 --a------ C:\WINNT\system32\wmerror.dll

2007-07-28 19:18 159,232 --a------ C:\WINNT\system32\CEWMDM.dll

2007-07-28 19:18 151,552 --a------ C:\WINNT\system32\wmidx.dll

2007-07-28 19:18 106,496 --a------ C:\WINNT\system32\wmpasf.dll

2007-07-28 19:18 103,936 --a------ C:\WINNT\system32\logagent.exe

2007-07-28 19:18 1,119,744 --a------ C:\WINNT\system32\wmsdmoe2.dll

2007-07-28 19:18 1,022,464 --a------ C:\WINNT\system32\wmnetmgr.dll

2007-07-28 19:18 1,003,008 --a------ C:\WINNT\system32\wmvdmoe2.dll

2007-07-28 19:18 <DIR> d-------- C:\Program Files\Common Files\Adaptec Shared

2007-07-28 19:17 696,320 --a------ C:\WINNT\system32\drmv2clt.dll

2007-07-28 19:17 294,400 --a------ C:\WINNT\system32\blackbox.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

12/31/02 05:00a 32528 --a------ C:\WINNT\inf\wbfirdma.sys

08/19/07 06:30p 1244 --ahs---- C:\WINNT\system32\drivers\fidbox.idx

08/19/07 06:30p 1172 --ahs---- C:\WINNT\system32\drivers\fidbox2.idx

07/30/07 07:19p 92504 --a------ C:\WINNT\system32\cdm.dll

07/28/07 04:25p 271 ---h----- C:\Program Files\desktop.ini

07/28/07 04:25p 21952 ---h----- C:\Program Files\folder.htt

06/26/07 02:57a 235280 --a------ C:\WINNT\system32\GDI32.DLL

06/06/07 11:50p 1119232 --a------ C:\WINNT\system32\msxml3.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [06/21/07 09:54p]

"Synchronization Manager"="mobsync.exe" [12/31/02 05:00a C:\WINNT\system32\mobsync.exe]

"AVG7_CC"="C:\Program Files\Grisoft\AVG7\avgcc.exe" [08/17/07 10:32a]

"MSConfig"="C:\Documents and Settings\chris\My Documents\msconfig.exe" [08/04/07 10:06p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\chris\Start Menu\Programs\Startup\

Trillian.lnk - C:\Program Files\Trillian Pro\trillian.exe [2007-07-28 18:14:43]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

R1 Avg7RsNT;AVG7 Resident Driver NT;C:\WINNT\system32\Drivers\avg7rsnt.sys

*Newly Created Service* - SIWIO

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-24 03:13:28

Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 08/24/2007 3:14:28

--- E O F ---

loag also someone please look an expert thank you >>>>>>>>>>>>>>>>>

an heres SMITHFRAUD REPORT ALSO>>>>>>>>>>>>>>>>>>>>>>>>

SMITH FRAUD REPORT ALSO >>>>>>>>>>>>>>>>>>>>SmitFraudFix v2.216

Scan done at 12:00:13.67, Fri 08/24/2007

Run from C:\Program Files\Mozilla Firefox\SmitfraudFix

OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Program Files\TightVNC\WinVNC.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\explorer.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\Program Files\Trillian Pro\trillian.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINNT\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\chris

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\chris\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\chris\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NDIS 5.0 driver

DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0516AB7D-9AF5-48F6-B899-ACB54132F533}: DhcpNameServer=192.168.2.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{0516AB7D-9AF5-48F6-B899-ACB54132F533}: DhcpNameServer=192.168.2.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{0516AB7D-9AF5-48F6-B899-ACB54132F533}: DhcpNameServer=192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Link to post
Share on other sites
an also here is my combofixComboFix 07-08-17.2 - "chris" 08/24/2007 3:11:29.1 - NTFSx86

Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.129 [GMT -7:00]

((((((((((((((((((((((((( Files Created from 2007-07-24 to 2007-08-24 )))))))))))))))))))))))))))))))

2007-08-24 03:08 51,200 --a------ C:\WINNT\nircmd.exe

2007-08-23 22:23 <DIR> d-------- C:\DOCUME~1\chris\APPLIC~1\gtopala

2007-08-23 22:19 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_390.dat

2007-08-23 16:21 <DIR> d-------- C:\WINNT\system32\SoftwareDistribution

2007-08-21 20:16 <DIR> d-------- C:\WINNT\Downloaded Installations

2007-08-19 18:26 75,932 --a------ C:\WINNT\system32\drivers\klick.dat

2007-08-19 18:26 75,248 --a------ C:\WINNT\zllsputility.exe

2007-08-19 18:26 74,396 --a------ C:\WINNT\system32\drivers\klin.dat

2007-08-19 18:25 14,368 --ahs---- C:\WINNT\system32\drivers\fidbox.dat

2007-08-19 18:25 110,360 --a------ C:\WINNT\system32\drivers\kl1.sys

2007-08-19 18:25 1,086,952 --a------ C:\WINNT\system32\zpeng24.dll

2007-08-19 18:25 1,056 --ahs---- C:\WINNT\system32\drivers\fidbox2.dat

2007-08-19 18:25 <DIR> d-------- C:\WINNT\system32\ZoneLabs

2007-08-18 20:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

2007-08-18 10:34 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2fc.dat

2007-08-17 17:35 <DIR> d-------- C:\Program Files\Enigma Software Group

2007-08-15 09:48 <DIR> d-------- C:\DOCUME~1\chris\APPLIC~1\OpenOffice.org2

2007-08-06 10:09 <DIR> d-------- C:\My Downloads

2007-08-05 06:56 <DIR> d--h----- C:\WINNT\PIF

2007-08-04 22:06 <DIR> d-------- C:\WINNT\pss

2007-08-04 17:08 <DIR> d-------- C:\Program Files\Crawler

2007-08-04 15:05 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive

2007-08-04 15:04 <DIR> d-a------ C:\Program Files\Common Files\Motive

2007-08-01 23:29 <DIR> d-a------ C:\WINNT\system32\appmgmt

2007-08-01 20:32 <DIR> d-------- C:\Program Files\TightVNC

2007-08-01 19:40 4,212 ---h----- C:\WINNT\system32\zllictbl.dat

2007-08-01 19:40 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier

2007-08-01 19:39 11,264 --a------ C:\WINNT\system32\SpOrder.dll

2007-08-01 19:32 <DIR> d-a------ C:\WINNT\Internet Logs

2007-08-01 18:00 <DIR> d-------- C:\Program Files\Trend Micro

2007-07-30 20:25 <DIR> d-------- C:\DOCUME~1\chris\APPLIC~1\vlc

2007-07-30 19:19 203,096 --a------ C:\WINNT\system32\wuweb.dll

2007-07-30 19:18 207,736 --a------ C:\WINNT\system32\muweb.dll

2007-07-29 10:39 <DIR> d-------- C:\DOCUME~1\chris\Shared

2007-07-29 10:39 <DIR> d-------- C:\DOCUME~1\chris\Incomplete

2007-07-29 10:38 <DIR> d-------- C:\DOCUME~1\chris\APPLIC~1\LimeWire

2007-07-28 23:02 <DIR> d-------- C:\Program Files\Absolute Poker

2007-07-28 23:02 <DIR> d-------- C:\Program Files\_uninstallation_info

2007-07-28 20:27 <DIR> d-------- C:\DOCUME~1\chris\APPLIC~1\Azureus

2007-07-28 20:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus

2007-07-28 20:19 <DIR> d-------- C:\Program Files\Azureus

2007-07-28 20:13 87,040 --a------ C:\WINNT\system32\drmstor.dll

2007-07-28 20:13 43,528 --------- C:\WINNT\system32\drivers\PxHelp20.sys

2007-07-28 20:13 306,424 --a------ C:\WINNT\system32\drmclien.dll

2007-07-28 20:13 129,784 --------- C:\WINNT\system32\pxafs.dll

2007-07-28 20:12 <DIR> d-------- C:\Program Files\Winamp

2007-07-28 20:08 765,952 --a------ C:\WINNT\system32\xvidcore.dll

2007-07-28 20:08 73,728 --a------ C:\WINNT\system32\dpl100.dll

2007-07-28 20:08 639,066 --a------ C:\WINNT\system32\divx.dll

2007-07-28 20:08 3,596,288 --a------ C:\WINNT\system32\qt-dx331.dll

2007-07-28 20:08 200,704 --a------ C:\WINNT\system32\ssldivx.dll

2007-07-28 20:08 196,608 --a------ C:\WINNT\system32\dtu100.dll

2007-07-28 20:08 180,224 --a------ C:\WINNT\system32\xvidvfw.dll

2007-07-28 20:08 10,752 --a------ C:\WINNT\system32\ff_vfw.dll

2007-07-28 20:08 1,415,680 --a------ C:\WINNT\system32\wmv9vcm.dll

2007-07-28 20:08 1,044,480 --a------ C:\WINNT\system32\libdivx.dll

2007-07-28 20:08 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

2007-07-28 19:48 <DIR> d-------- C:\WINNT\PCHEALTH

2007-07-28 19:43 <DIR> d-------- C:\WINNT\system32\URTTemp

2007-07-28 19:18 98,304 --a------ C:\WINNT\system32\wmpshell.dll

2007-07-28 19:18 940,544 --a------ C:\WINNT\system32\wmspdmoe.dll

2007-07-28 19:18 9,464 --------- C:\WINNT\system32\drivers\cdralw2k.sys

2007-07-28 19:18 9,336 --------- C:\WINNT\system32\drivers\cdr4_2K.sys

2007-07-28 19:18 895,736 --a------ C:\WINNT\system32\wmvdmod.dll

2007-07-28 19:18 774,904 --a------ C:\WINNT\system32\wmsdmod.dll

2007-07-28 19:18 716,288 --a------ C:\WINNT\system32\wmadmoe.dll

2007-07-28 19:18 7,680 --a------ C:\WINNT\system32\asferror.dll

2007-07-28 19:18 6,656 --a------ C:\WINNT\system32\laprxy.dll

2007-07-28 19:18 57,344 --a------ C:\WINNT\uneng.exe

2007-07-28 19:18 52,224 --a------ C:\WINNT\system32\mspmsnsv.dll

2007-07-28 19:18 49,152 --a------ C:\WINNT\system32\cdrtc.dll

2007-07-28 19:18 45,056 --a------ C:\WINNT\system32\cdral.dll

2007-07-28 19:18 413,944 --a------ C:\WINNT\system32\wmspdmod.dll

2007-07-28 19:18 401,462 --a------ C:\WINNT\system32\Msvcp60.dll

2007-07-28 19:18 396,528 --a------ C:\WINNT\system32\wmadmod.dll

2007-07-28 19:18 384,512 --a------ C:\WINNT\system32\mp4sdmod.dll

2007-07-28 19:18 358,912 --a------ C:\WINNT\system32\msscp.dll

2007-07-28 19:18 317,176 --a------ C:\WINNT\system32\mp43dmod.dll

2007-07-28 19:18 27,136 --a------ C:\WINNT\system32\wmdmlog.dll

2007-07-28 19:18 245,760 --a------ C:\WINNT\system32\mswmdm.dll

2007-07-28 19:18 240,640 --a------ C:\WINNT\system32\mpg4dmod.dll

2007-07-28 19:18 23,552 --a------ C:\WINNT\system32\wmdmps.dll

2007-07-28 19:18 225,280 --a------ C:\WINNT\system32\wmpdxm.dll

2007-07-28 19:18 208,896 --a------ C:\WINNT\system32\wmpns.dll

2007-07-28 19:18 201,728 --a------ C:\WINNT\system32\mspmsp.dll

2007-07-28 19:18 20,480 --a------ C:\WINNT\system32\wmpui.dll

2007-07-28 19:18 20,480 --a------ C:\WINNT\system32\wmpcore.dll

2007-07-28 19:18 20,480 --a------ C:\WINNT\system32\wmpcd.dll

2007-07-28 19:18 2,940,928 --a------ C:\WINNT\system32\wmploc.dll

2007-07-28 19:18 167,936 --a------ C:\WINNT\system32\wmerror.dll

2007-07-28 19:18 159,232 --a------ C:\WINNT\system32\CEWMDM.dll

2007-07-28 19:18 151,552 --a------ C:\WINNT\system32\wmidx.dll

2007-07-28 19:18 106,496 --a------ C:\WINNT\system32\wmpasf.dll

2007-07-28 19:18 103,936 --a------ C:\WINNT\system32\logagent.exe

2007-07-28 19:18 1,119,744 --a------ C:\WINNT\system32\wmsdmoe2.dll

2007-07-28 19:18 1,022,464 --a------ C:\WINNT\system32\wmnetmgr.dll

2007-07-28 19:18 1,003,008 --a------ C:\WINNT\system32\wmvdmoe2.dll

2007-07-28 19:18 <DIR> d-------- C:\Program Files\Common Files\Adaptec Shared

2007-07-28 19:17 696,320 --a------ C:\WINNT\system32\drmv2clt.dll

2007-07-28 19:17 294,400 --a------ C:\WINNT\system32\blackbox.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

12/31/02 05:00a 32528 --a------ C:\WINNT\inf\wbfirdma.sys

08/19/07 06:30p 1244 --ahs---- C:\WINNT\system32\drivers\fidbox.idx

08/19/07 06:30p 1172 --ahs---- C:\WINNT\system32\drivers\fidbox2.idx

07/30/07 07:19p 92504 --a------ C:\WINNT\system32\cdm.dll

07/28/07 04:25p 271 ---h----- C:\Program Files\desktop.ini

07/28/07 04:25p 21952 ---h----- C:\Program Files\folder.htt

06/26/07 02:57a 235280 --a------ C:\WINNT\system32\GDI32.DLL

06/06/07 11:50p 1119232 --a------ C:\WINNT\system32\msxml3.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [06/21/07 09:54p]

"Synchronization Manager"="mobsync.exe" [12/31/02 05:00a C:\WINNT\system32\mobsync.exe]

"AVG7_CC"="C:\Program Files\Grisoft\AVG7\avgcc.exe" [08/17/07 10:32a]

"MSConfig"="C:\Documents and Settings\chris\My Documents\msconfig.exe" [08/04/07 10:06p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\chris\Start Menu\Programs\Startup\

Trillian.lnk - C:\Program Files\Trillian Pro\trillian.exe [2007-07-28 18:14:43]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

R1 Avg7RsNT;AVG7 Resident Driver NT;C:\WINNT\system32\Drivers\avg7rsnt.sys

*Newly Created Service* - SIWIO

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-24 03:13:28

Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 08/24/2007 3:14:28

--- E O F ---

loag also someone please look an expert thank you >>>>>>>>>>>>>>>>>

an heres SMITHFRAUD REPORT ALSO>>>>>>>>>>>>>>>>>>>>>>>>

SMITH FRAUD REPORT ALSO >>>>>>>>>>>>>>>>>>>>SmitFraudFix v2.216

Scan done at 12:00:13.67, Fri 08/24/2007

Run from C:\Program Files\Mozilla Firefox\SmitfraudFix

OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Program Files\TightVNC\WinVNC.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\explorer.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\Program Files\Trillian Pro\trillian.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINNT\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\chris

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\chris\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\chris\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NDIS 5.0 driver

DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0516AB7D-9AF5-48F6-B899-ACB54132F533}: DhcpNameServer=192.168.2.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{0516AB7D-9AF5-48F6-B899-ACB54132F533}: DhcpNameServer=192.168.2.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{0516AB7D-9AF5-48F6-B899-ACB54132F533}: DhcpNameServer=192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

wow this site takes forever for to get some help cant belive this stuff

Link to post
Share on other sites

Hi coriell12277,

By replying to your own log it makes it seem you're getting help. The helpers here look for posts with 0 replies first.

Sorry about the wait, please post a new HJT log and I will have someone on the look out for your thread.

B

Link to post
Share on other sites

ok heres my new log guys thanx ill be here all day thanx hjt log >>>>>>>>>>>>>>>>>>>>>>Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:56:46 PM, on 8/25/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\WINNT\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Comodo\CBOClean\BOCORE.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Program Files\TightVNC\WinVNC.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\svchost.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Program Files\Trillian Pro\trillian.exe

C:\Program Files\Comodo\CBOClean\BOC425.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [AVG7_CC] C:\Program Files\Grisoft\AVG7\avgcc.exe \STARTUP

O4 - HKLM\..\Run: [bOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O4 - Startup: Trillian.lnk = C:\Program Files\Trillian Pro\trillian.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\chris\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\chris\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187911231519

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187911210589

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--

End of file - 5484 bytes

Link to post
Share on other sites

Hi coriell. I'm Ryan and I'll be helping you clean your computer.

You will want to print out these instructions, or save them to notepad so that you can refer to them later.

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

  • Close all Internet Explorer, Firefox, and Opera windows before continuing.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please do an online scan with Kaspersky WebScanner

You will need to use Internet Explorer to do this

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT

  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)

    • Scan Options:

    • Scan Archives
      Scan Mail Bases

    [*]Click OK

    [*]Now under select a target to scan:

    • Select My Computer

    [*]This will program will start and scan your system.

    [*]The scan will take a while so be patient and let it run.

    [*]Once the scan is complete it will display if your system has been infected.

    • Now click on the Save as Text button:

    [*]Save the file to your desktop.

    [*]Copy and paste that information in your next post.

I would like to see an Uninstall list.

Open HijackThis, click Config, click Misc Tools

Click "Open Uninstall Manager"

Click "Save List" (generates uninstall_list.txt)

-Ryan

Link to post
Share on other sites
Hi coriell. I'm Ryan and I'll be helping you clean your computer.

You will want to print out these instructions, or save them to notepad so that you can refer to them later.

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

  • Close all Internet Explorer, Firefox, and Opera windows before continuing.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please do an online scan with Kaspersky WebScanner

You will need to use Internet Explorer to do this

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT

  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)

    • Scan Options:

    • Scan Archives
      Scan Mail Bases

    [*]Click OK

    [*]Now under select a target to scan:

    • Select My Computer

    [*]This will program will start and scan your system.

    [*]The scan will take a while so be patient and let it run.

    [*]Once the scan is complete it will display if your system has been infected.

    • Now click on the Save as Text button:

    [*]Save the file to your desktop.

    [*]Copy and paste that information in your next post.

I would like to see an Uninstall list.

Open HijackThis, click Config, click Misc Tools

Click "Open Uninstall Manager"

Click "Save List" (generates uninstall_list.txt)

-Ryan

heres what ya needed unstalled list from hjt >>>>>>>>>>>>>>>>>>>>>>>>>.Absolute Poker

Adobe Flash Player ActiveX

Adobe Reader 8.1.0

Adobe Shockwave Player

AVG 7.5

Azureus Vuze

BOClean

CCleaner (remove only)

Google Toolbar for Internet Explorer

Google Toolbar for Internet Explorer

HijackThis 2.0.2

Hotfix for MDAC 2.53 (KB927779)

Java 6 Update 2

K-Lite Codec Pack 2.84 Full

LimeWire PRO 4.12.3

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0

Microsoft Base Smart Card Cryptographic Service Provider Package

Mozilla Firefox (2.0.0.6)

MSN Messenger 7.0

OpenOffice.org 2.2

QuickTime Alternative 1.81

Real Alternative 1.52

Recuva (remove only)

Security Update for Microsoft .NET Framework 2.0 (KB928365)

Security Update for Windows 2000 (KB904706)

Security Update for Windows 2000 (KB923689)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows Media Player 9 (KB936782)

Spybot - Search & Destroy 1.4

TightVNC 1.3.9

Trillian Pro 3.1 Build 121 Final

Update Rollup 1 for Windows 2000 SP4

VideoLAN VLC media player 0.8.6b

Winamp (remove only)

Windows 2000 Hotfix - KB842773

Windows 2000 Hotfix - KB890046

Windows 2000 Hotfix - KB893756

Windows 2000 Hotfix - KB896358

Windows 2000 Hotfix - KB896422

Windows 2000 Hotfix - KB896423

Windows 2000 Hotfix - KB899587

Windows 2000 Hotfix - KB899589

Windows 2000 Hotfix - KB900725

Windows 2000 Hotfix - KB901017

Windows 2000 Hotfix - KB901214

Windows 2000 Hotfix - KB905414

Windows 2000 Hotfix - KB905495

Windows 2000 Hotfix - KB905749

Windows 2000 Hotfix - KB908519

Windows 2000 Hotfix - KB908531

Windows 2000 Hotfix - KB911280

Windows 2000 Hotfix - KB913580

Windows 2000 Hotfix - KB914388

Windows 2000 Hotfix - KB914389

Windows 2000 Hotfix - KB917008

Windows 2000 Hotfix - KB917736

Windows 2000 Hotfix - KB917953

Windows 2000 Hotfix - KB918118

Windows 2000 Hotfix - KB920213

Windows 2000 Hotfix - KB920670

Windows 2000 Hotfix - KB920683

Windows 2000 Hotfix - KB920685

Windows 2000 Hotfix - KB921398

Windows 2000 Hotfix - KB921503

Windows 2000 Hotfix - KB922582

Windows 2000 Hotfix - KB923191

Windows 2000 Hotfix - KB923414

Windows 2000 Hotfix - KB923694

Windows 2000 Hotfix - KB923980

Windows 2000 Hotfix - KB924191

Windows 2000 Hotfix - KB924270

Windows 2000 Hotfix - KB924667

Windows 2000 Hotfix - KB925902

Windows 2000 Hotfix - KB926122

Windows 2000 Hotfix - KB926436

Windows 2000 Hotfix - KB927891

Windows 2000 Hotfix - KB928843

Windows 2000 Hotfix - KB929969

Windows 2000 Hotfix - KB930178

Windows 2000 Hotfix - KB931784

Windows 2000 Hotfix - KB932168

Windows 2000 Hotfix - KB933566

Windows 2000 Hotfix - KB935839

Windows 2000 Hotfix - KB935840

Windows 2000 Hotfix - KB936021

Windows 2000 Hotfix - KB937143

Windows 2000 Hotfix - KB938127

Windows 2000 Hotfix - KB938829

Windows Installer 3.1 (KB893803)

Windows Installer Clean Up

Windows Media Player Hotfix [see Q828026 for more information]

Windows Media Player system update (9 Series)

WinRAR archiver

Wisdom-soft ScreenHunter 5.0 Free

Wisdom-soft Toolbar

Yahoo! Install Manager

Yahoo! Messenger

Yahoo! Toolbar

ZoneAlarm

Link to post
Share on other sites

Based on the uninstall list, here are 3 potential programs to uninstall.

Azureus Vuze

LimeWire PRO 4.12.3

  • P2P file sharing programs like the above have their legitimate uses, but can also be used to download copyrighted material, and increases the risk of infecting your computer.

TightVNC 1.3.9

  • Allows remote users to connect to the computer. If you or someone else that uses this computer did not install it, please uninstall it and let me know.

Please do an online scan with Kaspersky WebScanner

You will need to use Internet Explorer to do this

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT

  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)

    • Scan Options:

    • Scan Archives
      Scan Mail Bases

    [*]Click OK

    [*]Now under select a target to scan:

    • Select My Computer

    [*]This will program will start and scan your system.

    [*]The scan will take a while so be patient and let it run.

    [*]Once the scan is complete it will display if your system has been infected.

    • Now click on the Save as Text button:

    [*]Save the file to your desktop.

    [*]Copy and paste that information in your next post.

-Ryan

Link to post
Share on other sites

heres the kaspersky scan log said i got 1 virus an 5 objects infected >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\dzgcd2ni.default\cert8.db Object is locked skipped

C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\dzgcd2ni.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\dzgcd2ni.default\history.dat Object is locked skipped

C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\dzgcd2ni.default\key3.db Object is locked skipped

C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\dzgcd2ni.default\parent.lock Object is locked skipped

C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\dzgcd2ni.default\search.sqlite Object is locked skipped

C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\dzgcd2ni.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\chris\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\chris\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\chris\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\dzgcd2ni.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\dzgcd2ni.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\dzgcd2ni.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\dzgcd2ni.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\chris\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\chris\Local Settings\Temp\~DF43DE.tmp Object is locked skipped

C:\Documents and Settings\chris\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\chris\My Documents\AIM\Console\AIM - coriell12277.log Object is locked skipped

C:\Documents and Settings\chris\My Documents\AIM\Console\AIM - coriell12374.log Object is locked skipped

C:\Documents and Settings\chris\My Documents\AIM\Console\AIM - coriellmo.log Object is locked skipped

C:\Documents and Settings\chris\My Documents\MSN\Console\MSN - [email protected] Object is locked skipped

C:\Documents and Settings\chris\My Documents\MSN\Console\MSN - [email protected] Object is locked skipped

C:\Documents and Settings\chris\My Documents\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\chris\My Documents\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\chris\My Documents\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\chris\My Documents\SmitfraudFix.exe RarSFX: infected - 2 skipped

C:\Documents and Settings\chris\My Documents\YAHOO\Console\YAHOO - coriell12277.log Object is locked skipped

C:\Documents and Settings\chris\My Documents\YAHOO\Console\YAHOO - tigger_12374.log Object is locked skipped

C:\Documents and Settings\chris\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\chris\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Default User\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\WINNT\CSC0000001 Object is locked skipped

C:\WINNT\Debug\ipsecpa.log Object is locked skipped

C:\WINNT\Debug\oakley.log Object is locked skipped

C:\WINNT\Debug\PASSWD.LOG Object is locked skipped

C:\WINNT\Internet Logs\CHRIS-673DA2015.ldb Object is locked skipped

C:\WINNT\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINNT\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINNT\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINNT\Internet Logs\tvDebug.log Object is locked skipped

C:\WINNT\SchedLgU.Txt Object is locked skipped

C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped

C:\WINNT\system32\config\default Object is locked skipped

C:\WINNT\system32\config\default.LOG Object is locked skipped

C:\WINNT\system32\config\SAM Object is locked skipped

C:\WINNT\system32\config\SAM.LOG Object is locked skipped

C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped

C:\WINNT\system32\config\SECURITY Object is locked skipped

C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped

C:\WINNT\system32\config\software Object is locked skipped

C:\WINNT\system32\config\software.LOG Object is locked skipped

C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped

C:\WINNT\system32\config\system Object is locked skipped

C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped

C:\WINNT\system32\drivers\fidbox.dat Object is locked skipped

C:\WINNT\system32\drivers\fidbox.idx Object is locked skipped

C:\WINNT\system32\drivers\fidbox2.dat Object is locked skipped

C:\WINNT\system32\drivers\fidbox2.idx Object is locked skipped

C:\WINNT\temp\ZLT02bb8.TMP Object is locked skipped

C:\WINNT\temp\ZLT02bc2.TMP Object is locked skipped

C:\WINNT\WindowsUpdate.log Object is locked skipped

Scan process completed.

Link to post
Share on other sites

The only thing that the Kaspersky scan found were risk tools - that is, tools that can be used for both good and bad. In this case, it was a tool included in the SmitFraudFix program that is used to reboot your computer.

If you want to, you can remove the following file and folder.

C:\Documents and Settings\chris\My Documents\SmitfraudFix.exe

C:\Program Files\Mozilla Firefox\SmitfraudFix\

-Ryan

Link to post
Share on other sites

Just do the following:

go to start > Run: paste del "C:\Documents and Settings\chris\My Documents\SmitfraudFix.exe" and hit enter. Then paste: rmdir "C:\Program Files\Mozilla Firefox\SmitfraudFix\" /S /Q and hit enter.

-Ryan

Link to post
Share on other sites

i just went everywhere to find it an deleted it my self heres another hjt log >>>>>>>>>>>>>>>>>>.Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:17:29 PM, on 8/26/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\WINNT\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Comodo\CBOClean\BOCORE.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\Explorer.EXE

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Program Files\TightVNC\WinVNC.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\PROGRA~1\Comodo\CBOClean\BOC425.exe

C:\WINNT\StartupMonitor.exe

C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe

C:\Program Files\Trillian Pro\trillian.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll

F3 - REG:win.ini: load=

F3 - REG:win.ini: run=

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [AVG7_CC] C:\Program Files\Grisoft\AVG7\avgcc.exe \STARTUP

O4 - HKLM\..\Run: [bOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe

O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O4 - Startup: Trillian.lnk = C:\Program Files\Trillian Pro\trillian.exe

O4 - Global Startup: Firefox Preloader.lnk = C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\chris\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\chris\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187911231519

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187911210589

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--

End of file - 6043 bytes

Link to post
Share on other sites

You can fix these items, they are clutter and don't need to be fixed.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

F3 - REG:win.ini: load=

F3 - REG:win.ini: run=

Other than that, the log is fine.

-Ryan

Link to post
Share on other sites

i went to the log from hjt an put a check mark by them an hit fix checked is that the way i was suppose to do it ????????? heres the log again to make sure >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:28:27 PM, on 8/26/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\WINNT\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Comodo\CBOClean\BOCORE.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\Explorer.EXE

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Program Files\TightVNC\WinVNC.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\PROGRA~1\Comodo\CBOClean\BOC425.exe

C:\WINNT\StartupMonitor.exe

C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe

C:\Program Files\Trillian Pro\trillian.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [AVG7_CC] C:\Program Files\Grisoft\AVG7\avgcc.exe \STARTUP

O4 - HKLM\..\Run: [bOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe

O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O4 - Startup: Trillian.lnk = C:\Program Files\Trillian Pro\trillian.exe

O4 - Global Startup: Firefox Preloader.lnk = C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\chris\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\chris\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187911231519

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187911210589

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--

End of file - 5780 bytes

Link to post
Share on other sites
Guest
This topic is now closed to further replies.