do just post this?:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:19 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\?ystem32\t?skmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {95D6A13E-47DD-6A7F-D25A-3FE675850E97} - C:\WINDOWS\system32\pwmbpix.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Counter-Strike Condition Zero Keygen] C:\Documents and Settings\Owner\Desktop\Counter-Strike Condition Zero Keygen.exe
O4 - HKLM\..\Run: [WinUpdate] C:\cmon.exe
O4 - HKLM\..\Run: [Counter Strike Stream hack] C:\Documents and Settings\Owner\Desktop\Counter Strike Stream hack.exe
O4 - HKLM\..\Run: [Counter Strike] C:\Documents and Settings\Owner\Desktop\Counter Strike.exe
O4 - HKLM\..\Run: [Spy Sweeper 3.2 147 Crack] C:\Documents and Settings\Owner\Desktop\Spy Sweeper 3.2 147 Crack.exe
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Walgreens PhotoShow Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\system32\svhost.exe
O4 - HKCU\..\Run: [Ucro] "C:\WINDOWS\system32\SMBOLS~1\wowexec.exe" -vt yazb
O4 - HKCU\..\Run: [Gyfil] C:\WINDOWS\??sks\n?tepad.exe
O4 - HKCU\..\Run: [Sgpz] "C:\Program Files\Common Files\?ystem32\t?skmgr.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RW5yaWNv\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\propry.html
--
End of file - 5095 bytes
Full Version: i have outerinfo pop-ups
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
Hello.radiofriendly & Welcome
Download ComboFix from Here or Here to your Desktop.
[*]Double click combofix.exe and follow the prompts.
[*]When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Gogo
Download ComboFix from Here or Here to your Desktop.
[*]Double click combofix.exe and follow the prompts.
[*]When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Gogo
ComboFix Log:
ComboFix 07-12-02.5 - Owner 2007-12-01 21:14:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\cmon.exe
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\asks~1
C:\Program Files\Common Files\ystem3~1
C:\Program Files\Common Files\ystem3~1\t?skmgr.exe
C:\Program Files\icroso~1
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\close.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\htmlctrl.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\login.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\unmax.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\wardrobe.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Temporary
C:\Program Files\Windows NT\propry.html
C:\Program Files\wnsxs~1
C:\Program Files\ystem3~1
C:\WINDOWS\b111.exe
C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\RW5yaWNv\
C:\WINDOWS\RW5yaWNv\\lqcVuqhS.vbs
C:\WINDOWS\sks~1
C:\WINDOWS\system32\pwmbpix.dll
C:\WINDOWS\system32\smbols~1
C:\WINDOWS\system32\smbols~1\s?mbols\
C:\WINDOWS\system32\smbols~1\wowexec.exe
C:\WINDOWS\system32\svhost.exe
C:\WINDOWS\system32\wapiisv.exe
C:\WINDOWS\uninstall_nmon.vbs
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.
2007-12-01 20:28 . 2007-12-01 20:28 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-01 19:34 . 2007-12-01 19:35 <DIR> d-------- C:\Program Files\SpyNoMore
2007-12-01 19:34 . 2007-12-01 19:34 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-11-29 21:47 . 2007-11-29 21:47 4,286 --a------ C:\WINDOWS\system32\everybodybets.32x32.4.ico
2007-11-26 01:52 . 2007-11-26 17:37 <DIR> d-------- C:\Program Files\Common Files\rkkw
2007-11-25 10:50 . 2007-11-25 10:50 2,238 --a------ C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico
2007-11-23 21:10 . 2007-11-23 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-23 20:40 . 2007-11-23 20:43 870,128 --a------ C:\WINDOWS\system32\mcs.rma
2007-11-23 20:40 . 2007-11-23 20:43 4 --a------ C:\WINDOWS\system32\454445
2007-11-23 20:36 . 2007-11-24 07:04 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-23 20:35 . 2007-11-23 20:36 <DIR> d-------- C:\Program Files\Common Files\Real
2007-11-23 20:35 . 2007-11-23 20:35 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2007-11-23 20:17 . 2007-11-23 20:17 <DIR> d-------- C:\Program Files\SanDisk
2007-11-23 19:33 . 2007-11-25 01:17 <DIR> d-------- C:\Program Files\Best Buy Rhapsody
2007-11-19 22:41 . 1999-09-04 21:23 91,136 -ra------ C:\WINDOWS\system32\msls2.dll
2007-11-16 14:44 . 2007-11-16 14:44 <DIR> d-------- C:\Program Files\Winamp
2007-11-16 14:44 . 2007-11-16 14:44 <DIR> d-------- C:\Program Files\La
2007-11-07 19:56 . 2007-11-07 19:56 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Move Networks
2007-11-04 00:19 . 2007-11-04 00:41 361 --a------ C:\WINDOWS\system32\koffe
2007-11-04 00:17 . 2007-11-04 00:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Oxin's Style!
2007-11-03 23:37 . 2007-12-01 20:43 108,336 --a------ C:\WINDOWS\system32\mswinsck.ocx
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 05:20 --------- d-----w C:\Program Files\Lx_cats
2007-11-30 04:55 --------- d-----w C:\Program Files\Java
2007-11-28 01:23 --------- d-----w C:\Program Files\Analog Devices
2007-11-26 01:11 --------- d-----w C:\Program Files\Mp3 My Mp3 2.0
2007-11-25 01:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\FrostWire
2007-11-24 04:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-22 02:14 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2007-11-14 04:27 --------- d-----w C:\Program Files\FrostWire
2005-05-14 00:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-07-14 19:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 22:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 05:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2004-01-25 07:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2005-02-28 20:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 07:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"Steam"="C:\Program Files\Steam\Steam.exe" []
"Walgreens PhotoShow Media Manager"="C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe" []
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2004-04-27 14:18]
"Ucro"="C:\WINDOWS\system32\SMBOLS~1\wowexec.exe" []
"Gyfil"="C:\WINDOWS\??sks\n?tepad.exe" []
"Sgpz"="C:\Program Files\Common Files\?ystem32\t?skmgr.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-11-17 23:24]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-11-17 23:11]
"Counter-Strike Condition Zero Keygen"="C:\Documents and Settings\Owner\Desktop\Counter-Strike Condition Zero Keygen.exe" []
"Counter Strike Stream hack"="C:\Documents and Settings\Owner\Desktop\Counter Strike Stream hack.exe" []
"Counter Strike"="C:\Documents and Settings\Owner\Desktop\Counter Strike.exe" []
"Spy Sweeper 3.2 147 Crack"="C:\Documents and Settings\Owner\Desktop\Spy Sweeper 3.2 147 Crack.exe" []
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 04:09]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"MP10_EnsureFileVer"="C:\WINDOWS\inf\unregmp2.exe" [2004-08-04 04:00]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" [2007-11-15 03:02]
S3 FA101;NETGEAR FA101 USB Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\FA101ND5.SYS
S3 iscFlash;iscFlash;\??\C:\WINDOWS\SYSTEM32\DRIVERS\iscflash.sys
S3 RenameMe;RenameMe;\??\C:\WINDOWS\system32\RenameMe.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1263e66-56a0-11dc-8aaf-000347d64388}]
\Shell\AutoRun\command - F:\PortableVault.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B33E3675-F7C0-F095-EF05-FA01200FE904}]
C:\WINDOWS\system32\svhost.exe
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 21:20:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-01 21:22:10 - machine was rebooted
.
--- E O F ---
HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:05 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Counter-Strike Condition Zero Keygen] C:\Documents and Settings\Owner\Desktop\Counter-Strike Condition Zero Keygen.exe
O4 - HKLM\..\Run: [Counter Strike Stream hack] C:\Documents and Settings\Owner\Desktop\Counter Strike Stream hack.exe
O4 - HKLM\..\Run: [Counter Strike] C:\Documents and Settings\Owner\Desktop\Counter Strike.exe
O4 - HKLM\..\Run: [Spy Sweeper 3.2 147 Crack] C:\Documents and Settings\Owner\Desktop\Spy Sweeper 3.2 147 Crack.exe
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Walgreens PhotoShow Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Ucro] "C:\WINDOWS\system32\SMBOLS~1\wowexec.exe" -vt yazb
O4 - HKCU\..\Run: [Gyfil] C:\WINDOWS\??sks\n?tepad.exe
O4 - HKCU\..\Run: [Sgpz] "C:\Program Files\Common Files\?ystem32\t?skmgr.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
--
End of file - 4886 bytes
ComboFix 07-12-02.5 - Owner 2007-12-01 21:14:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\cmon.exe
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\asks~1
C:\Program Files\Common Files\ystem3~1
C:\Program Files\Common Files\ystem3~1\t?skmgr.exe
C:\Program Files\icroso~1
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\close.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\htmlctrl.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\login.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\unmax.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\wardrobe.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Temporary
C:\Program Files\Windows NT\propry.html
C:\Program Files\wnsxs~1
C:\Program Files\ystem3~1
C:\WINDOWS\b111.exe
C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\RW5yaWNv\
C:\WINDOWS\RW5yaWNv\\lqcVuqhS.vbs
C:\WINDOWS\sks~1
C:\WINDOWS\system32\pwmbpix.dll
C:\WINDOWS\system32\smbols~1
C:\WINDOWS\system32\smbols~1\s?mbols\
C:\WINDOWS\system32\smbols~1\wowexec.exe
C:\WINDOWS\system32\svhost.exe
C:\WINDOWS\system32\wapiisv.exe
C:\WINDOWS\uninstall_nmon.vbs
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.
2007-12-01 20:28 . 2007-12-01 20:28 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-01 19:34 . 2007-12-01 19:35 <DIR> d-------- C:\Program Files\SpyNoMore
2007-12-01 19:34 . 2007-12-01 19:34 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-11-29 21:47 . 2007-11-29 21:47 4,286 --a------ C:\WINDOWS\system32\everybodybets.32x32.4.ico
2007-11-26 01:52 . 2007-11-26 17:37 <DIR> d-------- C:\Program Files\Common Files\rkkw
2007-11-25 10:50 . 2007-11-25 10:50 2,238 --a------ C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico
2007-11-23 21:10 . 2007-11-23 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-23 20:40 . 2007-11-23 20:43 870,128 --a------ C:\WINDOWS\system32\mcs.rma
2007-11-23 20:40 . 2007-11-23 20:43 4 --a------ C:\WINDOWS\system32\454445
2007-11-23 20:36 . 2007-11-24 07:04 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-23 20:35 . 2007-11-23 20:36 <DIR> d-------- C:\Program Files\Common Files\Real
2007-11-23 20:35 . 2007-11-23 20:35 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2007-11-23 20:17 . 2007-11-23 20:17 <DIR> d-------- C:\Program Files\SanDisk
2007-11-23 19:33 . 2007-11-25 01:17 <DIR> d-------- C:\Program Files\Best Buy Rhapsody
2007-11-19 22:41 . 1999-09-04 21:23 91,136 -ra------ C:\WINDOWS\system32\msls2.dll
2007-11-16 14:44 . 2007-11-16 14:44 <DIR> d-------- C:\Program Files\Winamp
2007-11-16 14:44 . 2007-11-16 14:44 <DIR> d-------- C:\Program Files\La
2007-11-07 19:56 . 2007-11-07 19:56 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Move Networks
2007-11-04 00:19 . 2007-11-04 00:41 361 --a------ C:\WINDOWS\system32\koffe
2007-11-04 00:17 . 2007-11-04 00:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Oxin's Style!
2007-11-03 23:37 . 2007-12-01 20:43 108,336 --a------ C:\WINDOWS\system32\mswinsck.ocx
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 05:20 --------- d-----w C:\Program Files\Lx_cats
2007-11-30 04:55 --------- d-----w C:\Program Files\Java
2007-11-28 01:23 --------- d-----w C:\Program Files\Analog Devices
2007-11-26 01:11 --------- d-----w C:\Program Files\Mp3 My Mp3 2.0
2007-11-25 01:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\FrostWire
2007-11-24 04:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-22 02:14 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2007-11-14 04:27 --------- d-----w C:\Program Files\FrostWire
2005-05-14 00:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-07-14 19:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 22:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 05:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2004-01-25 07:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2005-02-28 20:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 07:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"Steam"="C:\Program Files\Steam\Steam.exe" []
"Walgreens PhotoShow Media Manager"="C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe" []
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2004-04-27 14:18]
"Ucro"="C:\WINDOWS\system32\SMBOLS~1\wowexec.exe" []
"Gyfil"="C:\WINDOWS\??sks\n?tepad.exe" []
"Sgpz"="C:\Program Files\Common Files\?ystem32\t?skmgr.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-11-17 23:24]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-11-17 23:11]
"Counter-Strike Condition Zero Keygen"="C:\Documents and Settings\Owner\Desktop\Counter-Strike Condition Zero Keygen.exe" []
"Counter Strike Stream hack"="C:\Documents and Settings\Owner\Desktop\Counter Strike Stream hack.exe" []
"Counter Strike"="C:\Documents and Settings\Owner\Desktop\Counter Strike.exe" []
"Spy Sweeper 3.2 147 Crack"="C:\Documents and Settings\Owner\Desktop\Spy Sweeper 3.2 147 Crack.exe" []
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 04:09]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"MP10_EnsureFileVer"="C:\WINDOWS\inf\unregmp2.exe" [2004-08-04 04:00]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" [2007-11-15 03:02]
S3 FA101;NETGEAR FA101 USB Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\FA101ND5.SYS
S3 iscFlash;iscFlash;\??\C:\WINDOWS\SYSTEM32\DRIVERS\iscflash.sys
S3 RenameMe;RenameMe;\??\C:\WINDOWS\system32\RenameMe.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1263e66-56a0-11dc-8aaf-000347d64388}]
\Shell\AutoRun\command - F:\PortableVault.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B33E3675-F7C0-F095-EF05-FA01200FE904}]
C:\WINDOWS\system32\svhost.exe
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 21:20:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-01 21:22:10 - machine was rebooted
.
--- E O F ---
HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:05 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Counter-Strike Condition Zero Keygen] C:\Documents and Settings\Owner\Desktop\Counter-Strike Condition Zero Keygen.exe
O4 - HKLM\..\Run: [Counter Strike Stream hack] C:\Documents and Settings\Owner\Desktop\Counter Strike Stream hack.exe
O4 - HKLM\..\Run: [Counter Strike] C:\Documents and Settings\Owner\Desktop\Counter Strike.exe
O4 - HKLM\..\Run: [Spy Sweeper 3.2 147 Crack] C:\Documents and Settings\Owner\Desktop\Spy Sweeper 3.2 147 Crack.exe
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Walgreens PhotoShow Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Ucro] "C:\WINDOWS\system32\SMBOLS~1\wowexec.exe" -vt yazb
O4 - HKCU\..\Run: [Gyfil] C:\WINDOWS\??sks\n?tepad.exe
O4 - HKCU\..\Run: [Sgpz] "C:\Program Files\Common Files\?ystem32\t?skmgr.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
--
End of file - 4886 bytes
Hi.radiofriendly
1. Close any open browsers.
2. Open notepad and copy/paste the text in the quote box below into it (but don't include the word: quote). Make sure to use NotePad and nothing else.
Save this as CFScript.txt, in the same location as ComboFix.exe
Click to view attachment
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Then come back here with both the HijackThis log and ComboFix.txt
Gogo
1. Close any open browsers.
2. Open notepad and copy/paste the text in the quote box below into it (but don't include the word: quote). Make sure to use NotePad and nothing else.
QUOTE
File::
C:\WINDOWS\system32\everybodybets.32x32.4.ico
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico
Folder::
C:\WINDOWS\system32\SMBOLS~1
C:\WINDOWS\??sks
C:\Program Files\Common Files\?ystem32
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gyfil"=-
"Sgpz"=-
"Ucro"=-
C:\WINDOWS\system32\everybodybets.32x32.4.ico
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico
Folder::
C:\WINDOWS\system32\SMBOLS~1
C:\WINDOWS\??sks
C:\Program Files\Common Files\?ystem32
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gyfil"=-
"Sgpz"=-
"Ucro"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
Click to view attachment
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Then come back here with both the HijackThis log and ComboFix.txt
Gogo
Hey.radiofriendly
I would just like to add here, You have a number of files on this PC. That are just a big bad idea to have, why take a chance in installing, this type of stuff. If I were you I'd just say bye bye to all of them.
Gogo
I would just like to add here, You have a number of files on this PC. That are just a big bad idea to have, why take a chance in installing, this type of stuff. If I were you I'd just say bye bye to all of them.
Gogo
ComboFix.txt:
ComboFix 07-12-02.5 - Owner 2007-12-01 22:10:53.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.449 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico
C:\WINDOWS\system32\everybodybets.32x32.4.ico
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico
C:\WINDOWS\system32\everybodybets.32x32.4.ico
.
((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.
2007-12-01 20:28 . 2007-12-01 20:28 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-01 19:34 . 2007-12-01 19:35 <DIR> d-------- C:\Program Files\SpyNoMore
2007-12-01 19:34 . 2007-12-01 19:34 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-11-26 01:52 . 2007-11-26 17:37 <DIR> d-------- C:\Program Files\Common Files\rkkw
2007-11-23 21:10 . 2007-11-23 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-23 20:40 . 2007-11-23 20:43 870,128 --a------ C:\WINDOWS\system32\mcs.rma
2007-11-23 20:40 . 2007-11-23 20:43 4 --a------ C:\WINDOWS\system32\454445
2007-11-23 20:36 . 2007-11-24 07:04 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-23 20:35 . 2007-11-23 20:36 <DIR> d-------- C:\Program Files\Common Files\Real
2007-11-23 20:35 . 2007-11-23 20:35 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2007-11-23 20:17 . 2007-11-23 20:17 <DIR> d-------- C:\Program Files\SanDisk
2007-11-23 19:33 . 2007-11-25 01:17 <DIR> d-------- C:\Program Files\Best Buy Rhapsody
2007-11-19 22:41 . 1999-09-04 21:23 91,136 -ra------ C:\WINDOWS\system32\msls2.dll
2007-11-16 14:44 . 2007-11-16 14:44 <DIR> d-------- C:\Program Files\Winamp
2007-11-16 14:44 . 2007-11-16 14:44 <DIR> d-------- C:\Program Files\La
2007-11-07 19:56 . 2007-11-07 19:56 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Move Networks
2007-11-04 00:19 . 2007-11-04 00:41 361 --a------ C:\WINDOWS\system32\koffe
2007-11-04 00:17 . 2007-11-04 00:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Oxin's Style!
2007-11-03 23:37 . 2007-12-01 20:43 108,336 --a------ C:\WINDOWS\system32\mswinsck.ocx
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 05:20 --------- d-----w C:\Program Files\Lx_cats
2007-11-30 04:55 --------- d-----w C:\Program Files\Java
2007-11-28 01:23 --------- d-----w C:\Program Files\Analog Devices
2007-11-26 01:11 --------- d-----w C:\Program Files\Mp3 My Mp3 2.0
2007-11-25 01:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\FrostWire
2007-11-24 04:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-22 02:14 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2007-11-14 04:27 --------- d-----w C:\Program Files\FrostWire
2005-05-14 00:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-07-14 19:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 22:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 05:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2004-01-25 07:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2005-02-28 20:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 07:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"Steam"="C:\Program Files\Steam\Steam.exe" []
"Walgreens PhotoShow Media Manager"="C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe" []
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2004-04-27 14:18]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-11-17 23:24]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-11-17 23:11]
"Counter-Strike Condition Zero Keygen"="C:\Documents and Settings\Owner\Desktop\Counter-Strike Condition Zero Keygen.exe" []
"Counter Strike Stream hack"="C:\Documents and Settings\Owner\Desktop\Counter Strike Stream hack.exe" []
"Counter Strike"="C:\Documents and Settings\Owner\Desktop\Counter Strike.exe" []
"Spy Sweeper 3.2 147 Crack"="C:\Documents and Settings\Owner\Desktop\Spy Sweeper 3.2 147 Crack.exe" []
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 04:09]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"MP10_EnsureFileVer"="C:\WINDOWS\inf\unregmp2.exe" [2004-08-04 04:00]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" [2007-11-15 03:02]
S3 FA101;NETGEAR FA101 USB Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\FA101ND5.SYS
S3 iscFlash;iscFlash;\??\C:\WINDOWS\SYSTEM32\DRIVERS\iscflash.sys
S3 RenameMe;RenameMe;\??\C:\WINDOWS\system32\RenameMe.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1263e66-56a0-11dc-8aaf-000347d64388}]
\Shell\AutoRun\command - F:\PortableVault.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B33E3675-F7C0-F095-EF05-FA01200FE904}]
C:\WINDOWS\system32\svhost.exe
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 22:12:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-01 22:13:35
C:\ComboFix2.txt ... 2007-12-01 21:22
.
--- E O F ---
HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:32 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Counter-Strike Condition Zero Keygen] C:\Documents and Settings\Owner\Desktop\Counter-Strike Condition Zero Keygen.exe
O4 - HKLM\..\Run: [Counter Strike Stream hack] C:\Documents and Settings\Owner\Desktop\Counter Strike Stream hack.exe
O4 - HKLM\..\Run: [Counter Strike] C:\Documents and Settings\Owner\Desktop\Counter Strike.exe
O4 - HKLM\..\Run: [Spy Sweeper 3.2 147 Crack] C:\Documents and Settings\Owner\Desktop\Spy Sweeper 3.2 147 Crack.exe
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Walgreens PhotoShow Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
--
End of file - 4614 bytes
ComboFix 07-12-02.5 - Owner 2007-12-01 22:10:53.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.449 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico
C:\WINDOWS\system32\everybodybets.32x32.4.ico
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico
C:\WINDOWS\system32\everybodybets.32x32.4.ico
.
((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.
2007-12-01 20:28 . 2007-12-01 20:28 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-01 19:34 . 2007-12-01 19:35 <DIR> d-------- C:\Program Files\SpyNoMore
2007-12-01 19:34 . 2007-12-01 19:34 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-11-26 01:52 . 2007-11-26 17:37 <DIR> d-------- C:\Program Files\Common Files\rkkw
2007-11-23 21:10 . 2007-11-23 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-23 20:40 . 2007-11-23 20:43 870,128 --a------ C:\WINDOWS\system32\mcs.rma
2007-11-23 20:40 . 2007-11-23 20:43 4 --a------ C:\WINDOWS\system32\454445
2007-11-23 20:36 . 2007-11-24 07:04 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-23 20:35 . 2007-11-23 20:36 <DIR> d-------- C:\Program Files\Common Files\Real
2007-11-23 20:35 . 2007-11-23 20:35 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2007-11-23 20:17 . 2007-11-23 20:17 <DIR> d-------- C:\Program Files\SanDisk
2007-11-23 19:33 . 2007-11-25 01:17 <DIR> d-------- C:\Program Files\Best Buy Rhapsody
2007-11-19 22:41 . 1999-09-04 21:23 91,136 -ra------ C:\WINDOWS\system32\msls2.dll
2007-11-16 14:44 . 2007-11-16 14:44 <DIR> d-------- C:\Program Files\Winamp
2007-11-16 14:44 . 2007-11-16 14:44 <DIR> d-------- C:\Program Files\La
2007-11-07 19:56 . 2007-11-07 19:56 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Move Networks
2007-11-04 00:19 . 2007-11-04 00:41 361 --a------ C:\WINDOWS\system32\koffe
2007-11-04 00:17 . 2007-11-04 00:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Oxin's Style!
2007-11-03 23:37 . 2007-12-01 20:43 108,336 --a------ C:\WINDOWS\system32\mswinsck.ocx
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 05:20 --------- d-----w C:\Program Files\Lx_cats
2007-11-30 04:55 --------- d-----w C:\Program Files\Java
2007-11-28 01:23 --------- d-----w C:\Program Files\Analog Devices
2007-11-26 01:11 --------- d-----w C:\Program Files\Mp3 My Mp3 2.0
2007-11-25 01:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\FrostWire
2007-11-24 04:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-22 02:14 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2007-11-14 04:27 --------- d-----w C:\Program Files\FrostWire
2005-05-14 00:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-07-14 19:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 22:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 05:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2004-01-25 07:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2005-02-28 20:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 07:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"Steam"="C:\Program Files\Steam\Steam.exe" []
"Walgreens PhotoShow Media Manager"="C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe" []
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2004-04-27 14:18]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-11-17 23:24]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-11-17 23:11]
"Counter-Strike Condition Zero Keygen"="C:\Documents and Settings\Owner\Desktop\Counter-Strike Condition Zero Keygen.exe" []
"Counter Strike Stream hack"="C:\Documents and Settings\Owner\Desktop\Counter Strike Stream hack.exe" []
"Counter Strike"="C:\Documents and Settings\Owner\Desktop\Counter Strike.exe" []
"Spy Sweeper 3.2 147 Crack"="C:\Documents and Settings\Owner\Desktop\Spy Sweeper 3.2 147 Crack.exe" []
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 04:09]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"MP10_EnsureFileVer"="C:\WINDOWS\inf\unregmp2.exe" [2004-08-04 04:00]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" [2007-11-15 03:02]
S3 FA101;NETGEAR FA101 USB Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\FA101ND5.SYS
S3 iscFlash;iscFlash;\??\C:\WINDOWS\SYSTEM32\DRIVERS\iscflash.sys
S3 RenameMe;RenameMe;\??\C:\WINDOWS\system32\RenameMe.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1263e66-56a0-11dc-8aaf-000347d64388}]
\Shell\AutoRun\command - F:\PortableVault.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B33E3675-F7C0-F095-EF05-FA01200FE904}]
C:\WINDOWS\system32\svhost.exe
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 22:12:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-01 22:13:35
C:\ComboFix2.txt ... 2007-12-01 21:22
.
--- E O F ---
HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:32 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Counter-Strike Condition Zero Keygen] C:\Documents and Settings\Owner\Desktop\Counter-Strike Condition Zero Keygen.exe
O4 - HKLM\..\Run: [Counter Strike Stream hack] C:\Documents and Settings\Owner\Desktop\Counter Strike Stream hack.exe
O4 - HKLM\..\Run: [Counter Strike] C:\Documents and Settings\Owner\Desktop\Counter Strike.exe
O4 - HKLM\..\Run: [Spy Sweeper 3.2 147 Crack] C:\Documents and Settings\Owner\Desktop\Spy Sweeper 3.2 147 Crack.exe
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Walgreens PhotoShow Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
--
End of file - 4614 bytes
Hey.radiofriendly
Feedback how is the PC, now any better or the same.
Gogo
Feedback how is the PC, now any better or the same.
Gogo
i haven't had any outerinfo pop-ups yet so better i guess. but i still have a black background of the text on my desktop files which appeared when i first got the virus. is it from the virus?
Hey.radiofriendly
1. Right click desktop>Properties>Desktop>Customize desktop>Web ---- unselect anything checked in there
then
2. Right click My Computer>Properties>Advanced-- Under Performance > Settings > scroll down and look for use drop shadows for icon labels. Maybe try to disable it then enable it. Or do step 2 first..turning off drop shadows then go back to 1, then turn them on again...
Gogo
1. Right click desktop>Properties>Desktop>Customize desktop>Web ---- unselect anything checked in there
then
2. Right click My Computer>Properties>Advanced-- Under Performance > Settings > scroll down and look for use drop shadows for icon labels. Maybe try to disable it then enable it. Or do step 2 first..turning off drop shadows then go back to 1, then turn them on again...
Gogo
Hey.radiofriendly
Feedback did this help or do we have a problem.
Gogo
Feedback did this help or do we have a problem.
Gogo
thanks a lot! 
it helped. no more problems.
it helped. no more problems.
Hi.radiofriendly
Next get this done for me.
Start --> Run, and type Combofix /u in the box that appears. Click OK afterwards. Notice the space between the X and the /u It needs to be there.
===================
For Internet Explorer 7
====================
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
====================
Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
a. Change the Download signed ActiveX controls to Prompt
b. Change the Download unsigned ActiveX controls to Disable
c . Change the Initialize and script ActiveX controls not marked as safe to Disable
d. Change the Installation of desktop items to Prompt
e. Change the Launching programs and files in an IFRAME to Prompt
f. Change the Navigate sub-frames across different domains to Prompt
g. When all these settings have been made, click on the OK button.
h. If it prompts you as to whether or not you want to save the settings, press the Yes button.
5. Next press the Apply button and then the OK to exit the Internet Properties page.
====================
Then get back to me, Till me if you had any problems doing above.
Gogo
Next get this done for me.
Start --> Run, and type Combofix /u in the box that appears. Click OK afterwards. Notice the space between the X and the /u It needs to be there.
===================
For Internet Explorer 7
- Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete... under Browsing History.
Next to Temporary Internet Files, click Delete files, and then click OK.
Next to Cookies, click Delete cookies, and then click OK.
Next to History, click Delete history, and then click OK.
Click the Close button.
Click OK.
====================
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
====================
Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
a. Change the Download signed ActiveX controls to Prompt
b. Change the Download unsigned ActiveX controls to Disable
c . Change the Initialize and script ActiveX controls not marked as safe to Disable
d. Change the Installation of desktop items to Prompt
e. Change the Launching programs and files in an IFRAME to Prompt
f. Change the Navigate sub-frames across different domains to Prompt
g. When all these settings have been made, click on the OK button.
h. If it prompts you as to whether or not you want to save the settings, press the Yes button.
5. Next press the Apply button and then the OK to exit the Internet Properties page.
====================
Then get back to me, Till me if you had any problems doing above.
Gogo
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.