| jimmyf |
| (regular) |
| Fri Feb 15 2008 02:31 PM |
Re: help with father-in-laws hijack this log please
|
hi joe
here is the new log
ComboFix 08-02-14.2 - david douglas 2008-02-15 14:17:53.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.291 [GMT 0:00]
Running from: C:\Documents and Settings\david douglas\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.
2008-02-14 12:45 . 2008-02-15 12:40 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-14 10:31 . 2008-02-14 10:31 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-02-14 10:31 . 2008-02-14 10:31 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-02-14 10:30 . 2008-02-14 13:07 <DIR> d-------- C:\Documents and Settings\david douglas\Application Data\SiteAdvisor
2008-02-14 10:30 . 2008-02-14 10:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-02-14 10:30 . 2008-02-14 10:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-14 10:22 . 2008-02-14 10:25 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-13 20:08 . 2008-02-13 20:08 0 --a------ C:\WINDOWS\SETUP32.INI
2008-02-13 19:55 . 2008-02-13 19:55 <DIR> d-------- C:\Program Files\directx
2008-02-13 19:51 . 2008-02-13 19:51 36 --a------ C:\WINDOWS\Tiny_Run.ini
2008-02-13 19:49 . 2008-02-13 19:49 <DIR> d-------- C:\Program Files\Zoo
2008-02-13 19:49 . 2004-02-20 22:20 131,072 -ra------ C:\WINDOWS\system32\duninstall.exe
2008-02-13 19:49 . 2008-02-13 19:49 47 --a------ C:\WINDOWS\1.0
2008-02-12 16:55 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-12 16:54 . 2008-02-12 16:55 <DIR> d-------- C:\Program Files\Java
2008-02-12 16:19 . 2008-02-12 16:19 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-12 12:11 . 2008-02-12 12:11 <DIR> d-------- C:\Program Files\ToniArts
2008-02-12 10:53 . 2008-02-12 10:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-11 17:31 . 2008-02-11 17:31 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-11 17:31 . 2008-02-11 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-11 11:29 . 2008-02-11 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-02-10 20:49 . 2008-02-10 20:49 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-10 20:49 . 2008-02-10 20:49 <DIR> d-------- C:\Documents and Settings\david douglas\Application Data\Spybot - Search & Destroy
2008-02-10 20:49 . 2008-02-11 19:17 <DIR> d-------- C:\Documents and Settings\david douglas\Application Data\AVG7
2008-02-10 20:48 . 2008-02-10 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-10 19:10 . 2008-02-10 19:10 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-10 19:08 . 2008-02-10 19:08 <DIR> d-------- C:\Program Files\Yahoo!
2008-02-10 19:06 . 2008-02-10 19:06 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-10 18:32 . 2008-02-11 13:05 <DIR> d-------- C:\Program Files\a-squared Free
2008-02-10 18:17 . 2008-02-15 14:11 <DIR> d-------- C:\Program Files\Trojan Remover
2008-02-10 18:17 . 2008-02-10 18:17 <DIR> d-------- C:\Documents and Settings\david douglas\Application Data\Simply Super Software
2008-02-10 18:17 . 2008-02-12 20:20 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-10 18:17 . 2008-02-10 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-02-10 18:17 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-02-10 18:17 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-02-10 18:17 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-02-10 18:17 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-02-10 18:17 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-02-10 18:14 . 2008-02-10 18:14 <DIR> d-------- C:\Program Files\AML Products
2008-02-10 18:14 . 1998-12-24 20:23 40,960 --a------ C:\WINDOWS\system32\VBAME.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 12:30 --------- d-----w C:\Program Files\BitComet
2008-02-14 08:56 --------- d-----w C:\Program Files\Dl_cats
2008-02-14 08:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-11 10:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-10 19:15 --------- d-----w C:\Documents and Settings\david douglas\Application Data\Lavasoft
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 18:09 68856]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 21:46 135168]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 23:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 23:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 23:10 114688]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 19:36 729178]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-12-09 13:58 86016]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-11-19 10:39 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-19 10:40 98304]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"dlcdmon.exe"="C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-07-22 07:45 430080]
"MemoryCardManager"="" []
"BTopenworld"="c:\program files\bt yahoo! internet\DialBTYahoo.exe" [2007-10-14 13:10 333472]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 18:40 2577632]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-11 10:25 579072]
"DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-06-07 06:39 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-11-11 13:42 726608]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-12-04 21:03 36640]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 01:17 443968]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-10 20:49 219136]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, append.dll
R3 dlcd_device;dlcd_device;C:\WINDOWS\system32\dlcdcoms.exe [2005-06-21 08:19]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 16:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 16:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 16:59]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 14:19:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-15 14:20:20
ComboFix-quarantined-files.txt 2008-02-15 14:20:03
ComboFix2.txt 2008-02-12 17:29:03
.
2008-02-15 12:40:56 --- E O F ---
the computer is running 100 times better,maintaining internet connection, desktop has been restored and various virus/trojan/malware scans have shown nothing.
when i first tried to drag CFScript.txt into combofix it told me combofix had expired,so i had to download it again - not sure if that caused any problems.
thanks for all your time in this.
cheers
jim