'[email protected] is anyone out there

wompum13 · October 8, 2006

Dont laugh at me if I gave you incorrect info , maybe not a router its a gateway modem. I know us unknowledgable ones, we are the ones that keep these walware jerks going. Please correct if Im wrong. Im sure your ready to kill me. :unsure:

jurgenv · October 9, 2006

Do you have your cd-rom from windows XP?

wompum13 · October 9, 2006

Yes I do. Today Im leaveing on family emergency. Grandfather past. I will return Thursday to continue. Im sorry. Thank you again for all your help I will look for you then.

jurgenv · October 9, 2006

Grandfather past.

I'm so sorry. :unsure:

Take your time!

wompum13 · October 13, 2006

Hey there Im back, so to continue. It appears that we have removed several Trojans and a couple high risk ones cant remember what they were called anyways computer still takes 5 hundred years to boot up and is still getting hung up on programs and freezing. Please help you have been just the best again thank you for everything.

jurgenv · October 13, 2006

1. Download this file - combofix.exe

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log in your next reply

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

wompum13 · October 13, 2006

Here ya go...

Kristie - 06-10-13 11:35:18.42 Service Pack 2

ComboFix 06.10.14 - Running from: "C:\Documents and Settings\Kristie\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-13 to 2006-10-13 ))))))))))))))))))))))))))))))))))

2006-10-09 08:46 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys

2006-10-09 08:46 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys

2006-10-09 08:46 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys

2006-10-09 08:46 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys

2006-10-09 08:46 23,104 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys

2006-10-08 05:31 53,248 --a------ C:\WINDOWS\system32\Process.exe

2006-10-08 05:31 40,960 --a------ C:\WINDOWS\system32\swsc.exe

2006-10-08 05:31 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2006-10-08 05:31 135,168 --a------ C:\WINDOWS\system32\swreg.exe

2006-09-29 05:31 78,488 --a------ C:\WINDOWS\system32\XMD5.dll

2006-09-29 05:31 101,888 --a------ C:\WINDOWS\system32\vb6stkit.dll

2006-09-28 22:51 19,328 -ra------ C:\WINDOWS\system32\drivers\IABFilt.sys

2006-09-28 22:42 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-12 14:14 -------- d-------- C:\Program Files\Windows Live Favorites

2006-10-09 11:49 -------- d-------- C:\Program Files\ewido anti-spyware 4.0

2006-10-09 08:46 -------- d-------- C:\Documents and Settings\Kristie\Application Data\AVG7

2006-10-08 12:44 -------- d-------- C:\Program Files\Java

2006-10-08 12:44 -------- d-------- C:\Program Files\Common Files\Java

2006-10-08 12:39 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Sun

2006-10-04 23:08 -------- d-------- C:\Program Files\Hijackthis

2006-10-02 17:06 -------- d-------- C:\Program Files\Grisoft

2006-10-01 12:59 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Lavasoft

2006-10-01 12:58 -------- d-------- C:\Program Files\Lavasoft

2006-09-28 22:46 -------- d-------- C:\Program Files\Iomega

2006-09-28 15:53 -------- d-------- C:\Program Files\Windows Live Toolbar

2006-09-28 00:10 -------- d-------- C:\Program Files\MSN Messenger

2006-09-27 23:43 -------- d-------- C:\Documents and Settings\Kristie\Application Data\MSNInstaller

2006-09-26 07:00 -------- dr------- C:\Program Files\Support.com

2006-09-21 17:27 -------- d-------- C:\Program Files\Disney Interactive

2006-09-16 20:52 -------- d-------- C:\Program Files\exPressit S.E. 2.1

2006-09-12 22:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

2006-09-11 22:50 -------- d-------- C:\Program Files\Ubi Soft

2006-09-11 22:47 -------- d-------- C:\Program Files\QuickTime

2006-09-10 19:24 -------- d-------- C:\Program Files\Ubisoft

2006-09-10 11:36 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

2006-09-10 11:30 -------- d-------- C:\Program Files\Common Files\InstallShield

2006-09-09 21:26 -------- d-------- C:\Program Files\Sports Mogul

2006-09-09 21:10 -------- d-------- C:\Program Files\Baseball Mogul 2007

2006-09-07 23:09 -------- d-------- C:\Program Files\Drivers

2006-09-07 22:40 -------- d-------- C:\Program Files\Sierra On-Line

2006-09-06 13:38 -------- d-------- C:\Program Files\msn gaming zone

2006-09-04 19:38 -------- d-------- C:\Program Files\motherboard

2006-09-03 16:49 -------- d-------- C:\Program Files\Games

2006-08-31 23:36 -------- d-------- C:\Program Files\Plus!

2006-08-31 23:34 -------- d-------- C:\Program Files\Desktop Architect

2006-08-27 22:44 -------- d-------- C:\Documents and Settings\Kristie\Application Data\AdobeUM

2006-08-27 22:26 -------- d-------- C:\Program Files\Adobe

2006-08-27 21:12 -------- d-------- C:\Program Files\Themes

2006-08-26 18:48 -------- d-------- C:\Program Files\musicmatch

2006-08-26 15:21 -------- d-------- C:\Program Files\Common Files\Adobe

2006-08-26 15:21 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Adobe

2006-08-26 14:49 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Macromedia

2006-08-26 10:34 -------- d-------- C:\Program Files\Yahoo!

2006-08-26 04:32 -------- d-------- C:\Program Files\Microsoft Visual Studio

2006-08-26 04:32 -------- d-------- C:\Program Files\Common Files\Designer

2006-08-26 04:29 -------- d-------- C:\Program Files\Office

2006-08-26 02:53 -------- d-------- C:\Program Files\Everest

2006-08-25 08:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll

2006-08-24 22:49 0 --a------ C:\Documents and Settings\Kristie\Application Data\.googlewebacchosts

2006-08-24 22:31 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Snapfish

2006-08-24 20:28 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Simple Star

2006-08-24 20:24 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Ahead

2006-08-24 20:05 -------- d-------- C:\Program Files\Common Files\Nero

2006-08-24 19:59 -------- d-------- C:\Program Files\Common Files\Ahead

2006-08-24 19:59 -------- d-------- C:\Program Files\Ahead

2006-08-23 00:31 5906432 --------- C:\WINDOWS\system32\ieframe.dll

2006-08-23 00:31 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll

2006-08-23 00:31 457728 --------- C:\WINDOWS\system32\msfeeds.dll

2006-08-23 00:31 413696 --a------ C:\WINDOWS\system32\vbscript.dll

2006-08-23 00:31 225792 --a------ C:\WINDOWS\system32\webcheck.dll

2006-08-23 00:31 175616 --------- C:\WINDOWS\system32\ieui.dll

2006-08-23 00:31 152064 --a------ C:\WINDOWS\system32\msls31.dll

2006-08-23 00:18 78336 --a------ C:\WINDOWS\system32\ieencode.dll

2006-08-23 00:18 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe

2006-08-23 00:17 40448 --a------ C:\WINDOWS\system32\licmgr10.dll

2006-08-23 00:17 105472 --a------ C:\WINDOWS\system32\url.dll

2006-08-23 00:17 100352 --a------ C:\WINDOWS\system32\occache.dll

2006-08-23 00:16 16896 --a------ C:\WINDOWS\system32\corpol.dll

2006-08-23 00:14 378368 --a------ C:\WINDOWS\system32\iedkcs32.dll

2006-08-23 00:14 229376 --a------ C:\WINDOWS\system32\ieaksie.dll

2006-08-23 00:13 71680 --a------ C:\WINDOWS\system32\admparse.dll

2006-08-23 00:13 55296 --a------ C:\WINDOWS\system32\iesetup.dll

2006-08-23 00:13 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe

2006-08-23 00:13 43008 --a------ C:\WINDOWS\system32\iernonce.dll

2006-08-23 00:13 152064 --a------ C:\WINDOWS\system32\ieakeng.dll

2006-08-23 00:13 122880 --a------ C:\WINDOWS\system32\advpack.dll

2006-08-23 00:13 11776 --a------ C:\WINDOWS\system32\ieudinit.exe

2006-08-23 00:11 12288 --------- C:\WINDOWS\system32\msfeedssync.exe

2006-08-23 00:10 61440 --------- C:\WINDOWS\system32\icardie.dll

2006-08-23 00:10 35328 --a------ C:\WINDOWS\system32\imgutil.dll

2006-08-23 00:09 262656 --------- C:\WINDOWS\system32\iertutil.dll

2006-08-23 00:07 45568 --a------ C:\WINDOWS\system32\mshta.exe

2006-08-22 23:37 48128 --a------ C:\WINDOWS\system32\mshtmler.dll

2006-08-22 23:36 380928 --------- C:\WINDOWS\system32\ieapfltr.dll

2006-08-22 23:30 161792 --a------ C:\WINDOWS\system32\ieakui.dll

2006-08-22 05:24 -------- d-------- C:\Documents and Settings\Kristie\Application Data\MSN6

2006-08-22 05:21 -------- d-------- C:\Program Files\Design Science

2006-08-22 05:06 -------- d--h----- C:\Program Files\InstallShield Installation Information

2006-08-22 03:53 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Help

2006-08-22 03:43 -------- d-------- C:\Program Files\Symantec

2006-08-22 03:42 -------- d-------- C:\Program Files\Common Files\Symantec Shared

2006-08-22 03:37 -------- d-------- C:\Program Files\Nortons anti virus

2006-08-22 03:23 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Symantec

2006-08-22 03:15 -------- d-------- C:\Program Files\WinZip

2006-08-22 03:13 -------- d-------- C:\Program Files\ParadisePoker

2006-08-21 17:49 -------- d-------- C:\Program Files\Actiontec

2006-08-21 17:46 -------- d--h----- C:\Program Files\Uninstall Information

2006-08-21 17:46 -------- d-------- C:\Documents and Settings\Kristie\Application Data\Identities

2006-08-21 05:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll

2006-08-21 02:14 23040 --a------ C:\WINDOWS\system32\fltMc.exe

2006-08-21 02:14 128896 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys

2006-08-21 00:23 -------- d-------- C:\Program Files\xerox

2006-08-21 00:23 -------- d-------- C:\Program Files\microsoft frontpage

2006-08-21 00:22 0 -rahs---- C:\MSDOS.SYS

2006-08-21 00:22 0 -rahs---- C:\IO.SYS

2006-08-21 00:22 0 --a------ C:\CONFIG.SYS

2006-08-21 00:22 0 --a------ C:\AUTOEXEC.BAT

2006-08-21 00:16 -------- d--h----- C:\Program Files\WindowsUpdate

2006-08-21 00:14 -------- d-------- C:\Program Files\Common Files\Services

2006-08-21 00:14 -------- d-------- C:\Program Files\Common Files\MSSoap

2006-08-21 00:13 -------- d-------- C:\Program Files\Outlook Express

2006-08-21 00:13 -------- d-------- C:\Program Files\NetMeeting

2006-08-21 00:13 -------- d-------- C:\Program Files\Movie Maker

2006-08-21 00:13 -------- d-------- C:\Program Files\Internet Explorer

2006-08-21 00:13 -------- d-------- C:\Program Files\Common Files\System

2006-08-21 00:08 -------- d-------- C:\Program Files\Windows Media Player

2006-08-21 00:08 -------- d-------- C:\Program Files\Messenger

2006-08-21 00:07 -------- d-------- C:\Program Files\Windows NT

2006-08-21 00:07 -------- d-------- C:\Program Files\MSN

2006-08-20 23:42 -------- d-------- C:\Program Files\Common Files\SpeechEngines

2006-08-20 23:42 -------- d-------- C:\Program Files\Common Files\ODBC

2006-08-20 23:42 -------- d-------- C:\Program Files\Common Files\Microsoft Shared

2006-08-20 23:42 -------- d-------- C:\Program Files\Common Files

2006-08-20 23:41 62 --ahs---- C:\Documents and Settings\Kristie\Application Data\desktop.ini

2006-08-20 23:40 -------- d---s---- C:\Documents and Settings\Kristie\Application Data\Microsoft

2006-08-16 04:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll

2006-08-16 02:37 225664 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys

2006-08-14 03:34 332928 --a------ C:\WINDOWS\system32\drivers\srv.sys

2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll

2006-07-27 06:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-07-21 01:24 72704 --a------ C:\WINDOWS\system32\hlink.dll

2006-07-14 08:51 121856 --------- C:\WINDOWS\system32\xmllite.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"Synchronization Manager"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,\

73,74,65,6d,33,32,5c,6d,6f,62,73,79,6e,63,2e,65,78,65,20,2f,6c,6f,67,6f,6e,\

00

"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"NoChange"="1"

"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000004

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"isamonitor.exe"="C:\\Program Files\\X Password Generator\\isamonitor.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\XoftSpy.job

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

Completion time: 06-10-13 11:37:25.77

C:\ComboFix2.txt ... 06-10-08 06:08

C:\ComboFix.txt ... 06-10-13 11:37

jurgenv · October 13, 2006

Hello, we are going to run System File Checker, to make sure all of your protected files are not corrupt. The scan will automatically replace any corrupt files that it finds.

Click Start

Select Run

At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow.

Typing this will start the program, and a box should appear telling you how much longer the process should take.

Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files:

Hide protected operating system files.

Then rerun the scan. If this still asks you to put in your windows XP CD, and you do not have the CD (If you bought it preinstalled) post back for more tips, otherwise enter Windows CD.

Once the scan is complete:

Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates.

Please reboot, and let me know if anything has changed.

Also, please rehide the protected files:

Hide protected operating system files.

wompum13 · October 13, 2006

So sorry My daughters school just called have to pick her up real quick. Be right back

Seso67 · October 15, 2006

Hey guys,

I am using W2K. I had the same trojan. I downloaded Smithfraud and rebooted using safe mode. Then opened Smithfraudfix folder and ran smithfraudfix.cmd

I selected #2 and confirmed y.

I had also downloaded the safety windows uploads at the same time but had not run the reboot yet. After rebooting basically my pc FROZE. Now it takes forever for any command to execute. I went to safe mode a couple of times but even there commands take ages to execute.

Can anybody please tell me what is going on with my PC and how can I get it fixed?

Many Thanks,

jurgenv · October 15, 2006

Hey guys,

I am using W2K. I had the same trojan. I downloaded Smithfraud and rebooted using safe mode. Then opened Smithfraudfix folder and ran smithfraudfix.cmd

I selected #2 and confirmed y.

I had also downloaded the safety windows uploads at the same time but had not run the reboot yet. After rebooting basically my pc FROZE. Now it takes forever for any command to execute. I went to safe mode a couple of times but even there commands take ages to execute.

Can anybody please tell me what is going on with my PC and how can I get it fixed?

Many Thanks,

Please post a hijackthis log in a new topic.

wompum13 · October 19, 2006

Im so sorry Im back. Been trying to get personal things taken care of. I really have a problem now. First I cant find my XP cd you talked about. 2. computer almost slower than ever. Freezing and forgetting saved passwords. Explorer locking up. Now Im lost

jurgenv · October 19, 2006

One more quick thing there is a program that is listed in my Add & Remove programs in the control panel. I received it fro mour internet provider. Its supposed to help make our connection better. Anyways I had problems with it fro mthe gate so I went ot uninstall it and it conpletely locks up the computer...

I think that this action is causing the problem...

Your hijackthis log looks clean also.

wompum13 · October 20, 2006

Hello again! I kind of thought It did but I also ran a scan with actually two different scanners and one of them came up with a worm called W.HLLW.Gaobot.CA. Also any clue how to get the other program off. When I even use its own uninstall program it comes back with error message cannot complete uninstall please restart computer to continue. Of course thaty doesnt sound right.... What do you think I also have a log from this scan called silent runner ever heard of it. I know I must sound crazy but there is something really wrong. Hard drive light sometimes starts flickering like to the beat of a heart. when theres nothing being done then shuts computer down. Very Scary

jurgenv · October 20, 2006

Post me that log here from silent runners.

wompum13 · October 20, 2006

Here is a current log

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Synchronization Manager" = "C:\WINDOWS\system32\mobsync.exe /logon"

"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Windows Live Sign-in Helper"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Windows Live Toolbar Helper"

\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"

-> {HKLM...CLSID} = "Display Panning CPL Extension"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind"

-> {HKLM...CLSID} = "Microsoft Office Binder Unbind"

\InProcServer32\(Default) = "C:\PROGRA~1\Office\Office\1033\UNBIND.DLL" [MS]

"{08267B21-223F-11d3-ACD4-004F4902B913}" = "Desktop Architect"

-> {HKLM...CLSID} = "Desktop Architect"

\InProcServer32\(Default) = "C:\Program Files\Desktop Architect\dadesk.dll" ["Ken Foster"]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

-> {HKLM...CLSID} = "My Sharing Folders"

\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"

-> {HKLM...CLSID} = "AVG7 Shell Extension Class"

\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"

-> {HKLM...CLSID} = "AVG7 Find Extension Class"

\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"

-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

-> {HKLM...CLSID} = "AVG7 Shell Extension Class"

\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

-> {HKLM...CLSID} = "AVG7 Shell Extension Class"

\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

Group Policies {policy setting}:

--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000

{Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\Theme Kristie.bmp"

Enabled Scheduled Tasks:

------------------------

"Check Updates for Windows Live Toolbar" -> launches: "C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE" [MS]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll" [file not found]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"

-> {HKLM...CLSID} = "Windows Live Toolbar"

\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided)

jurgenv · October 20, 2006

Could you post a new log from combofix with a new hijackthis log?

wompum13 · October 21, 2006

Here are the logs you requested

Kristie - 06-10-20 20:02:08.95 Service Pack 2

ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Kristie\Desktop\Virus fixing progtams"

((((((((((((((((((((((((((((((( Files Created from 2006-09-20 to 2006-10-20 ))))))))))))))))))))))))))))))))))