The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

Reoccuring dbgen.dll file

Posted 1/7/2008 6:25 AM
#58299
User avatar

Bob Francis Valued member

Date Joined Nov 2016
Total Posts: 15
G'day Touch,
AVG keeps finding a dbgen.dll file. Here is my Hijackthis.log, Combo.txt and Rootlog.txt files. I initially couldn't upload the Combo and Rootlog files so i renamed them as .log files.



Regards



Bob
Post attachments:
Posted 1/7/2008 6:35 AM
#58301
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello Bob Francis :smile:




Please post the logs, using post reply button, as it is confusing (for Me) having three log´s open at the same time

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/7/2008 11:19 AM
#58311
User avatar

Bob Francis Valued member

Date Joined Nov 2016
Total Posts: 15
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:00 PM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\andy\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://au.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.27.11.1:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZKxdm098YYAU
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199671789625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199672323546
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - https://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 6357 bytes
Posted 1/7/2008 11:27 AM
#58313
User avatar

Bob Francis Valued member

Date Joined Nov 2016
Total Posts: 15
ComboFix 08-01-04.1 - andy 2008-01-07 15:57:08.2 - [color=red]FAT32[/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.635 [GMT 10.5:30]
Running from: C:\Documents and Settings\andy\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
.

2008-01-07 15:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 12:46 . 2008-01-07 12:46 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-07 12:41 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-06 23:36 . 2008-01-06 23:36 <DIR> d-------- C:\Documents and Settings\andy\DoctorWeb
2008-01-06 13:31 . 2008-01-06 13:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-06 13:31 . 2008-01-06 13:31 <DIR> d-------- C:\Documents and Settings\andy\Application Data\SUPERAntiSpyware.com
2008-01-06 13:31 . 2008-01-06 13:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-06 12:46 . 2008-01-06 12:46 <DIR> d-------- C:\Documents and Settings\andy\Application Data\AVG7
2008-01-06 12:45 . 2008-01-06 12:45 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-06 11:22 . 2008-01-06 11:22 <DIR> d-------- C:\Documents and Settings\andy\Application Data\Grisoft
2008-01-06 11:22 . 2008-01-06 11:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-06 11:22 . 2007-05-30 22:40 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-06 04:32 . 2008-01-06 04:32 <DIR> d-------- C:\WINDOWS\PrimoPDF
2008-01-06 04:32 . 2008-01-06 04:32 <DIR> d-------- C:\Program Files\activePDF
2008-01-06 04:32 . 2006-12-12 06:42 176,235 --a------ C:\WINDOWS\system32\Primomonnt.dll
2008-01-05 21:09 . 2008-01-05 21:09 <DIR> d-------- C:\Documents and Settings\andy\Application Data\PC Tools
2008-01-05 15:52 . 2008-01-05 15:52 <DIR> d-------- C:\Program Files\Mp3 My Mp3 2.0
2008-01-05 15:00 . 2008-01-05 15:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 13:35 . 2008-01-05 13:35 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-05 13:35 . 2008-01-05 13:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-05 13:35 . 2008-01-05 13:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-03 18:39 . 2008-01-03 18:39 <DIR> d-------- C:\Documents and Settings\andy\Application Data\LG Electronics
2008-01-03 18:35 . 2008-01-03 18:36 <DIR> d-------- C:\Program Files\LG Electronics
2008-01-03 18:35 . 2005-06-24 18:36 39,036 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
2008-01-03 18:35 . 2005-05-26 11:01 38,144 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
2008-01-03 18:35 . 2005-05-26 11:01 21,344 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
2007-12-25 01:27 . 2007-12-25 01:27 0 --a------ C:\2A.tmp
2007-12-25 01:27 . 2007-12-25 01:27 0 --a------ C:\29.tmp
2007-12-25 01:27 . 2007-12-25 01:27 0 --a------ C:\28.tmp
2007-12-25 01:27 . 2007-12-25 01:27 0 --a------ C:\27.tmp
2007-12-25 01:27 . 2007-12-25 01:27 0 --a------ C:\26.tmp
2007-12-25 01:27 . 2007-12-25 01:27 0 --a------ C:\25.tmp
2007-12-25 01:25 . 2007-12-25 01:25 0 --a------ C:\F.tmp
2007-12-25 01:25 . 2007-12-25 01:25 0 --a------ C:\E.tmp
2007-12-25 01:25 . 2007-12-25 01:26 0 --a------ C:\16.tmp
2007-12-25 01:25 . 2007-12-25 01:25 0 --a------ C:\15.tmp
2007-12-25 01:25 . 2007-12-25 01:25 0 --a------ C:\14.tmp
2007-12-25 01:25 . 2007-12-25 01:25 0 --a------ C:\13.tmp
2007-12-25 01:25 . 2007-12-25 01:25 0 --a------ C:\12.tmp
2007-12-25 01:25 . 2007-12-25 01:25 0 --a------ C:\10.tmp
2007-12-24 00:21 . 2007-12-24 00:21 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Winamp
2007-12-16 21:31 . 2007-12-16 21:31 <DIR> d-------- C:\Documents and Settings\andy\Shared
2007-12-16 21:31 . 2007-12-16 21:31 <DIR> d-------- C:\Documents and Settings\andy\Incomplete
2007-12-16 21:30 . 2007-12-16 21:30 <DIR> d-------- C:\Program Files\LimeWire
2007-12-16 21:29 . 2007-12-16 21:29 <DIR> d-------- C:\Documents and Settings\andy\.limewire
2007-12-15 00:19 . 2007-12-15 00:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-14 07:51 . 2007-12-14 07:51 <DIR> d-------- C:\Program Files\Google
2007-12-09 09:17 . 2007-12-09 09:17 <DIR> d-------- C:\Program Files\CCleaner
2007-12-08 09:31 . 2007-12-08 09:31 <DIR> d-------- C:\Documents and Settings\andy\Application Data\Apple Computer
2007-12-08 09:29 . 2007-12-25 02:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-08 09:29 . 2007-12-08 09:29 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-08 09:28 . 2007-12-08 09:28 <DIR> d-------- C:\Program Files\QuickTime
2007-12-08 09:28 . 2007-12-08 09:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-08 09:28 . 2007-12-08 09:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 09:41 --------- d-----w C:\Program Files\DivX
2007-12-04 09:29 --------- d-----w C:\Program Files\SlySoft
2007-12-04 09:27 --------- d-----w C:\Documents and Settings\andy\Application Data\Snapfish
2007-11-30 11:34 --------- d-----w C:\Program Files\Winamp
2007-11-30 11:34 --------- d-----w C:\Documents and Settings\andy\Application Data\Winamp
.

((((((((((((((((((((((((((((( [url=snapshot@2008-01-07_15.26.06.37]snapshot@2008-01-07_15.26.06.37[/url] )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-30 21:30:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-27 15:22 4670968]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-08-23 07:22 110592]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 15:56 761945]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 17:46 90112]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 19:55 6731312]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-06 12:45 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-06 12:45 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^andy^Start Menu^Programs^Startup^Drempels Desktop.lnk]
path=C:\Documents and Settings\andy\Start Menu\Programs\Startup\Drempels Desktop.lnk
backup=C:\WINDOWS\pss\Drempels Desktop.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^andy^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\andy\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2007-12-04 20:10 470016 --a------ C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
2003-10-28 12:24 16384 --------- C:\Program Files\D-Link\DSL-200\dslagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLSTATEXE]
C:\Program Files\D-Link\DSL-200\dslstat.exe icon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\i-Handbook]
C:\Program Files\Schlumberger\i-Handbook\i-Handbook.exe /i

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 16:40 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
2006-12-29 16:22 3429904 --a------ C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
2005-02-26 09:58 212992 --a------ C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-08-07 14:41 573440 --a------ C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
I:\Program Files\Spyware Doctor\swdoctor.exe /Q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2007-05-01 09:29 1318128 --a------ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"tmproxy"=2 (0x2)
"TmPfw"=2 (0x2)
"Tmntsrv"=2 (0x2)
"PhotoshopElementsDeviceConnect"=2 (0x2)
"PcScnSrv"=3 (0x3)
"PcCtlCom"=2 (0x2)
"AdobeActiveFileMonitor"=2 (0x2)
"aawservice"=2 (0x2)

S4 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 04:47]
S4 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 03:40]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-11 10:13:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-01-07 15:58:31
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-07 15:58:53
ComboFix-quarantined-files.txt 2008-01-07 05:28:52
ComboFix2.txt 2008-01-07 04:56:20
Posted 1/7/2008 11:28 AM
#58314
User avatar

Bob Francis Valued member

Date Joined Nov 2016
Total Posts: 15
********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
Mon 01/07/2008 15:56:04.51
The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-01-07 15:56:04
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...
IPC error: 2 The system cannot find the file specified.

hidden processes: 0
hidden services: 0
hidden files: 0


Thanx
Posted 1/7/2008 12:15 PM
#58315
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Open notepad and copy/paste the text in the quote box below into it:

Quote:

-----------------------------------------------------

KILLALL::



Snapshot::



File::

C:\WINDOWS\system32\dbgen.dll
C:\2A.tmp
C:\29.tmp
C:\28.tmp

C:\27.tmp

C:\26.tmp

C:\25.tmp

C:\F.tmp

C:\E.tmp

C:\16.tmp

C:\15.tmp

C:\14.tmp

C:\13.tmp

C:\12.tmp

C:\10.tmp



----------------------------------------------



Save this as CFScript.txt



https://www.fromsej.saknet.dk/billeder/cfscript.gif



Referring to the picture above, drag CFScript.txt into ComboFix.exe.

ComboFix will now run a scan on your system.

It may reboot your system when it finishes. This is normal.




Post new hijackthis log along with fresh combofix log and tell how things are running now ?


[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/8/2008 1:44 AM
#58337
User avatar

Bob Francis Valued member

Date Joined Nov 2016
Total Posts: 15
Here's are the log files the Combo fix


ComboFix 08-01-04.1 - andy 2008-01-08 11:56:11.3 - [color=red]FAT32[/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.602 [GMT 10.5:30]
Running from: C:\Documents and Settings\andy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\andy\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\10.tmp
C:\12.tmp
C:\13.tmp
C:\14.tmp
C:\15.tmp
C:\16.tmp
C:\25.tmp
C:\26.tmp
C:\27.tmp
C:\28.tmp
C:\29.tmp
C:\2A.tmp
C:\E.tmp
C:\F.tmp
C:\WINDOWS\system32\dbgen.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\10.tmp
C:\12.tmp
C:\13.tmp
C:\14.tmp
C:\15.tmp
C:\16.tmp
C:\25.tmp
C:\26.tmp
C:\27.tmp
C:\28.tmp
C:\29.tmp
C:\2A.tmp
C:\E.tmp
C:\F.tmp

.
((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 )))))))))))))))))))))))))))))))
.

2008-01-08 01:43 . 2008-01-08 01:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-08 01:38 . 2008-01-08 01:38 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-01-08 01:35 . 2008-01-08 01:36 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-01-07 15:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 12:46 . 2008-01-07 12:46 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-07 12:41 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-06 23:36 . 2008-01-06 23:36 <DIR> d-------- C:\Documents and Settings\andy\DoctorWeb
2008-01-06 13:31 . 2008-01-06 13:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-06 13:31 . 2008-01-06 13:31 <DIR> d-------- C:\Documents and Settings\andy\Application Data\SUPERAntiSpyware.com
2008-01-06 13:31 . 2008-01-06 13:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-06 12:46 . 2008-01-06 12:46 <DIR> d-------- C:\Documents and Settings\andy\Application Data\AVG7
2008-01-06 12:45 . 2008-01-06 12:45 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-06 11:22 . 2008-01-06 11:22 <DIR> d-------- C:\Documents and Settings\andy\Application Data\Grisoft
2008-01-06 11:22 . 2008-01-06 11:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-06 11:22 . 2007-05-30 22:40 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-06 04:32 . 2008-01-06 04:32 <DIR> d-------- C:\WINDOWS\PrimoPDF
2008-01-06 04:32 . 2008-01-06 04:32 <DIR> d-------- C:\Program Files\activePDF
2008-01-06 04:32 . 2006-12-12 06:42 176,235 --a------ C:\WINDOWS\system32\Primomonnt.dll
2008-01-05 21:09 . 2008-01-05 21:09 <DIR> d-------- C:\Documents and Settings\andy\Application Data\PC Tools
2008-01-05 15:52 . 2008-01-05 15:52 <DIR> d-------- C:\Program Files\Mp3 My Mp3 2.0
2008-01-05 15:00 . 2008-01-05 15:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 13:35 . 2008-01-05 13:35 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-05 13:35 . 2008-01-05 13:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-05 13:35 . 2008-01-05 13:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-03 18:39 . 2008-01-03 18:39 <DIR> d-------- C:\Documents and Settings\andy\Application Data\LG Electronics
2008-01-03 18:35 . 2008-01-03 18:36 <DIR> d-------- C:\Program Files\LG Electronics
2008-01-03 18:35 . 2005-06-24 18:36 39,036 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
2008-01-03 18:35 . 2005-05-26 11:01 38,144 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
2008-01-03 18:35 . 2005-05-26 11:01 21,344 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
2007-12-24 00:21 . 2007-12-24 00:21 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Winamp
2007-12-16 21:31 . 2007-12-16 21:31 <DIR> d-------- C:\Documents and Settings\andy\Shared
2007-12-16 21:31 . 2007-12-16 21:31 <DIR> d-------- C:\Documents and Settings\andy\Incomplete
2007-12-16 21:30 . 2007-12-16 21:30 <DIR> d-------- C:\Program Files\LimeWire
2007-12-16 21:29 . 2007-12-16 21:29 <DIR> d-------- C:\Documents and Settings\andy\.limewire
2007-12-15 00:19 . 2007-12-15 00:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-14 07:51 . 2007-12-14 07:51 <DIR> d-------- C:\Program Files\Google
2007-12-09 09:17 . 2007-12-09 09:17 <DIR> d-------- C:\Program Files\CCleaner
2007-12-08 09:31 . 2007-12-08 09:31 <DIR> d-------- C:\Documents and Settings\andy\Application Data\Apple Computer
2007-12-08 09:29 . 2007-12-25 02:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-08 09:29 . 2007-12-08 09:29 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-08 09:28 . 2007-12-08 09:28 <DIR> d-------- C:\Program Files\QuickTime
2007-12-08 09:28 . 2007-12-08 09:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-08 09:28 . 2007-12-08 09:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 09:41 --------- d-----w C:\Program Files\DivX
2007-12-04 09:29 --------- d-----w C:\Program Files\SlySoft
2007-12-04 09:27 --------- d-----w C:\Documents and Settings\andy\Application Data\Snapfish
2007-11-30 11:34 --------- d-----w C:\Program Files\Winamp
2007-11-30 11:34 --------- d-----w C:\Documents and Settings\andy\Application Data\Winamp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-27 15:22 4670968]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-08-23 07:22 110592]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 15:56 761945]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 17:46 90112]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 19:55 6731312]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-06 12:45 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-06 12:45 219136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^andy^Start Menu^Programs^Startup^Drempels Desktop.lnk]
path=C:\Documents and Settings\andy\Start Menu\Programs\Startup\Drempels Desktop.lnk
backup=C:\WINDOWS\pss\Drempels Desktop.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^andy^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\andy\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2007-12-04 20:10 470016 --a------ C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
2003-10-28 12:24 16384 --------- C:\Program Files\D-Link\DSL-200\dslagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLSTATEXE]
C:\Program Files\D-Link\DSL-200\dslstat.exe icon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\i-Handbook]
C:\Program Files\Schlumberger\i-Handbook\i-Handbook.exe /i

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 16:40 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
2006-12-29 16:22 3429904 --a------ C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
2005-02-26 09:58 212992 --a------ C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-08-07 14:41 573440 --a------ C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
I:\Program Files\Spyware Doctor\swdoctor.exe /Q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2007-05-01 09:29 1318128 --a------ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"tmproxy"=2 (0x2)
"TmPfw"=2 (0x2)
"Tmntsrv"=2 (0x2)
"PhotoshopElementsDeviceConnect"=2 (0x2)
"PcScnSrv"=3 (0x3)
"PcCtlCom"=2 (0x2)
"AdobeActiveFileMonitor"=2 (0x2)
"aawservice"=2 (0x2)

S4 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 04:47]
S4 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 03:40]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-11 10:13:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-01-08 11:58:50
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-08 12:00:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-08 01:30:50
ComboFix3.txt 2008-01-07 04:56:20
ComboFix2.txt 2008-01-07 05:28:56
Posted 1/8/2008 1:51 AM
#58338
User avatar

Bob Francis Valued member

Date Joined Nov 2016
Total Posts: 15
and the Hijackthis log. Can we delete the tmp files mentioned?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:16 PM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\andy\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://au.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://au.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://au.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZKxdm098YYAU
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199671789625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199672323546
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - https://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 6976 bytes
Posted 1/8/2008 3:08 AM
#58345
User avatar

Bob Francis Valued member

Date Joined Nov 2016
Total Posts: 15
Touch things seem to be going well give it time and i'll know more
Regards n Hanx again



Bob
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Wednesday, August 10, 2022, 3:53 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
27 Guest(s), 0 Registered Member(s) are currently online.