Tech Support Forum - View Single Post

dangvirus · 07-05-2007, 10:59 AM

same thing Im sorry it is all listed , but anyway here is the first part , I'll have the hijack this in a minute

"dad" - 2007-07-05 12:30:17 - ComboFix 07-07-06 - Service Pack 2

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\cursorcafe.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\cursorcafeA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\FindIt.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\FindItHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\findithotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\finditxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\games.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\gamesA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\Highlight.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\HighlightHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\highlighthotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\highlightxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\logo.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\logoxp.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\moviesA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\Reference.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\ReferenceHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\referencehotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\referencexp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\screensaver.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\screensaverA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\Weather.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\weatherhotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\weatherxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\contexts\error.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\contexts\related.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\contexts\travel.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\images\walertXP.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\ProductMessagingConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\SimpleUpdateConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\TimerManagerConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\TimerManagerConfig.xml.backup
C:\DOCUME~1\dad\APPLIC~1.\Starware
C:\DOCUME~1\dad\APPLIC~1.\Starware\BrowserSearch\BrowserSearch.xml
C:\DOCUME~1\dad\APPLIC~1.\Starware\BrowserSearch\BrowserSearch.xml.backup
C:\DOCUME~1\dad\APPLIC~1.\Starware\ErrorSearch\ErrorSearchOptions.xml
C:\DOCUME~1\dad\APPLIC~1.\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
C:\DOCUME~1\dad\APPLIC~1.\Starware\Games\GamesOptions.xml
C:\DOCUME~1\dad\APPLIC~1.\Starware\Games\GamesOptions.xml.backup
C:\DOCUME~1\dad\APPLIC~1.\Starware\Layouts\PreferencesLayout.xml
C:\DOCUME~1\dad\APPLIC~1.\Starware\Layouts\PreferencesLayout.xml.backup
C:\DOCUME~1\dad\APPLIC~1.\Starware\Layouts\ToolbarLayout.xml
C:\DOCUME~1\dad\APPLIC~1.\Starware\Layouts\ToolbarLayout.xml.backup
C:\DOCUME~1\dad\APPLIC~1.\Starware\Manager\ManagerOptions.xml
C:\DOCUME~1\dad\APPLIC~1.\Starware\Manager\ManagerOptions.xml.backup
C:\DOCUME~1\dad\APPLIC~1.\Starware\Movies\MoviesOptions.xml
C:\DOCUME~1\dad\APPLIC~1.\Starware\Movies\MoviesOptions.xml.backup
C:\DOCUME~1\dad\APPLIC~1.\Starware\Reference\ReferenceOptions.xml
C:\DOCUME~1\dad\APPLIC~1.\Starware\Reference\ReferenceOptions.xml.backup
C:\DOCUME~1\dad\APPLIC~1.\Starware\RelatedSearch\RelatedSearchOptions.xml
C:\DOCUME~1\dad\APPLIC~1.\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
C:\DOCUME~1\dad\APPLIC~1.\Starware\Screensavers\ScreensaversOptions.xml
C:\DOCUME~1\dad\APPLIC~1.\Starware\Screensavers\ScreensaversOptions.xml.backup
C:\DOCUME~1\dad\APPLIC~1.\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\DOCUME~1\dad\APPLIC~1.\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\DOCUME~1\dad\APPLIC~1.\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\DOCUME~1\dad\APPLIC~1.\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\DOCUME~1\dad\APPLIC~1.\Starware\SearchMatch\SearchMatchOptions.xml
C:\DOCUME~1\dad\APPLIC~1.\Starware\SearchMatch\SearchMatchOptions.xml.backup
C:\DOCUME~1\dad\APPLIC~1.\Starware\Toolbar\TBProductsOptions.xml
C:\DOCUME~1\dad\APPLIC~1.\Starware\Toolbar\TBProductsOptions.xml.backup
C:\DOCUME~1\dad\APPLIC~1.\Starware\ToolbarLogo\ToolbarLogoOptions.xml
C:\DOCUME~1\dad\APPLIC~1.\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\DOCUME~1\dad\APPLIC~1.\Starware\ToolbarSearch\ToolbarSearchOptions.xml
C:\DOCUME~1\dad\APPLIC~1.\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\DOCUME~1\dad\APPLIC~1.\Starware\TravelSearch\TravelSearchOptions.xml
C:\DOCUME~1\dad\APPLIC~1.\Starware\TravelSearch\TravelSearchOptions.xml.backup
C:\DOCUME~1\dad\APPLIC~1.\Starware\Weather\AlertArchive.xml
C:\DOCUME~1\dad\APPLIC~1.\Starware\Weather\WeatherOptions.xml
C:\DOCUME~1\dad\APPLIC~1.\Starware\Weather\WeatherOptions.xml.backup
C:\DOCUME~1\dad\APPLIC~1\Install.dat
C:\DOCUME~1\dad\Desktop.\Error Cleaner.url
C:\DOCUME~1\dad\Desktop.\Privacy Protector.url
C:\DOCUME~1\dad\Desktop.\Spyware&Malware Protection.url
C:\DOCUME~1\dad\FAVORI~1.\Error Cleaner.url
C:\DOCUME~1\dad\FAVORI~1.\Privacy Protector.url
C:\DOCUME~1\dad\FAVORI~1.\Spyware&Malware Protection.url
C:\DOCUME~1\steve\APPLIC~1\Install.dat
C:\Program Files\inetget2
C:\Program Files\NewMediaCodec
C:\Program Files\NewMediaCodec\install.ico
C:\Program Files\NewMediaCodec\NewMediaCodec.ocx
C:\Program Files\NewMediaCodec\Uninstall.exe
C:\Program Files\video activex object
C:\Program Files\video activex object\ot.ico
C:\Program Files\video activex object\ts.ico
C:\Program Files\video activex object\uninst.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\dat.txt
C:\WINDOWS\ddesupport.dll
C:\WINDOWS\main_uninstaller.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\msdde.dll
C:\WINDOWS\msole.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\wr.txt

((((((((((((((((((((((((( Files Created from 2007-06-05 to 2007-07-05 )))))))))))))))))))))))))))))))

2007-07-05 12:28 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-05 11:52 <DIR> d-------- C:\Deckard
2007-07-05 11:37 <DIR> d-------- C:\WINDOWS\privacy_danger(2)
2007-07-05 11:15 <DIR> d-------- C:\WINDOWS\privacy_danger(3)
2007-07-01 21:21 <DIR> d-------- C:\DOCUME~1\steve\APPLIC~1\McAfee

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-05 15:19:20 -------- d-----w C:\Program Files\McAfee
2007-07-04 18:57:15 -------- d-----w C:\Program Files\AWS
2007-06-30 19:22:18 -------- d-----w C:\Program Files\Maxis
2007-06-29 17:39:21 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-06-22 20:52:15 56 --sh--r C:\WINDOWS\system32\7C27710655.sys
2007-06-22 00:03:37 -------- d-----w C:\Program Files\Dl_cats
2007-06-14 20

55 -------- d-----w C:\Program Files\ArtMoney
2007-06-03 17:50:10 -------- d-----w C:\Program Files\Microsoft Games
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-10 02:58:37 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-16 16:14:59 30 ----a-w C:\WINDOWS\popcinfo.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-08-24 18:37 439872 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-11-03 15:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
2007-03-30 11:41 1099304 --a------ C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2005-09-08 06:20 110652 --a------ C:\WINDOWS\System32\DLA\DLASHX_W.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-12-15 03:23 440056 --a------ C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
2006-12-22 17:02 67136 --a------ c:\program files\mcafee\virusscan\scriptcl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-07-07 12:29 324416 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar4.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2005-11-08 13:30 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 05:00 C:\WINDOWS\system32\CTXFIHLP.EXE]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 16:30]
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [2005-08-16 21:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"dlcdmon.exe"="C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-10-07 12:01]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 944\memcard.exe" [2005-09-07 09:37]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 11:01]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 20:20]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-19 22:17]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-02-08 22:39]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
"csrss"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-25 08:29]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2016a466-91a2-43c6-97d8-2fd380f065ef}"="C:\WINDOWS\system32\higehsg.dll" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{2016a466-91a2-43c6-97d8-2fd380f065ef}"="C:\WINDOWS\system32\higehsg.dll" []
"{EC650585-6CF9-40DA-A381-283112E7A8D6}"="C:\WINDOWS\msole.dll" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{777a9f6c-e9fc-11da-9707-806d6172696f}]
AutoRun\command- E:\autorun.exe

Contents of the 'Scheduled Tasks' folder
2007-07-01 22:02:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-02-18 19:58:23 C:\WINDOWS\tasks\McDefragTask.job
2007-07-05 15:24:07 C:\WINDOWS\tasks\McQcTask.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-05 12:34:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-05 12:34:59
C:\ComboFix-quarantined-files.txt ... 2007-07-05 12:34

--- E O F ---

07-05-2007, 10:59 AM	#11 (permalink)
dangvirus Registered User Join Date: Jul 2007 Posts: 22 OS: windows xp	Re: Winfixer HELP!!!! same thing Im sorry it is all listed , but anyway here is the first part , I'll have the hijack this in a minute "dad" - 2007-07-05 12:30:17 - ComboFix 07-07-06 - Service Pack 2 ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\cursorcafe.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\cursorcafeA.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\FindIt.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\FindItHot.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\findithotxp.png C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\finditxp.png C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\games.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\gamesA.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\Highlight.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\HighlightHot.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\highlighthotxp.png C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\highlightxp.png C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\logo.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\logoxp.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\moviesA.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\Reference.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\ReferenceHot.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\referencehotxp.png C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\referencexp.png C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\screensaver.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\screensaverA.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\Weather.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\weatherhotxp.png C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\weatherxp.png C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\contexts\error.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\contexts\related.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\contexts\travel.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\images\walertXP.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\ProductMessagingConfig.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\SimpleUpdateConfig.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\TimerManagerConfig.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\TimerManagerConfig.xml.backup C:\DOCUME~1\dad\APPLIC~1.\Starware C:\DOCUME~1\dad\APPLIC~1.\Starware\BrowserSearch\BrowserSearch.xml C:\DOCUME~1\dad\APPLIC~1.\Starware\BrowserSearch\BrowserSearch.xml.backup C:\DOCUME~1\dad\APPLIC~1.\Starware\ErrorSearch\ErrorSearchOptions.xml C:\DOCUME~1\dad\APPLIC~1.\Starware\ErrorSearch\ErrorSearchOptions.xml.backup C:\DOCUME~1\dad\APPLIC~1.\Starware\Games\GamesOptions.xml C:\DOCUME~1\dad\APPLIC~1.\Starware\Games\GamesOptions.xml.backup C:\DOCUME~1\dad\APPLIC~1.\Starware\Layouts\PreferencesLayout.xml C:\DOCUME~1\dad\APPLIC~1.\Starware\Layouts\PreferencesLayout.xml.backup C:\DOCUME~1\dad\APPLIC~1.\Starware\Layouts\ToolbarLayout.xml C:\DOCUME~1\dad\APPLIC~1.\Starware\Layouts\ToolbarLayout.xml.backup C:\DOCUME~1\dad\APPLIC~1.\Starware\Manager\ManagerOptions.xml C:\DOCUME~1\dad\APPLIC~1.\Starware\Manager\ManagerOptions.xml.backup C:\DOCUME~1\dad\APPLIC~1.\Starware\Movies\MoviesOptions.xml C:\DOCUME~1\dad\APPLIC~1.\Starware\Movies\MoviesOptions.xml.backup C:\DOCUME~1\dad\APPLIC~1.\Starware\Reference\ReferenceOptions.xml C:\DOCUME~1\dad\APPLIC~1.\Starware\Reference\ReferenceOptions.xml.backup C:\DOCUME~1\dad\APPLIC~1.\Starware\RelatedSearch\RelatedSearchOptions.xml C:\DOCUME~1\dad\APPLIC~1.\Starware\RelatedSearch\RelatedSearchOptions.xml.backup C:\DOCUME~1\dad\APPLIC~1.\Starware\Screensavers\ScreensaversOptions.xml C:\DOCUME~1\dad\APPLIC~1.\Starware\Screensavers\ScreensaversOptions.xml.backup C:\DOCUME~1\dad\APPLIC~1.\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml C:\DOCUME~1\dad\APPLIC~1.\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup C:\DOCUME~1\dad\APPLIC~1.\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml C:\DOCUME~1\dad\APPLIC~1.\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup C:\DOCUME~1\dad\APPLIC~1.\Starware\SearchMatch\SearchMatchOptions.xml C:\DOCUME~1\dad\APPLIC~1.\Starware\SearchMatch\SearchMatchOptions.xml.backup C:\DOCUME~1\dad\APPLIC~1.\Starware\Toolbar\TBProductsOptions.xml C:\DOCUME~1\dad\APPLIC~1.\Starware\Toolbar\TBProductsOptions.xml.backup C:\DOCUME~1\dad\APPLIC~1.\Starware\ToolbarLogo\ToolbarLogoOptions.xml C:\DOCUME~1\dad\APPLIC~1.\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup C:\DOCUME~1\dad\APPLIC~1.\Starware\ToolbarSearch\ToolbarSearchOptions.xml C:\DOCUME~1\dad\APPLIC~1.\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup C:\DOCUME~1\dad\APPLIC~1.\Starware\TravelSearch\TravelSearchOptions.xml C:\DOCUME~1\dad\APPLIC~1.\Starware\TravelSearch\TravelSearchOptions.xml.backup C:\DOCUME~1\dad\APPLIC~1.\Starware\Weather\AlertArchive.xml C:\DOCUME~1\dad\APPLIC~1.\Starware\Weather\WeatherOptions.xml C:\DOCUME~1\dad\APPLIC~1.\Starware\Weather\WeatherOptions.xml.backup C:\DOCUME~1\dad\APPLIC~1\Install.dat C:\DOCUME~1\dad\Desktop.\Error Cleaner.url C:\DOCUME~1\dad\Desktop.\Privacy Protector.url C:\DOCUME~1\dad\Desktop.\Spyware&Malware Protection.url C:\DOCUME~1\dad\FAVORI~1.\Error Cleaner.url C:\DOCUME~1\dad\FAVORI~1.\Privacy Protector.url C:\DOCUME~1\dad\FAVORI~1.\Spyware&Malware Protection.url C:\DOCUME~1\steve\APPLIC~1\Install.dat C:\Program Files\inetget2 C:\Program Files\NewMediaCodec C:\Program Files\NewMediaCodec\install.ico C:\Program Files\NewMediaCodec\NewMediaCodec.ocx C:\Program Files\NewMediaCodec\Uninstall.exe C:\Program Files\video activex object C:\Program Files\video activex object\ot.ico C:\Program Files\video activex object\ts.ico C:\Program Files\video activex object\uninst.exe C:\WINDOWS\avp.exe C:\WINDOWS\dat.txt C:\WINDOWS\ddesupport.dll C:\WINDOWS\main_uninstaller.exe C:\WINDOWS\mgrs.exe C:\WINDOWS\msdde.dll C:\WINDOWS\msole.dll C:\WINDOWS\privacy_danger C:\WINDOWS\privacy_danger\images\capt.gif C:\WINDOWS\privacy_danger\images\danger.jpg C:\WINDOWS\privacy_danger\images\down.gif C:\WINDOWS\privacy_danger\images\spacer.gif C:\WINDOWS\privacy_danger\index.htm C:\WINDOWS\rs.txt C:\WINDOWS\system32\netstat.com C:\WINDOWS\system32\taskkill.com C:\WINDOWS\wr.txt ((((((((((((((((((((((((( Files Created from 2007-06-05 to 2007-07-05 ))))))))))))))))))))))))))))))) 2007-07-05 12:28 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-05 11:52 <DIR> d-------- C:\Deckard 2007-07-05 11:37 <DIR> d-------- C:\WINDOWS\privacy_danger(2) 2007-07-05 11:15 <DIR> d-------- C:\WINDOWS\privacy_danger(3) 2007-07-01 21:21 <DIR> d-------- C:\DOCUME~1\steve\APPLIC~1\McAfee (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-05 15:19:20 -------- d-----w C:\Program Files\McAfee 2007-07-04 18:57:15 -------- d-----w C:\Program Files\AWS 2007-06-30 19:22:18 -------- d-----w C:\Program Files\Maxis 2007-06-29 17:39:21 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-06-22 20:52:15 56 --sh--r C:\WINDOWS\system32\7C27710655.sys 2007-06-22 00:03:37 -------- d-----w C:\Program Files\Dl_cats 2007-06-14 2055 -------- d-----w C:\Program Files\ArtMoney 2007-06-03 17:50:10 -------- d-----w C:\Program Files\Microsoft Games 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-10 02:58:37 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll 2007-04-16 16:14:59 30 ----a-w C:\WINDOWS\popcinfo.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] 2006-08-24 18:37 439872 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2003-11-03 15:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}] 2007-03-30 11:41 1099304 --a------ C:\Program Files\SiteAdvisor\6066\SiteAdv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] 2005-09-08 06:20 110652 --a------ C:\WINDOWS\System32\DLA\DLASHX_W.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2006-12-15 03:23 440056 --a------ C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] 2006-12-22 17:02 67136 --a------ c:\program files\mcafee\virusscan\scriptcl.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] 2006-07-07 12:29 324416 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] 2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar4.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTHelper"="CTHELPER.EXE" [2005-11-08 13:30 C:\WINDOWS\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 05:00 C:\WINDOWS\system32\CTXFIHLP.EXE] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12] "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 16:30] "Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [2005-08-16 21:05] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44] "dlcdmon.exe"="C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-10-07 12:01] "MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 944\memcard.exe" [2005-09-07 09:37] "CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00] "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 11:01] "MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 20:20] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-19 22:17] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58] "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-02-08 22:39] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23] "csrss"="" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-25 08:29] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= file:///C:\WINDOWS\privacy_danger\index.htm FriendlyName= Privacy Protection [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{2016a466-91a2-43c6-97d8-2fd380f065ef}"="C:\WINDOWS\system32\higehsg.dll" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "{2016a466-91a2-43c6-97d8-2fd380f065ef}"="C:\WINDOWS\system32\higehsg.dll" [] "{EC650585-6CF9-40DA-A381-283112E7A8D6}"="C:\WINDOWS\msole.dll" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Usnsvc usnsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] AutoRun\command- E:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{777a9f6c-e9fc-11da-9707-806d6172696f}] AutoRun\command- E:\autorun.exe Contents of the 'Scheduled Tasks' folder 2007-07-01 22:02:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2007-02-18 19:58:23 C:\WINDOWS\tasks\McDefragTask.job 2007-07-05 15:24:07 C:\WINDOWS\tasks\McQcTask.job ************************************************************************ catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-05 12:34:21 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-07-05 12:34:59 C:\ComboFix-quarantined-files.txt ... 2007-07-05 12:34 --- E O F --- Last edited by dangvirus; 07-05-2007 at 11:04 AM.