|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
04-14-2007, 05:33 PM
|
#2 (permalink) |
|
Analyst, Security Team
Join Date: Nov 2006
Posts: 215
OS: WinXP Pro
|
Re: help trojanspm\lx
Hello momof4 and Welcome to TechSupport,
Please read the instructions here and reply here with your logs. Do not use the "Click here to post your log in the hijackthis forums" because you will be starting a new post instead of responding here. http://www.techsupportforum.com/secu...sting-log.html
__________________
  Proud member of ASAP since 2005 If you feel we've helped you, Please donate to the forum |
|
     |
|
04-15-2007, 06:25 AM
|
#3 (permalink) |
|
Registered User
Join Date: Apr 2007
Posts: 6
OS: windowsxp
|
Re: help trojanspm\lx
I ran deckards scanner, smitfraudfix and avg antispyware and here are the logs from them.
Deckard's System Scanner v20070411.38 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz Percentage of Memory in Use: 64% Physical Memory (total/avail): 509.98 MiB / 182.8 MiB Pagefile Memory (total/avail): 1245.47 MiB / 860 MiB Virtual Memory (total/avail): 2047.88 MiB / 1989.7 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 71.34 GiB total, 53.76 GiB free. D: is CDROM (No Media) -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. FW: Norton Internet Worm Protection v2006 (Symantec) AV: Norton AntiVirus 2006 v2005 (Symantec Corporation) -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Laura Wagemann\Application Data audesktop=C:\DOCUME~1\ALLUSE~1\Desktop aufavorites=C:\DOCUME~1\ALLUSE~1\FAVORI~1 austartm=C:\DOCUME~1\ALLUSE~1\STARTM~1 austartprg=C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs austartup=C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup CancelDNS=Configuration canceled. Check your network settings. ChoixMenu=2 ChoixRegistre=y CLASSPATH=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip CleanDNS=Do you want to set your network to dynamic -DHCP- Server ? CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=FAMILY ComSpec=C:\WINDOWS\system32\cmd.exe CurDir=C:\Program Files\MSN\MSNCoreFiles\SmitfraudFix desktop=C:\DOCUME~1\LAURAW~1\Desktop DNSHJ=Your computer may be victim of a DNS Hijack DoReboot=0 DoRestart=0 favorites=C:\DOCUME~1\LAURAW~1\FAVORI~1 fixname=SmitFraudFix fixvers=v2.167 FP_NO_HOST_CHECK=NO FSType=NTFS HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Laura Wagemann huy32Mess=huy32 detected, use a Rootkit scanner KDMess=detected ! lang=int LOGONSERVER=\\FAMILY lzx32Mess=lzx32 detected, use a Rootkit scanner msguardMess=msguard detected, use a Rootkit scanner NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Program Files\MSN\MSNCoreFiles;C:\Program Files\MSN\MSNCoreFiles;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\PROGRA~1\COMMON~1\SONICS~1\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Common Files\Ulead Systems\MPEG PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH pe386Mess=pe386 detected, use a Rootkit scanner PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0304 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip RKScan=use a Rootkit scanner SafeMDisp=Fix run in safe mode SafeMWarn=Fix run in normal mode sChoice=Enter your choice sDel=Deleted sEnd=End sError=Problem while deleting SESSIONNAME=Console sFound=FOUND ! sFSType=The filesystem type is sfxname=C:\Documents and Settings\Laura Wagemann\Local Settings\Temporary Internet Files\Content.IE5\4X6B8LUV\SmitfraudFix[1].exe sHOSTS=hosts file corrupted ! sInfect=infected ! sInfect2=infected ! sNotFound=not found sProcess=Killing process sRegClean=Registry Cleaning sRegCleanQ=Do you want to clean the registry ? (y/n) sRunFrom=Run from sScanDate=Scan done at sSearch=Scanning startm=C:\DOCUME~1\LAURAW~1\STARTM~1 startprg=C:\DOCUME~1\LAURAW~1\STARTM~1\Programs startup=C:\DOCUME~1\LAURAW~1\STARTM~1\Programs\Startup sTempFolder=Deleting Temp Files sTrustBackUp=Saving BackUp sTrustDone=Trusted Zone deleted. sTrustError=*** Error : zone.reg not found *** sTrustQ=Restore Trusted Zone ? (y/n) sWininetQ=Replace infected file ? (y/n) sWiniSearch=Scanning for wininet.dll backup syspath=C:\WINDOWS\system32 SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\LAURAW~1\LOCALS~1\Temp TMP=C:\DOCUME~1\LAURAW~1\LOCALS~1\Temp USERDOMAIN=FAMILY USERNAME=Laura Wagemann USERPROFILE=C:\Documents and Settings\Laura Wagemann Veo_532_INF_PATH=C:\WINDOWS\INF\oem14.inf Veo_532_INSTALL_DIR=C:\Program Files\Veo Stingray\Driver Veo_532_PNF_PATH=C:\WINDOWS\INF\oem14.pnf Veo_532_PRODUCT_VER=1.1.0.0 Version=Microsoft Windows XP [Version 5.1.2600] windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Laura Wagemann (admin) Laura (new local, admin) -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\Creative\Sound Blaster Live! 24-bit\Program\Ctzapxx.EXE" /X /U /S --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} --> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095} --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002} ATI Catalyst Control Center --> MsiExec.exe /I{F4A47B12-4314-4020-B458-EDF1C0F90BE5} AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe Banctec Service Agreement --> MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF} BitTorrent 4.0.4 --> "C:\Program Files\BitTorrent\uninstall.exe" Browser Mouse --> C:\Program Files\Browser Mouse\uninst00.exe ccCommon --> MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB} CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\setup.exe" -l0x9 /remove Dangerous Mines Lite --> C:\DOCUME~1\LAURAW~1\LOCALS~1\Temp\sce__0\ -Uninstall Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76} Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall Dell Picture Studio v3.0 --> MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37} DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText Dungeon Siege 2 --> "C:\Program Files\Microsoft Games\Dungeon Siege 2\UNINSTAL.EXE" /runtemp /uninstall Dungeon Siege 2 Broken World --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A563C4F4-BE36-4956-BA0B-E02BDD9F70D5}\setup.exe" -l0x9 -removeonly EVE-ONLINE (remove only) --> C:\Program Files\CCP\EVE\Uninstall.exe EVEMon --> C:\Program Files\EVEMon\uninstall.exe EXEtender Player --> "C:\Program Files\EXEtender\Uninstall.exe" HijackThis 1.99.1 --> C:\DOCUME~1\LAURAW~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe /uninstall honestech TVR --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE27845A-6438-4DCF-AE3D-44EC96CB31CA}\setup.exe" -l0x9 Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Ink --> MsiExec.exe /I{9FCB2876-554D-491D-A2CD-58F8252D6C64} Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572 Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe Intel(R) PROSet for Wired Connections --> MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7} Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395} Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4} iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5} /l1033 J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe Lexmark 640 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXDAUN5C.EXE -dLexmark 640 Series LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Macrogaming SweetIM 1.2a --> MsiExec.exe /X{5827C8C9-A3C6-4E7C-AA70-F6AFAB52F981} Macromedia Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log MathPlayer --> C:\Program Files\Design Science\MathPlayer\Setup.exe -u Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel Monopoly --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Monopoly\Uninst.isu" MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5} Muiltmedia keyboard utility 1.1 --> C:\Program Files\Muiltmedia keyboard utility\1.1\uninst00.exe Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst NAVShortcut --> MsiExec.exe /I{F325CF11-27CE-4872-8022-6E9EB27DF24F} Norton AntiVirus 2006 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B} Norton AntiVirus 2006 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe" /X Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8} Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43} Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8} Norton Protection Center --> MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6} Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4} NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan Photo Explosion Special Edition --> MsiExec.exe /X{DD040AAA-F295-492B-AD91-C8DC24488273} PowerDVD 5.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PrintMaster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A35C2323-3CEA-405C-9569-EF5DDE930B2F}\setup.exe" -l0x9 anything QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033 Qwest QuickCare --> "C:\Program Files\Support.com\Qwest\Uninstall.exe" /c "Are you sure you want to remove QuickCare?" RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Sonic MyDVD --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3} Sound Blaster Live! 24-bit --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB481CC-F57C-4397-81A0-DADD22257047}\setup.exe" -l0x9 SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56} Special Internet Offers --> C:\Program Files\Riverdeep\Offers\ELPPC\uninst.exe Spybot - Search & Destroy 1.2 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09} Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68} System Alert Popup --> C:\DOCUME~1\LAURAW~1\LOCALS~1\Temp\laf95.tmp /del TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins001.exe" TeamSpeak 2 Server RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe" The Print Shop 20 --> MsiExec.exe /I{152BF35B-56D7-4652-B519-1661AAC270EE} TSDisp --> C:\Program Files\TSDisp\Uninst.exe Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} Veo Digital Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45AEEA61-04F8-11D6-8B35-0080C8F5C4AA}\SETUP.EXE" -l0x9 Veo Stingray --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD88E6DF-A288-4E09-A59B-68E94373BAC7}\SETUP.EXE" -l0x9 Viewpoint Media Player (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48} Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Photos Easy Upload Tool 1v6 --> C:\WINDOWS\system32\regsvr32 /u /s "C:\WINDOWS\cache\YDropper.dll" Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe -- End of Deckard's System Scanner: finished at 2007-04-15 at 07:16:37 --------- SmitFraudFix v2.167 Scan done at 6:56:36.70, Sun 04/15/2007 Run from C:\Program Files\MSN\MSNCoreFiles\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Browser Mouse\mouse32a.exe C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\Program Files\WinMsg\SCLICK.EXE C:\Program Files\WinMsg\UINST.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\honestech\honestech TVR\scheduleTV.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN\MSNCoreFiles\msn.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Laura Wagemann »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Laura Wagemann\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LAURAW~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport DNS Server Search Order: 192.168.0.1 DNS Server Search Order: 205.171.3.65 Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport DNS Server Search Order: 192.168.0.1 DNS Server Search Order: 205.171.3.65 HKLM\SYSTEM\CCS\Services\Tcpip\..\{0EAA6E66-6771-4125-9C33-0AA3BD1A09E9}: DhcpNameServer=192.168.0.1 205.171.3.65 HKLM\SYSTEM\CCS\Services\Tcpip\..\{1BC58ECE-73B9-4080-ACCD-23D30DAC854E}: DhcpNameServer=192.168.0.1 205.171.3.65 HKLM\SYSTEM\CS1\Services\Tcpip\..\{0EAA6E66-6771-4125-9C33-0AA3BD1A09E9}: DhcpNameServer=192.168.0.1 205.171.3.65 HKLM\SYSTEM\CS1\Services\Tcpip\..\{1BC58ECE-73B9-4080-ACCD-23D30DAC854E}: DhcpNameServer=192.168.0.1 205.171.3.65 HKLM\SYSTEM\CS3\Services\Tcpip\..\{0EAA6E66-6771-4125-9C33-0AA3BD1A09E9}: DhcpNameServer=192.168.0.1 205.171.3.65 HKLM\SYSTEM\CS3\Services\Tcpip\..\{1BC58ECE-73B9-4080-ACCD-23D30DAC854E}: DhcpNameServer=192.168.0.1 205.171.3.65 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 205.171.3.65 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 205.171.3.65 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 205.171.3.65 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End -------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 7:45:32 PM 4/14/2007 + Scan result: C:\Documents and Settings\Laura Wagemann\Cookies\laura wagemann@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken. ::Report end |
|
|
|
|
04-15-2007, 06:27 AM
|
#4 (permalink) |
|
Registered User
Join Date: Apr 2007
Posts: 6
OS: windowsxp
|
Re: help trojanspm\lx
I also ran hijack this and here is the log I forgot to put it in last one. Sorry about this.
gfile of HijackThis v1.99.1 Scan saved at 7:26:14 AM, on 4/15/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Browser Mouse\mouse32a.exe C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\Program Files\WinMsg\SCLICK.EXE C:\Program Files\WinMsg\UINST.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\honestech\honestech TVR\scheduleTV.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\explorer.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit |
|
|
|
|
04-15-2007, 06:58 AM
|
#5 (permalink) |
|
Analyst, Security Team
Join Date: Nov 2006
Posts: 215
OS: WinXP Pro
|
Re: help trojanspm\lx
Don't worry about the incomplete hijackthis log in the previous post.
STEP 1. ====== Combofix
Please post the ComboFix log and a new hijackthis log.
__________________
Proud member of ASAP since 2005 If you feel we've helped you, Please donate to the forum Last edited by Susan528 : 04-15-2007 at 06:59 AM. |
|
|
|
|
04-15-2007, 11:50 AM
|
#6 (permalink) |
|
Registered User
Join Date: Apr 2007
Posts: 6
OS: windowsxp
|
Re: help trojanspm\lx
Sorry about the incomplete logfile. I ran it again and have it posted below. Logfile of HijackThis v1.99.1
Scan saved at 12:46:06 PM, on 4/15/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Browser Mouse\mouse32a.exe C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\Program Files\WinMsg\SCLICK.EXE C:\Program Files\WinMsg\UINST.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\honestech\honestech TVR\scheduleTV.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\explorer.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN\MSNCoreFiles\msn.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [TV Card Remote Control Applet] C:\WINDOWS\878RMT.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf O4 - HKLM\..\Run: [sclick] C:\Program Files\WinMsg\SCLICK.EXE O4 - HKLM\..\Run: [StUnInst] C:\Program Files\WinMsg\UINST.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Uniblue Registry Booster2] C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Event Reminder.lnk = ? O4 - Global Startup: ScheduleTV.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZUxdm068YYUS O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: All Star Football by pogo - http://game1.pogo.com/applet-6.9.3.4...arfb-en_US.cab O16 - DPF: All-Star Football Challenge by pogo - http://game1.pogo.com/applet-6.9.3.4...rfb2-en_US.cab O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.9.3.4...jack-en_US.cab O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.9.4.4...cade-en_US.cab O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.9.4.3...kers-en_US.cab O16 - DPF: Command and Conquer Attack Copter by pogo - http://game1.pogo.com/applet-6.9.3.4...rike-en_US.cab O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-6.9.4.34/ytz/ytz-en_US.cab O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.9.4.3...ass2-en_US.cab O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.9.3.2...ingo-en_US.cab O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.com/applet-6.9.3.3...gman-en_US.cab O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.9.3.4...pool-en_US.cab O16 - DPF: Its Outta Here 2 by pogo - http://game1.pogo.com/applet-6.9.3.3...here-en_US.cab O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.9.3.2...gsaw-en_US.cab O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.9.3.2...ttso-en_US.cab O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/applet-6.9.3.4...hoes-en_US.cab O16 - DPF: NASCAR Web Racing by pogo - http://game1.pogo.com/applet-6.9.3.4...scar-en_US.cab O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.9.3.2...igow-en_US.cab O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/applet-6.9.4.3...ell2-en_US.cab O16 - DPF: Pebble Beach Golf by pogo - http://game1.pogo.com/applet-6.9.3.3...bble-en_US.cab O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.9.3.4...opfu-en_US.cab O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.9.4.3...pit2-en_US.cab O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.9.4.4...ride-en_US.cab O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.9.2.4...ider-en_US.cab O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.9.3.3...eper-en_US.cab O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/applet-6.9.3.3...ball-en_US.cab O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-8.0.0.2...bo22-en_US.cab O16 - DPF: Vert Skater by pogo - http://game1.pogo.com/applet-6.9.3.3...ater-en_US.cab O16 - DPF: Word Craft by pogo - http://game1.pogo.com/applet-6.9.4.3...bble-en_US.cab O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.9.3.2...lass-en_US.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab53083.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/def...x.1.0.0.67.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab53083.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab53083.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1137275774640 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1137549584328 O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/def...jolauncher.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ws-i586-jc.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframewor...r.cab31267.cab O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames...e.cab53083.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab55579.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/.../installer.exe O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab53852.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe "Laura Wagemann" - 07-04-15 12:33:22 Service Pack 2 ComboFix Microsoft Windows XP [Version 5.1.2600] - Running from: "C:\Program Files\MSN\MSNCoreFiles" ((((((((((((((((((((((((((((((( Files Created from 2007-03-15 to 2007-04-15 )))))))))))))))))))))))))))))))))) 2007-04-15 07:13 <DIR> d-------- C:\Deckard 2007-04-15 06:56 79,360 --a------ C:\WINDOWS\SYSTEM32\swxcacls.exe 2007-04-15 06:56 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe 2007-04-15 06:56 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe 2007-04-15 06:56 40,960 --a------ C:\WINDOWS\SYSTEM32\swsc.exe 2007-04-15 06:56 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe 2007-04-15 06:56 135,168 --a------ C:\WINDOWS\SYSTEM32\swreg.exe 2007-04-14 08:08 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab 2007-04-14 08:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2007-04-14 07:35 <DIR> d-------- C:\Program Files\Lavasoft 2007-04-14 07:35 <DIR> d-------- C:\DOCUME~1\LAURAW~1\APPLIC~1\Lavasoft 2007-04-14 07:25 <DIR> d-------- C:\VundoFix Backups 2007-04-14 07:11 <DIR> d-------- C:\DOCUME~1\LAURAW~1\APPLIC~1\Uniblue 2007-04-13 21:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion 2007-04-13 21:24 <DIR> d-------- C:\Program Files\CCleaner 2007-04-13 18:15 <DIR> d-------- C:\DOCUME~1\LAURAW~1\APPLIC~1\WholeSecurity 2007-04-13 12:18 <DIR> d-------- C:\Program Files\WinMsg 2007-04-13 06:26 <DIR> d-------- C:\Program Files\DellSupport 2007-04-05 11:17 <DIR> d-------- C:\WINDOWS\.jagex_cache_32 2007-04-04 22:29 <DIR> d-------- C:\DOCUME~1\LAURAW~1\APPLIC~1\Viewpoint (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-15 12:32 -------- d-------- C:\DOCUME~1\LAURAW~1\APPLIC~1\msn6 2007-04-15 06:57 4098 --a------ C:\WINDOWS\SYSTEM32\tmp.reg 2007-04-13 22:48 -------- d-------- C:\DOCUME~1\LAURAW~1\APPLIC~1\symantec 2007-04-13 22:39 -------- d-------- C:\Program Files\messenger 2007-04-13 22:39 -------- d-------- C:\Program Files\itunes 2007-04-13 22:39 -------- d-------- C:\Program Files\Common Files\symantec shared 2007-04-13 22:38 -------- d-------- C:\Program Files\msn messenger 2007-04-13 22:38 -------- d-------- C:\Program Files\digital line detect 2007-04-13 21:24 -------- d-------- C:\Program Files\yahoo! 2007-04-13 18:15 28672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys 2007-03-18 15:06 -------- d-------- C:\DOCUME~1\LAURAW~1\APPLIC~1\teamspeak2 2007-03-17 08:43 292864 --a------ C:\WINDOWS\SYSTEM32\winsrv.dll 2007-03-08 10:36 577536 --a------ C:\WINDOWS\SYSTEM32\user32.dll 2007-03-08 10:36 40960 --a------ C:\WINDOWS\SYSTEM32\mf3216.dll 2007-03-08 10:36 281600 --a------ C:\WINDOWS\SYSTEM32\gdi32.dll 2007-03-08 08:47 1843584 --a------ C:\WINDOWS\SYSTEM32\win32k.sys 2007-03-01 19:28 -------- d-------- C:\Program Files\symantec 2007-03-01 19:26 -------- d-------- C:\Program Files\quicktime 2007-02-28 08:48 -------- d-------- C:\DOCUME~1\LAURAW~1\APPLIC~1\msninstaller 2007-02-28 08:46 -------- d-------- C:\Program Files\online services 2007-02-28 08:38 -------- dr------- C:\Program Files\support.com 2007-02-27 23:16 -------- d-------- C:\Program Files\virtools 2007-02-25 15:48 -------- d-------- C:\Program Files\java 2007-02-25 13:53 -------- d-------- C:\Program Files\google 2007-02-25 12:10 5376 --a-s---- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys 2007-02-25 10:47 -------- d-------- C:\Program Files\norton antivirus 2007-02-25 10:42 48776 --a------ C:\WINDOWS\SYSTEM32\s32evnt1.dll 2007-02-25 10:42 115000 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS 2007-02-17 13:16 -------- d-------- C:\DOCUME~1\LAURAW~1\APPLIC~1\nova development 2007-02-17 13:09 -------- d-------- C:\Program Files\nova development 2007-02-17 13:09 -------- d-------- C:\Program Files\Common Files\ulead systems 2007-02-12 18:22 538256 --a------ C:\WINDOWS\SYSTEM32\symneti.dll 2007-02-12 18:22 161424 --a------ C:\WINDOWS\SYSTEM32\symredir.dll 2007-02-11 17:22 98304 --a------ C:\WINDOWS\SYSTEM32\cmdlineext.dll 2007-02-05 15:17 185344 --a------ C:\WINDOWS\SYSTEM32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "MsnMsgr"="~\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup" "Uniblue Registry Booster2"="C:\\Program Files\\Uniblue\\RegistryBooster2\\RegistryBooster.exe /S" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "TV Card Remote Control Applet"="C:\\WINDOWS\\878RMT.exe" "UpdReg"="C:\\WINDOWS\\UpdReg.EXE" "UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\"" "P17Helper"="Rundll32 P17.dll,P17Helper" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC" "MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mimboot.exe" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe" "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe" "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe" "FLMOFFICE4DMOUSE"="C:\\Program Files\\Browser Mouse\\mouse32a.exe" "FLMK08KB"="C:\\Program Files\\Muiltmedia keyboard utility\\1.1\\MMKEYBD.EXE" "DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\"" "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe" "CTSysVol"="C:\\Program Files\\Creative\\Sound Blaster Live! 24-bit\\Surround Mixer\\CTSysVol.exe /r" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "tgcmd"="\"C:\\Program Files\\Support.com\\bin\\tgcmd.exe\" /server /startmonitor /deaf" "sclick"="C:\\Program Files\\WinMsg\\SCLICK.EXE" "StUnInst"="C:\\Program Files\\WinMsg\\UINST.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Laura Wagemann.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run TV Card Remote Control Applet = C:\WINDOWS\878RMT.exe??????????????wh???????????????????<???`???h??????|p???????T???|??|h??????|p??|????m??|pi?w????????????@??????w?????????0B????w???wx???x??????w???w?????0B?????????P???????H??????w???w???????w??@??????:=???@?????T????'@???YhH???|?A???????Yh scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-15 12:42:53 C:\ComboFix-quarantined-files.txt ... 07-04-15 12:42 |
|
|
|
|
04-15-2007, 05:06 PM
|
#7 (permalink) |
|
Analyst, Security Team
Join Date: Nov 2006
Posts: 215
OS: WinXP Pro
|
Re: help trojanspm\lx
Looking better! Please do the following:
Please set your system to show all files; please see here if you're unsure how to do this. Scan with HijackThis. Place a check against each of the following: R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O4 - HKLM\..\Run: [sclick] C:\Program Files\WinMsg\SCLICK.EXE O4 - HKLM\..\Run: [StUnInst] C:\Program Files\WinMsg\UINST.EXE O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZUxdm068YYUS Close all windows or browsers except for Hijackthis. Click on Fix Checked when finished and exit HijackThis. Reboot into Safe Mode: please see here if you are not sure how to do this. Using Windows Explorer, locate the following files/folders, and delete them: C:\Program Files\WinMsg\<=folder Exit Explorer, and reboot as normal afterwards. Updating Java
Post (reply) with a fresh HijackThis log and we will take another look.
__________________
Proud member of ASAP since 2005 If you feel we've helped you, Please donate to the forum |
|
|
|
