Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
My DSS log My DSS log
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2 >
 
Thread Tools
Old 04-22-2007, 04:49 PM   #1 (permalink)
Registered User
 
The Arto's Avatar
 
Join Date: Apr 2007
Posts: 27
OS: xp


My DSS log
I used Hijack this and did a scan so I could get a log.....can someone please help with this!!! Very much appreciated in advance....
Branden

Logfile of HijackThis v1.99.1
Scan saved at 5:42:43 PM, on 4/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\PopUp Killer\PopUpKiller.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINNT\updater.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINNT\DOBE~1\dvdplay.exe
C:\WINNT\?ystem\n?pdb.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\Winamp.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINNT\system32\uirlrffw.dll
O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - C:\WINNT\system32\ipv6monl.dll
O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINNT\system32\cbxyaab.dll
O2 - BHO: (no name) - {41493FE9-6FB3-474E-92B7-00DDF50360AF} - C:\WINNT\system32\vtsqr.dll
O2 - BHO: (no name) - {6595A644-4380-6477-F24F-1AE33AE4F89B} - C:\WINNT\system32\wdqvs.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CC46F77B-FD92-46AC-ADDF-8B4CE70E0EE7} - C:\WINNT\system32\vklnwaim.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [xloadnet] "C:\Program Files\xloadnet\xloadnet.exe"
O4 - HKLM\..\Run: [runner1] C:\WINNT\updater.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Ltho] "C:\WINNT\DOBE~1\dvdplay.exe" -vt yazb
O4 - HKCU\..\Run: [Pqdmwmrx] C:\WINNT\?ystem\n?pdb.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.sxload.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O20 - Winlogon Notify: cbxyaab - C:\WINNT\SYSTEM32\cbxyaab.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: vtsqr - C:\WINNT\system32\vtsqr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Last edited by The Arto : 04-22-2007 at 04:51 PM.
The Arto is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-22-2007, 10:07 PM   #2 (permalink)
Registered User
 
The Arto's Avatar
 
Join Date: Apr 2007
Posts: 27
OS: xp


My DSS log
Hey guys...I completed all of the 5 steps. My problem exist with endless pop-ups and outer info and my computer running incredibly slow. Like I said, I've done the 5 steps before posting this and hope you can help finish fixing this. During the Panda/Activescan it found and disinfected 3 viruses: Virus:Trj/Downloader.NYN, Virus:Trj/Cimuz.EN, and Virus:Trj/Kazlite.A. I hope this is enough info to help you help me. THank you in advance...your help is much appreciated becuase I don't want to get a new comp over this.

Branden

here is the contents of the main.txt from my DSS scan:

Deckard's System Scanner v20070411.38
Run by Owner on 2007-04-22 at 22:50:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
70: 2007-04-23 03:50:35 UTC - RP1043 - Deckard's System Scanner Restore Point
69: 2007-04-23 03:47:25 UTC - RP1042 - Software Distribution Service 2.0
68: 2007-04-23 00:58:30 UTC - RP1041 - Installed Ad-Aware SE Personal
67: 2007-04-22 02:17:47 UTC - RP1040 - Removed pressplay
66: 2007-04-21 13:40:34 UTC - RP1039 - System Checkpoint


-- First Restore Point --
1: 2007-01-23 23:33:19 UTC - RP974 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:53:04 PM, on 4/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\PopUp Killer\PopUpKiller.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINNT\updater.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINNT\DOBE~1\dvdplay.exe
C:\WINNT\?ystem\n?pdb.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINNT\system32\uirlrffw.dll
O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINNT\system32\cbxyaab.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {659CF94F-108F-6425-F24F-1AE33AE4FE9C} - C:\WINNT\system32\aochsz.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7786EF98-6143-4274-97D8-D8AA4059DA46} - C:\WINNT\system32\vtsqr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CC46F77B-FD92-46AC-ADDF-8B4CE70E0EE7} - C:\WINNT\system32\vklnwaim.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [xloadnet] "C:\Program Files\xloadnet\xloadnet.exe"
O4 - HKLM\..\Run: [runner1] C:\WINNT\updater.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Ltho] "C:\WINNT\DOBE~1\dvdplay.exe" -vt yazb
O4 - HKCU\..\Run: [Pqdmwmrx] C:\WINNT\?ystem\n?pdb.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.sxload.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: cbxyaab - C:\WINNT\SYSTEM32\cbxyaab.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: vtsqr - C:\WINNT\system32\vtsqr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Cdr4_xp - c:\winnt\system32\drivers\cdr4_xp.sys
R1 Cdralw2k - c:\winnt\system32\drivers\cdralw2k.sys
R1 cdudf_xp - c:\winnt\system32\drivers\cdudf_xp.sys
R1 pwd_2k - c:\winnt\system32\drivers\pwd_2k.sys
R1 Sk9920nt (PS/2 Keyboard Filter Driver for NT 4.0) - c:\winnt\system32\drivers\sk9920nt.sys
R1 UdfReadr_xp - c:\winnt\system32\drivers\udfreadr_xp.sys
R2 ASCTRM - c:\winnt\system32\drivers\asctrm.sys
R3 aeaudio - c:\winnt\system32\drivers\aeaudio.sys
R3 GTWModem (GTW V.92 Voicemodem) - c:\winnt\system32\drivers\gwmdm.sys
R3 ialm - c:\winnt\system32\drivers\ialmnt5.sys
R3 mmc_2K - c:\winnt\system32\drivers\mmc_2k.sys
R3 MODEMCSA (Unimodem Streaming Filter Device) - c:\winnt\system32\drivers\modemcsa.sys
R3 Sk99202k (PS/2 Keyboard Filter Driver for Win2000) - c:\winnt\system32\drivers\sk99202k.sys
R3 smwdm - c:\winnt\system32\drivers\smwdm.sys

S3 ac97intc (Intel(r) 82801 Audio Driver Install Service (WDM)) - c:\winnt\system32\drivers\ac97intc.sys
S3 BCMModem (BCM V.90 56K Modem) - c:\winnt\system32\drivers\bcmdm.sys
S3 dvd_2K - c:\winnt\system32\drivers\dvd_2k.sys
S3 PCDRDRV (Pcdr Helper Driver) - c:\atf\qctest\pcdoc\pcdrdrv.sys (file missing)
S3 WpdUsb - c:\winnt\system32\drivers\wpdusb.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 spupdsvc (Windows Service Pack Installer update service) - c:\winnt\system32\spupdsvc.exe


-- Scheduled Tasks -------------------------------------------------------------

2007-04-22 22:53:00 364 --a------ C:\WINNT\Tasks\Symantec NetDetect.job<SYMANT~1.JOB>
2007-04-20 20:00:00 464 --a------ C:\WINNT\Tasks\Norton AntiVirus - Scan my computer.job<NORTON~1.JOB>
2007-04-16 2100 284 --a------ C:\WINNT\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>


-- Files created between 2007-03-22 and 2007-04-22 -----------------------------

2007-04-22 22:26:58 21312 --a------ C:\WINNT\choice.exe
2007-04-22 22:26:29 0 d-------- C:\ie-spyad
2007-04-22 22:21:10 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-04-22 22:13:06 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-04-22 20:44:36 0 d-------- C:\WINNT\system32\ActiveScan<ACTIVE~1>
2007-04-22 20:44:24 0 d-------- C:\WINNT\LastGood
2007-04-22 19:59:29 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-04-22 19:58:41 0 d-------- C:\Program Files\Lavasoft
2007-04-22 19:57:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-04-22 19:16:01 123972 --a------ C:\WINNT\system32\wieyuvyi.dll
2007-04-22 18:50:25 0 d-------- C:\Program Files\Outerinfo<OUTERI~1>
2007-04-22 18:50:15 60928 --a------ C:\WINNT\system32\aochsz.dll
2007-04-22 09:02:41 0 d-------- C:\Program Files\Ipwindows<IPWIND~1>
2007-04-21 19:14:50 123972 --a------ C:\WINNT\system32\lcvijrkg.dll
2007-04-21 10:17:41 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-04-21 04:32:34 44544 -ra------ C:\WINNT\updater.exe
2007-04-20 19:14:33 123972 --a------ C:\WINNT\system32\hckbniif.dll
2007-04-20 19:14:30 1386433 ---hs---- C:\WINNT\system32\rqstv.bak2<RQSTV~2.BAK>
2007-04-20 07:11:38 76412 --a------ C:\WINNT\system32\gmnsnyov.dll
2007-04-20 07:11:33 49204 --a------ C:\WINNT\system32\uirlrffw.dll
2007-04-20 07:11:28 125460 --a------ C:\WINNT\system32\vklnwaim.dll
2007-04-20 07:11:10 123972 --a------ C:\WINNT\system32\vfntubfv.dll
2007-04-20 07:10:23 1373003 ---hs---- C:\WINNT\system32\rqstv.bak1<RQSTV~1.BAK>
2007-04-20 07:08:47 281172 ---hs---- C:\WINNT\system32\vtsqr.dll
2007-04-20 07:03:40 0 d-------- C:\Program Files\InetGet2
2007-04-20 07:01:12 2 --a------ C:\WINNT\system32\wnsapiicomsv32.exe<WNSAPI~1.EXE>
2007-04-20 07:00:31 40183 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe<YAZZLE~2.EXE>
2007-04-20 07:00:25 0 d-------- C:\WINNT\?dobe
2007-04-20 07:00:07 26694 --a------ C:\WINNT\system32\cbxyaab.dll
2007-04-20 06:55:58 32768 --a------ C:\WINNT\system32\a.exe
2007-04-02 14:10:40 146432 ---hs---- C:\Program Files\Common Files\Yazzle1281OinAdmin.exe<YAZZLE~1.EXE>


-- Find3M Report ---------------------------------------------------------------

2007-04-22 21:39:04 0 d-------- C:\Program Files\Winamp
2007-04-22 21:35:35 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-04-22 21:32:32 0 d-------- C:\Program Files\PopUp Killer<POPUPK~1>
2007-04-22 21:29:45 0 d-------- C:\Program Files\Norton AntiVirus<NORTON~1>
2007-04-22 21:27:20 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-04-22 21:19:26 0 d-------- C:\Program Files\Google
2007-04-22 21:18:43 0 d-------- C:\Program Files\Dell AIO Printer A920<DELLAI~1>
2007-04-22 21:17:58 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-04-22 19:19:42 0 d-------- C:\Program Files\WildTangent<WILDTA~1>
2007-04-22 19:15:02 0 d-------- C:\Program Files\Viewpoint<VIEWPO~1>
2007-04-21 21:18:01 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-19 12:24:16 0 d-------- C:\Program Files\Gerge
2007-04-17 12:53:05 0 d-------- C:\Program Files\Java
2007-04-14 15:10:19 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2007-04-13 11:00:50 0 d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft<MICROS~1>
2007-03-28 17:32:38 0 d-------- C:\Program Files\Full Tilt Poker.Net<FULLTI~1.NET>
2007-03-24 20:28:34 0 d-------- C:\Program Files\PartyGaming<PARTYG~1>
2007-03-17 08:43:01 292864 --a------ C:\WINNT\system32\winsrv.dll
2007-03-15 09:08:13 101438 --a------ C:\WINNT\b122.exe
2007-03-08 10:36:28 577536 --a------ C:\WINNT\system32\user32.dll
2007-03-08 10:36:28 40960 --a------ C:\WINNT\system32\mf3216.dll
2007-03-08 10:36:28 281600 --a------ C:\WINNT\system32\gdi32.dll
2007-03-08 08:47:48 1843584 --a------ C:\WINNT\system32\win32k.sys
2007-02-05 15:17:02 185344 --a------ C:\WINNT\system32\upnphost.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Ltho"="\"C:\\WINNT\\DOBE~1\\dvdplay.exe\" -vt yazb"
"Pqdmwmrx"="C:\\WINNT\\?ystem\\n?pdb.exe"
"IpWins"="C:\\Program Files\\Ipwindows\\ipwins.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE"
"GWMDMMSG"="GWMDMMSG.exe"
"IgfxTray"="C:\\WINNT\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINNT\\System32\\hkcmd.exe"
"Keyboard Preload Check"="C:\\OEMDRVRS\\KEYB\\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:\"Keyboard Preload Check\""
"GWMDMpi"="C:\\WINNT\\GWMDMpi.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"PopUpKiller"="C:\\Program Files\\PopUp Killer\\PopUpKiller.EXE"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"Dell AIO Printer A920"="\"C:\\Program Files\\Dell AIO Printer A920\\dlbkbmgr.exe\""
"xloadnet"="\"C:\\Program Files\\xloadnet\\xloadnet.exe\""
"runner1"="C:\\WINNT\\updater.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINNT\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\DVD\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM95\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ares"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Weather 3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="The Weather Channel"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\THEWEA~1\\The Weather Channel.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver Updater]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Updater"
"hkey"="HKLM"
"command"="C:\\Program Files\\iRiver\\iRiver Manager\\Updater\\Updater.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WebRebates0"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Web_Rebates\\WebRebates0.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3F9D0C61-737D-44D1-BD80-91AF857061CC}"=""
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxyaab
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsqr

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-04-22 at 22:54:43 ---------
Attached Files
File Type: txt extra.txt (10.8 KB, 1 views)
The Arto is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-22-2007, 10:21 PM   #3 (permalink)
Registered User
 
The Arto's Avatar
 
Join Date: Apr 2007
Posts: 27
OS: xp


Re: Outer Info troubles....
disregard the above post...i've done the 5 steps and posted in the proper place. my bad. thanks.
The Arto is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-22-2007, 11:59 PM   #4 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 20,048
OS: WinXP and Vista


Re: My DSS log
Hello Branden and welcome to TSF,

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

Close any open browsers.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Post the ComboFix.txt in your next reply along with a new HijackThis log.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-23-2007, 08:08 AM   #5 (permalink)
Registered User
 
The Arto's Avatar
 
Join Date: Apr 2007
Posts: 27
OS: xp


My Combofix log
Thanks for the prompt reply Ried. Here's my combofix log. Now, I had to do it in safemode because it kept crashing in regular. I'll copy/paste and attach. If I need to do it in regular mode, I will keep trying. Spyguard is constantly going off though so I think it was cause problems.

"Owner" - 07-04-23 8:51:43 Service Pack 2 [SAFE MODE]
ComboFix 07-04-22.6V - Running from: "C:\Documents and Settings\Owner\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\WINNT\DOBE~1
C:\qoobox\purity\C\WINNT\MCROSO~1.NET
C:\qoobox\purity\C\WINNT\YSTEM~1
C:\qoobox\purity\C\WINNT\DOBE~1\dvdplay.exe
C:\qoobox\purity\C\WINNT\DOBE~1\?dobe
C:\qoobox\purity\C\WINNT\YSTEM~1\n?pdb.exe


((((((((((((((((((((((((((((((( Files Created from 2007-03-23 to 2007-04-23 ))))))))))))))))))))))))))))))))))


2007-04-22 22:50 <DIR> d-------- C:\Deckard
2007-04-22 22:26 21,312 --a------ C:\WINNT\choice.exe
2007-04-22 22:26 <DIR> d-------- C:\ie-spyad
2007-04-22 22:21 <DIR> d-------- C:\Program Files\SpywareGuard
2007-04-22 22:13 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-04-22 20:44 <DIR> d-------- C:\WINNT\system32\ActiveScan
2007-04-22 19:59 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
2007-04-22 19:58 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-22 19:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-22 18:50 60,928 --a------ C:\WINNT\system32\aochsz.dll
2007-04-21 10:17 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-20 07:01 2 --a------ C:\WINNT\system32\wnsapiicomsv32.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-23 08:48 -------- d-------- C:\Program Files\popup killer
2007-04-22 21:39 -------- d-------- C:\Program Files\winamp
2007-04-22 21:35 -------- d-------- C:\Program Files\quicktime
2007-04-22 21:29 -------- d-------- C:\Program Files\norton antivirus
2007-04-22 21:27 -------- d-------- C:\Program Files\messenger
2007-04-22 21:19 -------- d-------- C:\Program Files\google
2007-04-22 21:18 -------- d-------- C:\Program Files\dell aio printer a920
2007-04-22 19:19 -------- d-------- C:\Program Files\wildtangent
2007-04-22 19:15 -------- d-------- C:\Program Files\viewpoint
2007-04-21 21:18 -------- d--h----- C:\Program Files\installshield installation information
2007-04-19 12:24 -------- d-------- C:\Program Files\gerge
2007-04-14 15:10 -------- d-------- C:\DOCUME~1\Owner\APPLIC~1\u3
2007-03-28 17:32 -------- d-------- C:\Program Files\full tilt poker.net
2007-03-24 20:28 -------- d-------- C:\Program Files\partygaming
2007-03-17 08:43 292864 --a------ C:\WINNT\system32\winsrv.dll
2007-03-15 09:08 101438 --a------ C:\WINNT\b122.exe
2007-03-08 10:36 577536 --a------ C:\WINNT\system32\user32.dll
2007-03-08 10:36 40960 --a------ C:\WINNT\system32\mf3216.dll
2007-03-08 10:36 281600 --a------ C:\WINNT\system32\gdi32.dll
2007-03-08 08:47 1843584 --a------ C:\WINNT\system32\win32k.sys
2007-02-05 15:17 185344 --a------ C:\WINNT\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINNT\system32\uirlrffw.dll [x]
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll
{659CF94F-108F-6425-F24F-1AE33AE4FE9C} C:\WINNT\system32\aochsz.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll
{BDF3E430-B101-42AD-A544-FADC6B084872} C:\Program Files\Norton AntiVirus\NavShExt.dll
{CC46F77B-FD92-46AC-ADDF-8B4CE70E0EE7} C:\WINNT\system32\vklnwaim.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE"
"GWMDMMSG"="GWMDMMSG.exe"
"IgfxTray"="C:\\WINNT\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINNT\\System32\\hkcmd.exe"
"Keyboard Preload Check"="C:\\OEMDRVRS\\KEYB\\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:\"Keyboard Preload Check\""
"GWMDMpi"="C:\\WINNT\\GWMDMpi.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"PopUpKiller"="C:\\Program Files\\PopUp Killer\\PopUpKiller.EXE"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"Dell AIO Printer A920"="\"C:\\Program Files\\Dell AIO Printer A920\\dlbkbmgr.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Ltho"="\"C:\\WINNT\\DOBE~1\\dvdplay.exe\" -vt yazb"
"Pqdmwmrx"="C:\\WINNT\\?ystem\\n?pdb.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINNT\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\DVD\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM95\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ares"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Weather 3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="The Weather Channel"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\THEWEA~1\\The Weather Channel.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver Updater]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Updater"
"hkey"="HKLM"
"command"="C:\\Program Files\\iRiver\\iRiver Manager\\Updater\\Updater.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WebRebates0"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Web_Rebates\\WebRebates0.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\Norton AntiVirus - Scan my computer.job
C:\WINNT\tasks\Symantec NetDetect.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-23 08:56:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-23 8:57:19
C:\ComboFix-quarantined-files.txt ... 07-04-23 08:57
Attached Files
File Type: txt ComboFix.txt (9.8 KB, 0 views)
The Arto is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-23-2007, 09:28 AM   #6 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 20,048
OS: WinXP and Vista


Re: My DSS log
ComboFix should have deleted more than what I see it reporting. Disable Spyware Guard and please run ComboFix.exe again. After Combofix, run another scan with HijackThis.

Disable Spywareguard
  • Right click the running icon of Spywareguard in the system tray to open the program.
  • Then go to Menu, File, and choose Exit. It will automatically restart at next boot.
--------------------------------------------------------------------

Post the C:\ComboFix.txt here along with a new HijackThis log
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-23-2007, 11:25 AM   #7 (permalink)
Registered User
 
The Arto's Avatar
 
Join Date: Apr 2007
Posts: 27
OS: xp


Re: My DSS log
ok i'll do that now...i should also tell you. Outer info is back in my programs menu....i'll post my new combofix log shortly.
The Arto is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-23-2007, 11:35 AM   #8 (permalink)
Registered User
 
The Arto's Avatar
 
Join Date: Apr 2007
Posts: 27
OS: xp


Re: My DSS log
Here's my new combo scan...

"Owner" - 07-04-23 12:27:34 Service Pack 2
ComboFix 07-04-22.6V - Running from: "C:\Documents and Settings\Owner\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\WINNT\DOBE~1
C:\qoobox\purity\C\WINNT\MCROSO~1.NET
C:\qoobox\purity\C\WINNT\YSTEM~1
C:\qoobox\purity\C\WINNT\DOBE~1\dvdplay.exe
C:\qoobox\purity\C\WINNT\DOBE~1\?dobe
C:\qoobox\purity\C\WINNT\YSTEM~1\n?pdb.exe


((((((((((((((((((((((((((((((( Files Created from 2007-03-23 to 2007-04-23 ))))))))))))))))))))))))))))))))))


2007-04-23 08:57 49,152 --a------ C:\WINNT\nircmd.exe
2007-04-22 22:50 <DIR> d-------- C:\Deckard
2007-04-22 22:26 21,312 --a------ C:\WINNT\choice.exe
2007-04-22 22:26 <DIR> d-------- C:\ie-spyad
2007-04-22 22:21 <DIR> d-------- C:\Program Files\SpywareGuard
2007-04-22 22:13 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-04-22 20:44 <DIR> d-------- C:\WINNT\system32\ActiveScan
2007-04-22 19:59 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
2007-04-22 19:58 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-22 19:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-22 18:50 60,928 --a------ C:\WINNT\system32\aochsz.dll
2007-04-21 10:17 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-20 07:01 2 --a------ C:\WINNT\system32\wnsapiicomsv32.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-23 09:39 -------- d-------- C:\Program Files\popup killer
2007-04-22 21:39 -------- d-------- C:\Program Files\winamp
2007-04-22 21:35 -------- d-------- C:\Program Files\quicktime
2007-04-22 21:29 -------- d-------- C:\Program Files\norton antivirus
2007-04-22 21:27 -------- d-------- C:\Program Files\messenger
2007-04-22 21:19 -------- d-------- C:\Program Files\google
2007-04-22 21:18 -------- d-------- C:\Program Files\dell aio printer a920
2007-04-22 19:19 -------- d-------- C:\Program Files\wildtangent
2007-04-22 19:15 -------- d-------- C:\Program Files\viewpoint
2007-04-21 21:18 -------- d--h----- C:\Program Files\installshield installation information
2007-04-19 12:24 -------- d-------- C:\Program Files\gerge
2007-04-14 15:10 -------- d-------- C:\DOCUME~1\Owner\APPLIC~1\u3
2007-03-28 17:32 -------- d-------- C:\Program Files\full tilt poker.net
2007-03-24 20:28 -------- d-------- C:\Program Files\partygaming
2007-03-17 08:43 292864 --a------ C:\WINNT\system32\winsrv.dll
2007-03-15 09:08 101438 --a------ C:\WINNT\b122.exe
2007-03-08 10:36 577536 --a------ C:\WINNT\system32\user32.dll
2007-03-08 10:36 40960 --a------ C:\WINNT\system32\mf3216.dll
2007-03-08 10:36 281600 --a------ C:\WINNT\system32\gdi32.dll
2007-03-08 08:47 1843584 --a------ C:\WINNT\system32\win32k.sys
2007-02-05 15:17 185344 --a------ C:\WINNT\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINNT\system32\uirlrffw.dll [x]
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll
{659CF94F-108F-6425-F24F-1AE33AE4FE9C} C:\WINNT\system32\aochsz.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll
{BDF3E430-B101-42AD-A544-FADC6B084872} C:\Program Files\Norton AntiVirus\NavShExt.dll
{CC46F77B-FD92-46AC-ADDF-8B4CE70E0EE7} C:\WINNT\system32\vklnwaim.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE"
"GWMDMMSG"="GWMDMMSG.exe"
"IgfxTray"="C:\\WINNT\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINNT\\System32\\hkcmd.exe"
"Keyboard Preload Check"="C:\\OEMDRVRS\\KEYB\\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:\"Keyboard Preload Check\""
"GWMDMpi"="C:\\WINNT\\GWMDMpi.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"PopUpKiller"="C:\\Program Files\\PopUp Killer\\PopUpKiller.EXE"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"Dell AIO Printer A920"="\"C:\\Program Files\\Dell AIO Printer A920\\dlbkbmgr.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Ltho"="\"C:\\WINNT\\DOBE~1\\dvdplay.exe\" -vt yazb"
"Pqdmwmrx"="C:\\WINNT\\?ystem\\n?pdb.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINNT\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\DVD\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM95\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ares"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Weather 3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="The Weather Channel"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\THEWEA~1\\The Weather Channel.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver Updater]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Updater"
"hkey"="HKLM"
"command"="C:\\Program Files\\iRiver\\iRiver Manager\\Updater\\Updater.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WebRebates0"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Web_Rebates\\WebRebates0.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\Norton AntiVirus - Scan my computer.job
C:\WINNT\tasks\Symantec NetDetect.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-23 12:33:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-23 12:33:38
C:\ComboFix-quarantined-files.txt ... 07-04-23 12:33
The Arto is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-23-2007, 11:39 AM   #9 (permalink)
Registered User
 
The Arto's Avatar
 
Join Date: Apr 2007
Posts: 27
OS: xp


Re: My DSS log
And my new HijackThis scan....thanks for helping me so efficiently.

Logfile of HijackThis v1.99.1
Scan saved at 12:38:29 PM, on 4/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program