Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page General System Maintenance
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 08-10-2007, 10:24 PM   #1 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 35
OS: Microsoft XP Home Edition


General System Maintenance
Hey guys! i am running microsoft xp service pack 2 with all updates. i am also running norton internet security 2007 with full updates. attached is a deckard system scanner log and i just want someone to analyse my log for any potential problems both virus/spyware and hardware/software errors. All help and advice is much appreciated.

Deckard's System Scanner v20070809.63
Run by HP_Owner on 2007-08-11 at 14:12:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2007-08-11 04:13:00 UTC - RP696 - Deckard's System Scanner Restore Point
3: 2007-08-11 04:10:41 UTC - RP695 - Removed Wolfenstein 3D
2: 2007-08-11 04:07:42 UTC - RP694 - Safe Restore Point
1: 2007-08-11 04:07:09 UTC - RP693 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:57 PM, on 4/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Owner.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\HP_Owner\Application Data\Systweak\ASO 2\smstartUp manager.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/act...a/nprdtinf.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10801} (FlyLoader Class) - http://www.flyword.com/loaderword_win.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1146114578299
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1146448051375
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames...1.cab60096.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) - http://www.polyphonicringtonez.com/i...on_speaker.gif

--
End of file - 12519 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 BCMNTIO - c:\program files\checkit\diagnostics\bcmntio.sys
R2 MAPMEM - c:\program files\checkit\diagnostics\mapmem.sys
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 DCamUSBSQTECH (Dual-Mode DSC(2770)) - c:\windows\system32\drivers\sqcaptur.sys <Not Verified; Service & Quality Technology.; SQ913>
S3 gkmixern - c:\docume~1\hp_owner\locals~1\temp\gkmixern.sys (file missing)
S3 ovt519 (Eye Toy) - c:\windows\system32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519>
S3 RimUsb (BlackBerry Device) - c:\windows\system32\drivers\rimusb.sys (file missing)
S3 ssm_bus (Samsung Mobile USB Device II 1.0 driver (WDM)) - c:\windows\system32\drivers\ssm_bus.sys <Not Verified; MCCI; Samsung Mobile USB Device II 1.0>
S3 ssm_mdfl (Samsung Mobile USB Modem II 1.0 Filter) - c:\windows\system32\drivers\ssm_mdfl.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0 Filter Driver>
S3 ssm_mdm (Samsung Mobile USB Modem II 1.0 Drivers) - c:\windows\system32\drivers\ssm_mdm.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Belkin Wireless 54Mbps Desktop Adapter
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_70001799&REV_03\4&2E9A5DB2&0&18F0
Manufacturer: Broadcom
Name: Belkin Wireless 54Mbps Desktop Adapter
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_70001799&REV_03\4&2E9A5DB2&0&18F0
Service: BCM43XX


-- Scheduled Tasks -------------------------------------------------------------

2007-08-11 13:37:01 260 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2007-08-10 17:15:00 396 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2007-08-06 20:00:11 628 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Owner.job
2007-08-03 16:25:10 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-01-28 20:23:53 368 --a------ C:\WINDOWS\Tasks\XoftSpySE.job


-- Files created between 2007-07-11 and 2007-08-11 -----------------------------

2007-08-10 17:11:55 0 d-------- C:\WINDOWS\.jagex_cache_32
2007-08-07 18:31:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Corel
2007-08-07 18:30:39 88 -r-hs---- C:\WINDOWS\system32\646A91DDEB.sys
2007-08-07 18:30:38 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-07 18:30:26 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Corel
2007-08-07 18:25:16 0 d-------- C:\Program Files\Corel
2007-08-06 19:51:10 0 d-------- C:\Program Files\Windows Live Favorites
2007-08-05 18:53:25 0 d-------- C:\Program Files\Air Guard Trial
2007-08-05 10:18:35 0 d-------- C:\Program Files\Wolfenstein 3D
2007-08-04 22:48:52 0 d-------- C:\Program Files\HJT
2007-08-04 17:18:29 0 d-------- C:\Program Files\Trend Micro
2007-08-04 15:35:15 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Uniblue
2007-08-04 1508 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\LimeWire
2007-08-04 13:40:40 0 d-------- C:\Program Files\CloneDVD
2007-08-04 11:01:12 9961472 --a------ C:\Documents and Settings\HP_Owner\ntuser.dat
2007-08-04 11:01:11 1122304 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-08-04 11:01:09 499712 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2007-08-04 10:54:37 17505 -----n--- C:\WINDOWS\hpomdl07.dat
2007-08-04 10:54:37 102199 --a------ C:\WINDOWS\hpoins05.dat
2007-08-03 20:00:30 0 d-------- C:\Program Files\Guitar Pro 5
2007-08-01 18:04:39 42723 --a------ C:\WINDOWS\wilx44i.dll <Not Verified; Wilson WindowWare, Inc.; WIL WILX Extender DLL>
2007-08-01 18:04:39 371581 --a------ C:\WINDOWS\WBDED44I.DLL <Not Verified; Wilson WindowWare, Inc.; WIL DLL>
2007-08-01 16:21:18 0 d-------- C:\Program Files\uTorrent
2007-07-30 19:44:43 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\WinRAR
2007-07-30 18:39:17 0 d-------- C:\Program Files\LimeWire
2007-07-29 14:48:16 0 d-------- C:\Program Files\Marble Blast Gold Demo
2007-07-28 09:51:51 0 d-------- C:\Documents and Settings\LocalService\Desktop
2007-07-27 09:03:48 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-07-27 09:03:38 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-07-27 09:03:38 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-27 09:03:38 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-27 09:03:38 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-27 09:03:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-17 18:50:00 8816 --a------ C:\dnsbak.reg
2007-07-16 19:52:45 0 d-------- C:\Program Files\Norton Internet Security
2007-07-16 19:50:33 0 d-------- C:\Program Files\Symantec
2007-07-16 17:53:30 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\PEX
2007-07-16 17:40:56 0 d-------- C:\WINDOWS\rnapxs
2007-07-16 17:40:55 0 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure


-- Find3M Report ---------------------------------------------------------------

2007-08-11 14:13:57 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-09 21:08:00 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\uTorrent
2007-08-09 17:56:35 0 d-------- C:\Program Files\XoftSpySE
2007-08-07 21:07:07 0 d-------- C:\Program Files\Common Files
2007-08-06 21:03:23 0 d-------- C:\Program Files\MSN Messenger
2007-08-06 19:51:25 0 d-------- C:\Program Files\Windows Live Toolbar
2007-08-04 13:42:04 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Vso
2007-08-04 13:42:04 34 --a------ C:\Documents and Settings\HP_Owner\Application Data\pcouffin.log
2007-08-04 13:40:46 47360 --a------ C:\Documents and Settings\HP_Owner\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-08-04 13:40:46 1144 --a------ C:\Documents and Settings\HP_Owner\Application Data\pcouffin.inf
2007-08-04 13:40:46 7176 --a------ C:\Documents and Settings\HP_Owner\Application Data\pcouffin.cat
2007-08-04 13:40:46 81920 --a------ C:\Documents and Settings\HP_Owner\Application Data\ezpinst.exe
2007-08-04 11:01:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 16:27:08 0 d-------- C:\Program Files\iTunes
2007-08-03 16:27:00 0 d-------- C:\Program Files\iPod
2007-08-03 16:25:06 0 d-------- C:\Program Files\Apple Software Update
2007-08-02 18:01:43 0 d-------- C:\Program Files\Java
2007-08-01 07:42:24 0 d-------- C:\Program Files\DivX
2007-07-27 0922 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-27 09:03:48 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-07-22 1905 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2007-07-20 18:19:53 0 d-------- C:\Program Files\Google
2007-07-13 10:47:35 0 d-------- C:\Program Files\QuickTime
2007-07-04 11:40:37 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\VersionTracker Pro
2007-07-04 1120 0 d-------- C:\Program Files\TechTracker
2007-07-04 11:03:06 0 d-------- C:\Program Files\eRightSoft
2007-07-02 19:19:30 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2007-06-30 15:57:07 0 d-------- C:\Program Files\Common Files\Apple
2007-06-17 16:18:43 0 d-------- C:\Program Files\Common Files\Adobe
2007-06-12 18:21:02 0 d-------- C:\Program Files\Lavasoft
2007-06-12 18:20:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-11 11:01:28 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-05-29 17:31:35 4 --a------ C:\WINDOWSRegDefrag.dat
2007-05-26 17:49:14 15895 --a----c- C:\WINDOWS\mozver.dat
2007-05-24 13:55:07 164 --a------ C:\install.dat
2007-05-17 17:30:48 318976 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2007-05-14 15:24:30 394240 --a------ C:\WINDOWS\system32\Smab.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/03/2007 04:43 PM]
"ISUSScheduler"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [13/04/2004 06:07 AM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/01/2005 01:54 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [16/02/2005 11:11 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [17/04/2004 12:41 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [24/06/2004 09:10 PM]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [07/06/2004 08:44 PM]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [07/08/2007 03:06 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [15/03/2007 01:10 PM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [08/02/2007 08:39 AM]
"AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe" [25/08/2004 09:08 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 10:00 PM]
"Startup Manager"="C:\Documents and Settings\HP_Owner\Application Data\Systweak\ASO 2\smstartUp manager.exe" []

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [20/10/2005 12:04:08 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideClock"=0 (0x0)
"NoManageMyComputerVerb"=0 (0x0)
"NoLowDiskSpaceChecks"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"StartmenuLogoff"=0 (0x0)
"NoStartMenuSubFolders"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoPrinterTabs"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoPrinters"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoShellSearchButton"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoThemesTab"=0 (0x0)
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C060D52F-8801-BA73-13B9-4C92B499D543}]
C:\WINDOWS\system32\svchost64.exe s



-- End of Deckard's System Scanner: finished at 2007-08-11 at 14:15:21 ---------
Attached Files
File Type: txt extra.txt (21.8 KB, 2 views)
morodashortass is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 08-11-2007, 07:38 PM   #2 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 35
OS: Microsoft XP Home Edition


Re: General System Maintenance
hey guys! also since posting this thread i have found the file soft.exe in the following directory

C:/WINDOWS/soft.exe

i have read on several anti virus sights that this is linked to what symantec calls trojan.admincash.

So as well as analysing my log, could someone plz give me more information on this issue

thnx in advance.
morodashortass is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-12-2007, 05:17 PM   #3 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,158
OS: 2000 Pro; XP Pro; XP Home


Re: General System Maintenance
The file name as such could be trojan.admincash/bube, but that location is not the usual location for that file. The usual location is %System%, which on your OS is System32

Please go to: VirusTotal
  • On the page you'll find a "Browse" button.
  • Next to the browse button you'll see a box to enter text.
  • Please copy/paste the following in BOLD:

    C:\Windows\soft.exe

  • Then click the "Send File " button just below.
  • This will scan the file. Please be patient.
  • Once scanned, copy and paste the results in your next reply.

Additionally, please do this:
  1. Download combofix.exe to your desktop.
  2. Double click on combofix.exe & follow the prompts.
  3. When finished, it shall produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
Last edited by tetonbob; 08-12-2007 at 05:19 PM.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-13-2007, 01:18 AM   #4 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 35
OS: Microsoft XP Home Edition


Re: General System Maintenance
Hey man i followed your instructions to upload file to virustotal.com and received the following message.

0 bytes size received / Se ha recibido un archivo vacio

Upon actually viewing the properties of the file shows it is zero bytes. I am also about to run combofix and see what it turns up.

thnx for all ur help and plz also tell me of any issues in my deckard system scanner logs, both virus/malware and hardware/software related.

thnx very much
morodashortass is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-13-2007, 01:30 AM   #5 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 35
OS: Microsoft XP Home Edition


Re: General System Maintenance
hey man!

here are the results of my combofix scan:

ComboFix 07-08-13.3 - "HP_Owner" 2007-08-13 17:19:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.212 [GMT 10:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\_000034_.tmp.dll
D:\Autorun.inf


((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 )))))))))))))))))))))))))))))))


2007-08-12 13:36 <DIR> d-------- C:\Program Files\3DGroove
2007-08-12 11:45 <DIR> d-------- C:\Program Files\Sophos
2007-08-11 20:02 <DIR> d-------- C:\Program Files\Sega
2007-08-11 17:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
2007-08-10 17:11 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-08-07 18:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
2007-08-07 18:30 88 -r-hs---- C:\WINDOWS\system32\646A91DDEB.sys
2007-08-07 18:30 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-07 18:30 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Corel
2007-08-07 18:25 <DIR> d-------- C:\Program Files\Corel
2007-08-05 18:53 <DIR> d-------- C:\Program Files\Air Guard Trial
2007-08-05 10:18 <DIR> d-------- C:\Program Files\Wolfenstein 3D
2007-08-04 22:48 <DIR> d-------- C:\Program Files\HJT
2007-08-04 20:02 <DIR> d-------- C:\Deckard
2007-08-04 17:18 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-04 15:35 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Uniblue
2007-08-04 15:06 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\LimeWire
2007-08-04 13:40 <DIR> d-------- C:\Program Files\CloneDVD
2007-08-04 11:01 9,961,472 --a------ C:\DOCUME~1\HP_Owner\ntuser.dat
2007-08-04 11:01 499,712 --a------ C:\WINDOWS\RtlExUpd.dll
2007-08-04 11:01 1,122,304 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
2007-08-04 10:54 17,505 --------- C:\WINDOWS\hpomdl07.dat
2007-08-04 10:54 102,199 --a------ C:\WINDOWS\hpoins05.dat
2007-08-03 20:00 <DIR> d-------- C:\Program Files\Guitar Pro 5
2007-08-01 18:04 42,723 --a------ C:\WINDOWS\wilx44i.dll
2007-08-01 18:04 371,581 --a------ C:\WINDOWS\WBDED44I.DLL
2007-08-01 16:21 <DIR> d-------- C:\Program Files\uTorrent
2007-07-30 19:44 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\WinRAR
2007-07-30 18:39 <DIR> d-------- C:\Program Files\LimeWire
2007-07-29 14:48 <DIR> d-------- C:\Program Files\Marble Blast Gold Demo
2007-07-27 09:06 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-27 09:06 144,704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-27 09:03 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-27 09:03 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-27 09:03 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-27 09:03 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-27 09:03 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-27 09:03 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-27 09:03 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-27 09:03 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-27 09:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-17 18:50 8,816 --a------ C:\dnsbak.reg
2007-07-16 19:52 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-07-16 19:51 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-07-16 19:51 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-07-16 19:50 <DIR> d-------- C:\Program Files\Symantec
2007-07-16 17:53 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\PEX
2007-07-16 17:40 <DIR> d-------- C:\WINDOWS\rnapxs
2007-07-16 17:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-13 16:19 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-12 16:23 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\uTorrent
2007-08-11 10:41 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-11 10:41 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-09 17:56 --------- d-------- C:\Program Files\XoftSpySE
2007-08-06 21:03 --------- d-------- C:\Program Files\MSN Messenger
2007-08-06 19:51 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-08-04 13:42 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Vso
2007-08-04 13:40 81920 --a------ C:\DOCUME~1\HP_Owner\APPLIC~1\ezpinst.exe
2007-08-04 13:40 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-08-04 13:40 47360 --a------ C:\DOCUME~1\HP_Owner\APPLIC~1\pcouffin.sys
2007-08-04 11:01 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 16:27 --------- d-------- C:\Program Files\iTunes
2007-08-03 16:27 --------- d-------- C:\Program Files\iPod
2007-08-03 16:25 --------- d-------- C:\Program Files\Apple Software Update
2007-08-01 07:42 --------- d-------- C:\Program Files\DivX
2007-07-27 09:06 43528 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-27 09:06 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-27 09:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-27 09:06 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-27 09:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-27 09:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-27 09:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-27 09:03 81920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-27 09:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-27 09:03 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-27 09:03 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-22 19:06 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Apple Computer
2007-07-20 18:19 --------- d-------- C:\Program Files\Google
2007-07-16 19:55 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-07-16 19:55 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-07-13 10:47 --------- d-------- C:\Program Files\QuickTime
2007-07-04 11:40 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\VersionTracker Pro
2007-07-04 11:06 --------- d-------- C:\Program Files\TechTracker
2007-07-04 11:03 --------- d-------- C:\Program Files\eRightSoft
2007-07-02 19:19 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\AdobeUM
2007-06-30 15:57 --------- d-------- C:\Program Files\Common Files\Apple
2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe
2007-05-17 17:30 318976 --a------ C:\WINDOWS\system32\avisynth.dll
2007-05-17 01:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-17 01:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-17 01:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-17 01:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-17 01:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-17 01:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-14 15:24 394240 --a------ C:\WINDOWS\system32\Smab.dll
2006-05-03 0954 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-09 16:43]
"ISUSScheduler"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-04-13 06:07]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 13:54]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 21:10]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 20:44]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-08-07 03:06]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-15 13:10]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-02-08 08:39]
"AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe" [2004-08-25 21:08]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00]
"Startup Manager"="C:\Documents and Settings\HP_Owner\Application Data\Systweak\ASO 2\smstartUp manager.exe" []

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideClock"=0 (0x0)
"NoManageMyComputerVerb"=0 (0x0)
"NoLowDiskSpaceChecks"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"StartmenuLogoff"=0 (0x0)
"NoStartMenuSubFolders"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoPrinterTabs"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoPrinters"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoShellSearchButton"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoThemesTab"=0 (0x0)
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R2 BCMNTIO;BCMNTIO;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
R2 MAPMEM;MAPMEM;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
S3 gkmixern;gkmixern;\??\C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\gkmixern.sys
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\system32\76.tmp
S3 ovt519;Eye Toy;C:\WINDOWS\system32\Drivers\ov519vid.sys
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys
S3 ssm_bus;Samsung Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
S3 ssm_mdfl;Samsung Mobile USB Modem II 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
S3 ssm_mdm;Samsung Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C060D52F-8801-BA73-13B9-4C92B499D543}]
C:\WINDOWS\system32\svchost64.exe s

Contents of the 'Scheduled Tasks' folder
2007-08-10 07:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
2007-08-13 06:42:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-13 06:37:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
2007-08-06 10:00:11 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Owner.job - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
2007-01-28 10:23:53 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-13 17:25:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-13 17:28:17 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-13 17:28

--- E O F ---
morodashortass is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-13-2007, 09:43 AM   #6 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,158
OS: 2000 Pro; XP Pro; XP Home


Re: General System Maintenance
Open notepad and copy/paste the text in the quotebox below into it:

Quote:
http://www.techsupportforum.com/security-center/hijackthis-log-help/173558-general-system-maintenance.html

File::
C:\WINDOWS\system32\svchost64.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C060D52F-8801-BA73-13B9-4C92B499D543}]

Suspect::[28]
C:\Windows\soft.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\gkmixern.sys
Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

---------------------------------------------------------------------------------------------

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the licence, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-14-2007, 02:53 AM   #7 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 35
OS: Microsoft XP Home Edition


Re: General System Maintenance
hey man i have submitted the combofix.exe thing onlin as instructed i am about to begin a full system scan with kaspersky online scanner. upon completion of this i will also post a fresh hjt log.
morodashortass is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-14-2007, 05:23 AM   #8 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 35
OS: Microsoft XP Home Edition


Re: General System Maintenance
Hey man! Here are the results to my kaspersky online scan followed by my new HJT log:
KASPERSKY ONLINE SCANNER REPORT
Tuesday, August 14, 2007 9:22:26 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 14/08/2007
Kaspersky Anti-Virus database records: 379854


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
G:\
H:\
I:\
J:\
L:\

Scan Statistics
Total number of scanned objects 120930
Number of viruses found 2
Number of infected objects 2
Number of suspicious objects 0
Duration of the scan process 02:25:23

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-08-14_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\9DCF3545.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\B6828089.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped

C:\Documents and Settings\HP_Owner\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Temp\ExchangePerflog_8484fa3161523e94cfcccd43.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\My Documents\Anthony's Work and Stuff\Anthony's Other Stuff\Programs\dss.exe Infected: IM-Worm.Win32.Sohanad.aw skipped

C:\Documents and Settings\HP_Owner\ntuser.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped

C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\Bonus\Log\Shazam.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP699\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{C47657AE-5679-40BB-BE63-1F4F8693E5CF}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Cookies\index.dat Object is locked skipped

C:\WINDOWS\Temp\History\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP699\change.log Object is locked skipped

Scan process completed.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:31 PM, on 14/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\HP_Owner\Application Data\Systweak\ASO 2\smstartUp manager.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/act...a/nprdtinf.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10801} (FlyLoader Class) - http://www.flyword.com/loaderword_win.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1146114578299
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1146448051375
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames...1.cab60096.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://www.shockwave.com/content/big...GamePlayer.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) - http://www.polyphonicringtonez.com/i...on_speaker.gif

--
End of file - 12846 bytes
morodashortass is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-14-2007, 08:55 AM   #9 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,158
OS: 2000 Pro; XP Pro; XP Home


Re: General System Maintenance
Please post ComboFix's log, it's C:\ComboFix.txt
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-15-2007, 12:19 AM   #10 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 35
OS: Microsoft XP Home Edition


Re: General System Maintenance
here is the combofix log:

ComboFix 07-08-14.4 - "HP_Owner" 2007-08-15 16:11:46.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.151 [GMT 10:00]


((((((((((((((((((((((((( Files Created from 2007-07-15 to 2007-08-15 )))))))))))))))))))))))))))))))


2007-08-14 18:17 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-14 18:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-13 20:06 <DIR> d-------- C:\Program Files\GLtron
2007-08-12 13:36 <DIR> d-------- C:\Program Files\3DGroove
2007-08-12 11:45 <DIR> d-------- C:\Program Files\Sophos
2007-08-11 20:02 <DIR> d-------- C:\Program Files\Sega
2007-08-11 17:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
2007-08-10 17:11 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-08-07 18:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
2007-08-07 18:30 88 -r-hs---- C:\WINDOWS\system32\646A91DDEB.sys
2007-08-07 18:30 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-07 18:30 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Corel
2007-08-07 18:25 <DIR> d-------- C:\Program Files\Corel
2007-08-05 18:53 <DIR> d-------- C:\Program Files\Air Guard Trial
2007-08-05 10:18 <DIR> d-------- C:\Program Files\Wolfenstein 3D
2007-08-04 22:48 <DIR> d-------- C:\Program Files\HJT
2007-08-04 20:02 <DIR> d-------- C:\Deckard
2007-08-04 17:18 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-04 15:35 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Uniblue
2007-08-04 15:06 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\LimeWire
2007-08-04 13:40 <DIR> d-------- C:\Program Files\CloneDVD
2007-08-04 11:01 9,961,472 --a------ C:\DOCUME~1\HP_Owner\ntuser.dat
2007-08-04 11:01 499,712 --a------ C:\WINDOWS\RtlExUpd.dll
2007-08-04 11:01 1,122,304 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
2007-08-04 10:54 17,505 --------- C:\WINDOWS\hpomdl07.dat
2007-08-04 10:54 102,199 --a------ C:\WINDOWS\hpoins05.dat
2007-08-03 20:00 <DIR> d-------- C:\Program Files\Guitar Pro 5
2007-08-01 18:04 42,723 --a------ C:\WINDOWS\wilx44i.dll
2007-08-01 18:04 371,581 --a------ C:\WINDOWS\WBDED44I.DLL
2007-08-01 16:21 <DIR> d-------- C:\Program Files\uTorrent
2007-07-30 19:44 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\WinRAR
2007-07-30 18:39 <DIR> d-------- C:\Program Files\LimeWire
2007-07-29 14:48 <DIR> d-------- C:\Program Files\Marble Blast Gold Demo
2007-07-27 09:06 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-27 09:06 144,704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-27 09:03 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-27 09:03 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-27 09:03 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-27 09:03 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-27 09:03 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-27 09:03 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-27 09:03 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-27 09:03 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-27 09:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-17 18:50 8,816 --a------ C:\dnsbak.reg
2007-07-16 19:52 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-07-16 19:51 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-07-16 19:51 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-07-16 19:50 <DIR> d-------- C:\Program Files\Symantec
2007-07-16 17:53 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\PEX
2007-07-16 17:40 <DIR> d-------- C:\WINDOWS\rnapxs
2007-07-16 17:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-15 16:09 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-13 20:32 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\uTorrent
2007-08-11 10:41 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-11 10:41 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-09 17:56 --------- d-------- C:\Program Files\XoftSpySE
2007-08-06 21:03 --------- d-------- C:\Program Files\MSN Messenger
2007-08-06 19:51 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-08-04 13:42 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Vso
2007-08-04 13:40 81920 --a------ C:\DOCUME~1\HP_Owner\APPLIC~1\ezpinst.exe
2007-08-04 13:40 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-08-04 13:40 47360 --a------ C:\DOCUME~1\HP_Owner\APPLIC~1\pcouffin.sys
2007-08-04 11:01 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 16:27 --------- d-------- C:\Program Files\iTunes
2007-08-03 16:27 --------- d-------- C:\Program Files\iPod
2007-08-03 16:25 --------- d-------- C:\Program Files\Apple Software Update
2007-08-01 07:42 --------- d-------- C:\Program Files\DivX
2007-07-27 09:06 43528 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-27 09:06 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-27 09:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-27 09:06 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-27 09:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-27 09:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-27 09:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-27 09:03 81920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-27 09:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-27 09:03 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-27 09:03 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-22 19:06 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Apple Computer
2007-07-20 18:19 --------- d-------- C:\Program Files\Google
2007-07-16 19:55 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-07-16 19:55 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-07-13 10:47 --------- d-------- C:\Program Files\QuickTime
2007-07-04 11:40 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\VersionTracker Pro
2007-07-04 11:06 --------- d-------- C:\Program Files\TechTracker
2007-07-04 11:03 --------- d-------- C:\Program Files\eRightSoft
2007-07-02 19:19 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\AdobeUM
2007-06-30 15:57 --------- d-------- C:\Program Files\Common Files\Apple
2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe
2007-05-17 17:30 318976 --a------ C:\WINDOWS\system32\avisynth.dll
2007-05-17 01:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-17 01:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-17 01:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-17 01:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-17 01:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-17 01:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2006-05-03 0954 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-09 16:43]
"ISUSScheduler"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-04-13 06:07]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 13:54]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 21:10]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 20:44]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-08-07 03:06]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-15 13:10]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-02-08 08:39]
"AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe" [2004-08-25 21:08]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00]
"Startup Manager"="C:\Documents and Settings\HP_Owner\Application Data\Systweak\ASO 2\smstartUp manager.exe" []

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideClock"=0 (0x0)
"NoManageMyComputerVerb"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"StartmenuLogoff"=0 (0x0)
"NoStartMenuSubFolders"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoPrinterTabs"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoPrinters"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoShellSearchButton"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoThemesTab"=0 (0x0)
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R2 BCMNTIO;BCMNTIO;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
R2 MAPMEM;MAPMEM;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
S3 gkmixern;gkmixern;\??\C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\gkmixern.sys
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\system32\76.tmp
S3 ovt519;Eye Toy;C:\WINDOWS\system32\Drivers\ov519vid.sys
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys
S3 ssm_bus;Samsung Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
S3 ssm_mdfl;Samsung Mobile USB Modem II 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
S3 ssm_mdm;Samsung Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys

*Newly Created Service* - COMHOST
*Newly Created Service* - ERASERUTILDRV10730

Contents of the 'Scheduled Tasks' folder
2007-08-10 07:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
2007-08-13 06:42:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-14 10:37:04 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
2007-08-13 10:00:20 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Owner.job - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
2007-01-28 10:23:53 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-15 16:16:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-15 16:17:25
C:\ComboFix-quarantined-files.txt ... 2007-08-15 16:17
C:\ComboFix2.txt ... 2007-08-14 18:50
C:\ComboFix3.txt ... 2007-08-13 17:28

--- E O F ---
morodashortass is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-15-2007, 01:29 AM   #11 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 35
OS: Microsoft XP Home Edition


Re: General System Maintenance
hey man i am also receiving reports from xoftspy se (fully updated) that i have entries of win antivirus pro 2006 and 2007 presently on my system. I remove them but after i restart and scan again they have returned. Attached is a screen shot showing the results of the xoftspy se scan.

Note: hit the zoom in button twice when preview the image and it will become clear.
Attached Files
File Type: doc xoftspyscanresults.doc (223.0 KB, 7 views)
morodashortass is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-15-2007, 06:11 AM   #12 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,158
OS: 2000 Pro; XP Pro; XP Home


Re: General System Maintenance
Apparently, rather than just post the log which was already created, you've run ComboFix again.

Now the log I want to see is C:\Combofix2.txt

I don't really care for Xoftspy too much. It's not very helpful if it can't remove what it finds. Though it no longer is listed, it was once on the Rogueware list for false positives.

Rather than a screenshot, can you export a log of what it's found?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-16-2007, 03:55 AM   #13 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 35
OS: Microsoft XP Home Edition


Re: General System Maintenance
here is combofix2.txt:

ComboFix 07-08-14.4 - "HP_Owner" 2007-08-14 18:46:04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.168 [GMT 10:00]
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\svchost64.exe


((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))


2007-08-14 18:17 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-14 18:17 <DIR> d-------- C:\WINDOWS\LastGood
2007-08-14 18:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-13 20:06 <DIR> d-------- C:\Program Files\GLtron
2007-08-12 13:36 <DIR> d-------- C:\Program Files\3DGroove
2007-08-12 11:45 <DIR> d-------- C:\Program Files\Sophos
2007-08-11 20:02 <DIR> d-------- C:\Program Files\Sega
2007-08-11 17:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
2007-08-10 17:11 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-08-07 18:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
2007-08-07 18:30 88 -r-hs---- C:\WINDOWS\system32\646A91DDEB.sys
2007-08-07 18:30 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-07 18:30 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Corel
2007-08-07 18:25 <DIR> d-------- C:\Program Files\Corel
2007-08-05 18:53 <DIR> d-------- C:\Program Files\Air Guard Trial
2007-08-05 10:18 <DIR> d-------- C:\Program Files\Wolfenstein 3D
2007-08-04 22:48 <DIR> d-------- C:\Program Files\HJT
2007-08-04 20:02 <DIR> d-------- C:\Deckard
2007-08-04 17:18 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-04 15:35 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Uniblue
2007-08-04 15:06 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\LimeWire
2007-08-04 13:40 <DIR> d-------- C:\Program Files\CloneDVD
2007-08-04 11:01 9,961,472 --a------ C:\DOCUME~1\HP_Owner\ntuser.dat
2007-08-04 11:01 499,712 --a------ C:\WINDOWS\RtlExUpd.dll
2007-08-04 11:01 1,122,304 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
2007-08-04 10:54 17,505 --------- C:\WINDOWS\hpomdl07.dat
2007-08-04 10:54 102,199 --a------ C:\WINDOWS\hpoins05.dat
2007-08-03 20:00 <DIR> d-------- C:\Program Files\Guitar Pro 5
2007-08-01 18:04 42,723 --a------ C:\WINDOWS\wilx44i.dll
2007-08-01 18:04 371,581 --a------ C:\WINDOWS\WBDED44I.DLL
2007-08-01 16:21 <DIR> d-------- C:\Program Files\uTorrent
2007-07-30 19:44 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\WinRAR
2007-07-30 18:39 <DIR> d-------- C:\Program Files\LimeWire
2007-07-29 14:48 <DIR> d-------- C:\Program Files\Marble Blast Gold Demo
2007-07-27 09:06 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-27 09:06 144,704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-27 09:03 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-27 09:03 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-27 09:03 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-27 09:03 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-27 09:03 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-27 09:03 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-27 09:03 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-27 09:03 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-27 09:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-17 18:50 8,816 --a------ C:\dnsbak.reg
2007-07-16 19:52 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-07-16 19:51 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-07-16 19:51 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-07-16 19:50 <DIR> d-------- C:\Program Files\Symantec
2007-07-16 17:53 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\PEX
2007-07-16 17:40 <DIR> d-------- C:\WINDOWS\rnapxs
2007-07-16 17:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-14 16:08 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-13 20:32 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\uTorrent
2007-08-11 10:41 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-11 10:41 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-09 17:56 --------- d-------- C:\Program Files\XoftSpySE
2007-08-06 21:03 --------- d-------- C:\Program Files\MSN Messenger
2007-08-06 19:51 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-08-04 13:42 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Vso
2007-08-04 13:40 81920 --a------ C:\DOCUME~1\HP_Owner\APPLIC~1\ezpinst.exe
2007-08-04 13:40 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-08-04 13:40 47360 --a------ C:\DOCUME~1\HP_Owner\APPLIC~1\pcouffin.sys
2007-08-04 11:01 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 16:27 --------- d-------- C:\Program Files\iTunes
2007-08-03 16:27 --------- d-------- C:\Program Files\iPod
2007-08-03 16:25 --------- d-------- C:\Program Files\Apple Software Update
2007-08-01 07:42 --------- d-------- C:\Program Files\DivX
2007-07-27 09:06 43528 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-27 09:06 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-27 09:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-27 09:06 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-27 09:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-27 09:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-27 09:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-27 09:03 81920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-27 09:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-27 09:03 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-27 09:03 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-22 19:06 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Apple Computer
2007-07-20 18:19 --------- d-------- C:\Program Files\Google
2007-07-16 19:55 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-07-16 19:55 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-07-13 10:47 --------- d-------- C:\Program Files\QuickTime
2007-07-04 11:40 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\VersionTracker Pro
2007-07-04 11:06 --------- d-------- C:\Program Files\TechTracker
2007-07-04 11:03 --------- d-------- C:\Program Files\eRightSoft
2007-07-02 19:19 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\AdobeUM
2007-06-30 15:57 --------- d-------- C:\Program Files\Common Files\Apple
2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe
2007-05-17 17:30 318976 --a------ C:\WINDOWS\system32\avisynth.dll
2007-05-17 01:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-17 01:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-17 01:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-17 01:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-17 01:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-17 01:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-14 15:24 394240 --a------ C:\WINDOWS\system32\Smab.dll
2006-05-03 0954 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-09 16:43]
"ISUSScheduler"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-04-13 06:07]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 13:54]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 21:10]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 20:44]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-08-07 03:06]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-15 13:10]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-02-08 08:39]
"AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe" [2004-08-25 21:08]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00]
"Startup Manager"="C:\Documents and Settings\HP_Owner\Application Data\Systweak\ASO 2\smstartUp manager.exe" []

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideClock"=0 (0x0)
"NoManageMyComputerVerb"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"StartmenuLogoff"=0 (0x0)
"NoStartMenuSubFolders"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoPrinterTabs"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoPrinters"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoShellSearchButton"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoThemesTab"=0 (0x0)
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R2 BCMNTIO;BCMNTIO;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
R2 MAPMEM;MAPMEM;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
S3 gkmixern;gkmixern;\??\C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\gkmixern.sys
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\system32\76.tmp
S3 ovt519;Eye Toy;C:\WINDOWS\system32\Drivers\ov519vid.sys
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys
S3 ssm_bus;Samsung Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
S3 ssm_mdfl;Samsung Mobile USB Modem II 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
S3 ssm_mdm;Samsung Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-08-10 07:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
2007-08-13 06:42:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-14 08:37:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
2007-08-13 10:00:20 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Owner.job - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
2007-01-28 10:23:53 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-14 18:49:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-14 18:50:32
C:\ComboFix-quarantined-files.txt ... 2007-08-14 18:50
C:\ComboFix2.txt ... 2007-08-13 17:28

--- E O F ---
morodashortass is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-16-2007, 03:57 AM   #14 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 35
OS: Microsoft XP Home Edition


Re: General System Maintenance
as for xoftspy, i don't believe i can export the results as a log. i just thought i would inform you of what it had found as a bit of a heads up.
morodashortass is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-16-2007, 09:23 AM   #15 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,158
OS: 2000 Pro; XP Pro; XP Home


Re: General System Maintenance
From the XoftSpy user guide:
Quote:
XoftSpySE keeps a log of each scan it completes. The log contains information on when the last scan was performed; the settings; folders and files scanned; and the results. All logs are saved in the C:\Program Files\XoftSpySE\Logs\ folder by default. No personal information is saved in the log.
As I indicated earlier, Xoftspy had a track record of false positives, and I don't care much for it. I'd rather use a program I'm familiar with and trust to see if there are any stragglers in the registry, but really, if those exist, they are just orphans....no active infection.

Download AVG Anti Spyware
  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the main Status screen, under Your Computer's Security, click Resident Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Do Not Automatically generate report after every scan"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Restart in normal mode.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-19-2007, 01:06 AM   #16 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 35
OS: Microsoft XP Home Edition


Re: General System Maintenance
hey man sorry ive taken so long! Here is a avg-anti spyware scan and a fresh hjt log:

AVG anti-spyware log name: Report-Scan-20070819-165538.txt
the only thing the scan detected was 3 instances of adware.generic.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:55:38 PM 19/08/2007

+ Scan result:



HKU\S-1-5-21-1709047393-3541363426-602437967-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -> Adware.Generic : No action taken.

HKU\S-1-5-21-1709047393-3541363426-602437967-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -> Adware.Generic : No action taken.

HKU\S-1-5-21-1709047393-3541363426-602437967-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : No action taken.


::Report end


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:01 PM, on 19/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\iPod\bin\iPodService.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\HP_Owner\Application Data\Systweak\ASO 2\smstartUp manager.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/act...a/nprdtinf.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10801} (FlyLoader Class) - http://www.flyword.com/loaderword_win.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1146114578299
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1146448051375
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames...1.cab60096.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://www.shockwave.com/content/big...GamePlayer.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) - http://www.polyphonicringtonez.com/i...on_speaker.gif

--
End of file - 12841 bytes
morodashortass is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-19-2007, 09:17 AM   #17 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,158
OS: 2000 Pro; XP Pro; XP Home


Re: General System Maintenance
If you saved the AVG Anti-Spyware log before applying all actions, this log would not be accurate. If you did not apply actions, then the items would still remain. That said, they are orphaned registry items, and can be removed in your next weekly scan.

I'm not seeing any active malware in these logs.

C:\Windows\soft.exe is a 0 byte file, and can be deleted.

Your logs appear clean.You should be good to go. We still have a few items to address.

C:\QooBox\ is ComboFix's quarantine folder. You can safely delete it

Please also delete ComboFix.exe

C:\System Volume Information\ is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be reseting/clearing the cache in a little while.


Reset hidden/system files and folders
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide file extensions for known types option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

Clear & Reset System Restore's Cache
  • click Start >> Run - type SYSDM.CPL & press Enter
  • select the System Restore Tab
  • tick on the checkbox - "Turn off System Restore on all drives"
  • click Apply
  • then untick the same checkbox & click OK


Enable Windows Auto Update
  • Go to Start>Run - type wuaucpl.cpl
  • tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
  • Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs if you don't have them already:
  • SpywareBlaster to help prevent spyware from installing in the first place.
    • Install & update SpywareBlaster with the latest definitions.
      After you have updated, click the button - enable protection for all unprotected items
  • SpywareGuard to catch and block spyware before it can execute.
  • SPYBOT - SEARCH & DESTROY
    Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
  • IE-SPYAD - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • Download IE-SpyAD - Extract the contents to a new folder
      From within the folder, double-click install.bat
      Select Option #2 - Install the new IE-SPYAD list.
      Then return to the main menu.
      Select option #4 - Add the old porn sites domain

  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
    • Download Host.zip to your desktop.
    • From your Desktop right-click (hosts.zip) and select:
      Extract All from the menu.
    • Click Next, click Next, select the option:
      "Show Extracted files", click Finish
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.


  • ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    Here are a few very good free Antivirus products which are available:Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.
    See this link for a listing of some online antivirus scanners:

    Anti-Spyware Tutorial
  • FIREWALL
    If you do not have a firewall, here are a couple of great free ones available for personal use. Using a third-party firewall will allow you to give/deny access for applications that want to go online. Select one of these, or another of your choice:

    Do not install more than one firewall program because they will conflict with each other.


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-20-2007, 12:25 AM   #18 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 35
OS: Microsoft XP Home Edition


Re: General System Maintenance
thnx man 4 all ur help

A++
morodashortass is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 02:40 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85