|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
11-26-2007, 05:38 PM
|
#1 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 36
OS: windows XP SP2
|
Serious HELP! yet others welcome
I killed my trend micro subscription b/c I was still getting issues now I have Major ones! Latency like none other as well I dont know what I can get rid of in my hijack list. Can someone help? I got tired of trend telling me I need the latest version although I updated 2 times a day yet it slowed my system. if you need DXdiag let me know. Any help would be awesome!! spads.dll main issue....thnx
Logfile of HijackThis v1.99.1 Scan saved at 6:14:43 PM, on 11/26/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FAMTAEA.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FARNAEA.EXE C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Brad\My Documents\Unzipped\hijackthis[1]\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\vsdrv.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe" O4 - HKLM\..\Run: [OM_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" /P26 "EPSON Stylus CX4200 Series" /O6 "USB002" /M "Stylus CX4200" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\RunOnce: [RegCodec] C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\iac25_32.ax O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [npad_ql] C:\WINDOWS\system32\Npad.exe O4 - HKCU\..\Run: [OM_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" -NoStart O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {1896F800-6EFB-422F-A04B-AA7D44D9A4A9} (ATI Web DVR Control) - http://www.ati247.com/livedemo/WebClient.cab O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://mail.mixthis.com:8080/kxhcm10.ocx O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} - http://h30155.www3.hp.com/ediags/dd/...allMgr_v01.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by135fd.bay135.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1163638020578 O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://webcam5.hrz.tu-darmstadt.de/activex/AMC.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://213.141.95.146/activex/AxisCamControl.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/5...l/gtdownls.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://intercam.pat.forthnet.gr:8083/activex/AMC.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Messenger Sharing USN Journal Reader service (usnsvc) - Unknown owner - C:\Program.exe (file missing) O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
11-26-2007, 06:38 PM
|
#2 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 36
OS: windows XP SP2
|
Re: Serious HELP! yet others welcome
saw another thread here is the dss.exe report:
Deckard's System Scanner v20071014.68 Run by Brad on 2007-11-26 19:05:17 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Unable to create WMI object; The operation completed successfully. Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Brad.exe) ------------------------------------------------ Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2007-11-26 19:09:12 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\alg.exe C:\WINDOWS\explorer.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAEA.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Documents and Settings\Brad\Desktop\dss.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Brad\My Documents\Unzipped\hijackthis[1]\Brad.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\vsdrv.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe" O4 - HKLM\..\Run: [OM_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" /P26 "EPSON Stylus CX4200 Series" /O6 "USB002" /M "Stylus CX4200" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\RunOnce: [RegCodec] C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\iac25_32.ax O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [npad_ql] C:\WINDOWS\system32\Npad.exe O4 - HKCU\..\Run: [OM_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" -NoStart O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [npad_ql] C:\WINDOWS\system32\Npad.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Cursors" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\pchealth" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_13] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_14] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_15] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [npad_ql] C:\WINDOWS\system32\Npad.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Cursors" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\pchealth" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_05] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_06] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_08] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_13] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_14] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_15] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [npad_ql] C:\WINDOWS\system32\Npad.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [npad_ql] C:\WINDOWS\system32\Npad.exe (User 'Default user') O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab O16 - DPF: {1896F800-6EFB-422F-A04B-AA7D44D9A4A9} (ATI Web DVR Control) - http://www.ati247.com/livedemo/WebClient.cab O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get...irector/sw.cab O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://mail.mixthis.com:8080/kxhcm10.ocx O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} () - http://h30155.www3.hp.com/ediags/dd/...allMgr_v01.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by135fd.bay135.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1163638020578 O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://webcam5.hrz.tu-darmstadt.de/activex/AMC.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://213.141.95.146/activex/AxisCamControl.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/5...l/gtdownls.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://intercam.pat.forthnet.gr:8083/activex/AMC.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Program Files\Common Files\X10\Common\X10nets.exe -- End of file - 14317 bytes -- File Associations ----------------------------------------------------------- .bat - batfile - shell\edit\command - C:\WINDOWS\system32\NOTEPAD2.EXE %1 .cmd - cmdfile - shell\edit\command - C:\WINDOWS\system32\NOTEPAD2.EXE %1 .inf - inffile - shell\open\command - C:\WINDOWS\system32\NOTEPAD2.EXE %1 .ini - inifile - shell\open\command - C:\WINDOWS\system32\NOTEPAD2.EXE %1 .reg - regfile - shell\edit\command - C:\WINDOWS\system32\NOTEPAD2.EXE %1 .txt - txtfile - shell\open\command - C:\WINDOWS\system32\NOTEPAD2.EXE %1 .vbs - VBSFile - shell\edit\command - C:\WINDOWS\system32\Notepad2.exe %1 -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)> R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7> R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell> R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver> R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil> R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil> R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil> S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver> S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService> S3 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Linksys Wireless-G PCI Adapter Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&10416D21&0&00F0 Manufacturer: Cisco-Linksys ,LLC. Name: Linksys Wireless-G PCI Adapter PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&10416D21&0&00F0 Service: RT2500 -- Scheduled Tasks ------------------------------------------------------------- 2007-11-26 05:40:10 420 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AE75908B-8294-4A09-9F36-23EE90111646}.job 2007-11-22 17:33:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-10-26 and 2007-11-26 ----------------------------- 2007-11-24 13:40:07 0 d-------- C:\Program Files\Spyware Doctor 2007-11-24 13:40:07 0 d-------- C:\Documents and Settings\Brad\Application Data\PC Tools 2007-11-24 12:42:20 0 d-------- C:\Documents and Settings\Brad\.housecall6.6 2007-11-24 11:49:11 0 d-------- C:\Program Files\ContextTool 2007-11-19 09:18:36 208896 --a------ C:\WINDOWS\system32\nsi269.dll 2007-11-19 04:36:54 64000 --a------ C:\WINDOWS\system32\spads.dll 2007-11-16 18:57:44 56832 --a------ C:\WINDOWS\system32\Iyvu9_32.dll 2007-11-16 18:57:44 143872 --a------ C:\WINDOWS\system32\iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software> 2007-11-16 18:28:37 0 d-------- C:\Program Files\Dcads Advanced Toolbar 2007-11-16 18:28:37 0 d-------- C:\Documents and Settings\Brad\Application Data\Dcads Advanced Toolbar 2007-11-16 18:28:32 40731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe 2007-11-16 18:28:30 80105 --a------ C:\WINDOWS\system32\dcads-remove.exe 2007-11-16 18:03:00 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft 2007-11-16 18:00:11 0 d-------- C:\Program Files\SlySoft 2007-11-09 18:57:08 0 d-------- C:\Program Files\Guild Wars 2007-11-08 17:45:44 0 d-------- C:\Program Files\iPod 2007-11-08 17:45:40 0 d-------- C:\Program Files\iTunes 2007-10-26 15:48:47 0 d-------- C:\Program Files\IVT Corporation -- Find3M Report --------------------------------------------------------------- 2007-11-22 08:44:49 0 d-------- C:\Program Files\Yahoo! 2007-11-16 18:08:08 0 d-------- C:\Program Files\LimeWire 2007-11-10 20:50:06 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment 2007-11-08 17:45:05 0 d-------- C:\Program Files\QuickTime Alternative 2007-11-05 19:53:50 0 d-------- C:\Program Files\Stamps.com Internet Postage 2007-11-05 19:47:51 36 --ah----- C:\WINDOWS\system32\f9t.dat 2007-10-23 16:42:07 0 d-------- C:\Program Files\Apple Software Update 2007-10-23 16:41:48 0 d-------- C:\Program Files\Common Files 2007-10-23 16:41:48 0 d-------- C:\Program Files\Common Files\Apple 2007-10-21 10:47:19 0 dr-h----- C:\Documents and Settings\Brad\Application Data\yahoo! 2007-10-20 15:49:29 0 d---s---- C:\Program Files\Xfire 2007-10-20 15:48:44 0 d-------- C:\Documents and Settings\Brad\Application Data\Xfire 2007-10-17 11:23:24 10752 --a------ C:\WINDOWS\system32\WhoisCL.exe <Not Verified; NirSoft; WhoisCL> 2007-10-10 20:33:10 0 d-------- C:\Documents and Settings\Brad\Application Data\Skype 2007-10-10 19:42:58 0 d-------- C:\Program Files\Starcraft 2007-10-10 19:42:58 0 d-------- C:\Program Files\Folding@Home 2007-10-10 19:30:14 0 d-------- C:\Program Files\Summitsoft 2007-10-07 14:50:59 0 d-------- C:\Documents and Settings\Brad\Application Data\Corel 2007-10-06 15:38:19 0 d-------- C:\Documents and Settings\Brad\Application Data\Move Networks 2007-10-06 14:45:34 0 d-------- C:\Program Files\Google 2007-10-04 16:12:52 0 d-------- C:\Program Files\Audacity 2007-09-26 15:27:19 0 d-------- C:\Documents and Settings\Brad\Application Data\Stamps.com Internet Postage 2007-09-17 19:35:45 164 --a------ C:\install.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}] 06/27/2007 02:27 PM 1044480 --a------ C:\Program Files\ContextTool\ContextTool-2.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}] 11/19/2007 04:36 AM 64000 --a------ C:\WINDOWS\system32\spads.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [] "Vistadrv"="C:\WINDOWS\system32\vsdrv.exe" [07/30/2006 03:37 AM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 03:00 AM] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 02:42 PM] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [05/16/2006 05:50 PM] "nwiz"="nwiz.exe" [10/22/2006 11:22 AM C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [08/03/2004 10:56 PM C:\WINDOWS\system32\rundll32.exe] "NvCplDaemon"="RUNDLL32.exe" [08/03/2004 10:56 PM C:\WINDOWS\system32\rundll32.exe] "hcsystray"="C:\Program Files\Kuma Games\hcsystray\hc_tray.exe" [] "DXDllRegExe"="dxdllreg.exe" [] "EPSON Stylus CX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.exe" [03/07/2005 01:00 PM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [] "QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [10/19/2007 08:16 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM] "spa_start"="C:\WINDOWS\system32\spads.dll" [11/19/2007 04:36 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 10:56 PM] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [02/01/2007 12:18 PM] "npad_ql"="C:\WINDOWS\system32\Npad.exe" [12/17/2005 01:25 PM] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [05/16/2006 05:51 PM] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 04:43 PM] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "RegCodec"=C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\iac25_32.ax [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "npad_ql"=C:\WINDOWS\system32\Npad.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [6/15/2005 4:47:10 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSharedDocuments"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"=1 (0x1) "NoResolveTrack"=1 (0x1) "LinkResolveIgnoreLinkInfo"=1 (0x1) "NoResolveSearch"=1 (0x1) "NoRecentDocsMenu"=1 (0x1) "NoRecentDocsHistory"=1 (0x1) "NoStartBanner"=1 (0x1) "NoSMMyDocs"=1 (0x1) "NoSMMyPictures"=1 (0x1) "NoSMConfigurePrograms"=1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"=1 (0x1) "NoResolveTrack"=1 (0x1) "LinkResolveIgnoreLinkInfo"=1 (0x1) "NoResolveSearch"=1 (0x1) "NoRecentDocsMenu"=1 (0x1) "NoRecentDocsHistory"=1 (0x1) "NoStartBanner"=1 (0x1) "NoSMMyDocs"=1 (0x1) "NoSMMyPictures"=1 (0x1) "NoSMConfigurePrograms"=1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime "LClock"=C:\Program Files\LClock\LClock.exe "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Usnsvc usnsvc *Newly Created Service* - IKFILESEC *Newly Created Service* - IKSYSFLT *Newly Created Service* - IKSYSSEC *Newly Created Service* - MCHINJDRV *Newly Created Service* - SDAUXSERVICE *Newly Created Service* - SDCORESERVICE *Newly Created Service* - TMCOMM -- Hosts ----------------------------------------------------------------------- 127.0.0.1 007guard.com 127.0.0.1 www.007guard.com 127.0.0.1 008i.com 127.0.0.1 008k.com 127.0.0.1 www.008k.com 127.0.0.1 00hq.com 127.0.0.1 www.00hq.com 127.0.0.1 010402.com 127.0.0.1 032439.com 127.0.0.1 www.032439.com 7489 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2007-11-26 19:12:14 ------------ |
|
|
|
|
11-30-2007, 05:53 PM
|
#4 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 36
OS: windows XP SP2
|
Re: Serious HELP! yet others welcome
well I duno it is a trojan but I need to change the title of my post yet no idea how to do so. I really need to get this fixed hence my current posting name. I have done everything asked except say that I downloaded codecs to get my dvd player to play dvd's from a website no p2p. I need help. anyone...anyone...( sorry, ferris bueller's line)
|
|
|
|
|
12-08-2007, 12:21 AM
|
#7 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,578
OS: WinXP and Vista
|
Re: Serious HELP! yet others welcome
Hello wtrmn76,
Our apologies for the oversight of your thread. his will require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. *************************************************** Download Combofix from any of the links below, and save it to your desktop. Link 1 Link 2 Link 3 **Note: It is important that it is saved directly to your desktop** -------------------------------------------------------------------- 1. Disconnect from the internet. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. -------------------------------------------------------------------- Double click on ComboFix.exe & follow the prompts.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall |
|
|
|
|
12-08-2007, 12:56 AM
|
#8 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 36
OS: windows XP SP2
|
Re: Serious HELP! yet others welcome
sorry for the wait
ogfile of HijackThis v1.99.1 Scan saved at 1:46:27 AM, on 12/8/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\Rundll32.exe C:\Documents and Settings\Brad\Desktop\SansaDispatch.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Brad\My Documents\Unzipped\hijackthis[1]\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll O2 - BHO: superiorads - {4AD44D3E-7316-4251-B754-9B10EC96AF92} - C:\WINDOWS\system32\sprt_ads.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\vsdrv.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe" O4 - HKLM\..\Run: [OM_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" /P26 "EPSON Stylus CX4200 Series" /O6 "USB002" /M "Stylus CX4200" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify O4 - HKLM\..\Run: [SansaDispatch] C:\Documents and Settings\Brad\Desktop\SansaDispatch.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [npad_ql] C:\WINDOWS\system32\Npad.exe O4 - HKCU\..\Run: [OM_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" -NoStart O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {1896F800-6EFB-422F-A04B-AA7D44D9A4A9} (ATI Web DVR Control) - http://www.ati247.com/livedemo/WebClient.cab O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://mail.mixthis.com:8080/kxhcm10.ocx O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/...nlineGames.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} - http://h30155.www3.hp.com/ediags/dd/...allMgr_v01.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by135fd.bay135.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1163638020578 O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://webcam5.hrz.tu-darmstadt.de/activex/AMC.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://213.141.95.146/activex/AxisCamControl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/5...l/gtdownls.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://intercam.pat.forthnet.gr:8083/activex/AMC.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Messenger Sharing USN Journal Reader service (usnsvc) - Unknown owner - C:\Program.exe (file missing) O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe |
|
|
|
|
12-08-2007, 10:21 AM
|
#10 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,578
OS: WinXP and Vista
|
Re: Serious HELP! yet others welcome
The logs did not make it here. Please navigate to C:\ComboFix.txt and copy/paste it directly into your reply. Do not attach logs unless specifically requested to do so.
Also, please explain what you mean by 'it locked up my system' . How long did you wait before rebooting the system on your own? |
|
|
|
|
12-08-2007, 10:55 AM
|
#11 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 36
OS: windows XP SP2
|
Re: Serious HELP! yet others welcome
after 25 minutes it gave me the end program option and the program never entered into any stage.
ComboFix 07-12-07.5 - Brad 2007-12-08 11:41:13.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.540 [GMT -6:00] Running from: C:\Documents and Settings\Brad\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-11-08 to 2007-12-08 ))))))))))))))))))))))))))))))) . 2007-12-08 01:39 . 2007-12-08 01:39 <DIR> d-------- C:\WINDOWS\system32\xircom 2007-12-08 01:39 . 2007-12-08 01:39 <DIR> d-------- C:\WINDOWS\system32\restore 2007-12-08 01:39 . 2007-12-08 01:39 <DIR> d-------- C:\WINDOWS\srchasst 2007-12-08 01:39 . 2007-12-08 01:39 <DIR> d-------- C:\Program Files\microsoft frontpage 2007-12-07 21:13 . 2007-12-07 21:13 <DIR> d-------- C:\Program Files\Wootalyzer 2007-12-07 21:13 . 2007-12-07 21:13 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\Wootalyzer 2007-11-30 04:12 . 2007-11-30 04:12 63,488 --a------ C:\WINDOWS\system32\sprt_ads.dll 2007-11-27 18:17 . 2007-11-27 18:29 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-11-27 18:17 . 2007-11-27 18:17 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-11-27 18:17 . 2007-11-27 18:17 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-11-27 18:17 . 2007-11-27 18:17 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-11-26 19:02 . 2007-11-26 19:02 <DIR> d-------- C:\Deckard 2007-11-26 17:43 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat 2007-11-24 13:40 . 2007-11-26 02:18 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-11-24 13:40 . 2007-11-24 13:40 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\PC Tools 2007-11-24 13:40 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-11-24 13:40 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-11-24 13:40 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-11-24 13:40 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-11-24 13:39 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-11-24 12:42 . 2007-11-24 13:14 <DIR> d-------- C:\Documents and Settings\Brad\.housecall6.6 2007-11-24 12:42 . 2007-11-24 12:42 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-11-24 11:49 . 2007-12-04 17:00 <DIR> d-------- C:\Program Files\ContextTool 2007-11-16 18:57 . 1998-02-13 14:30 143,872 --a------ C:\WINDOWS\system32\iacenc.dll 2007-11-16 18:57 . 1997-06-13 08:56 56,832 --a------ C:\WINDOWS\system32\Iyvu9_32.dll 2007-11-16 18:57 . 2007-11-16 18:57 5,768 --a------ C:\WINDOWS\system32\CDUninst.isu 2007-11-16 18:28 . 2007-11-18 10:23 <DIR> d-------- C:\Program Files\Dcads Advanced Toolbar 2007-11-16 18:28 . 2007-11-16 18:32 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\Dcads Advanced Toolbar 2007-11-16 18:28 . 2007-11-19 23:49 80,105 --a------ C:\WINDOWS\system32\dcads-remove.exe 2007-11-16 18:28 . 2007-11-30 06:39 40,734 --a------ C:\WINDOWS\system32\superiorads-uninst.exe 2007-11-16 18:03 . 2007-11-16 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft 2007-11-16 18:00 . 2007-11-22 08:41 <DIR> d-------- C:\Program Files\SlySoft 2007-11-16 18:00 . 2007-11-16 18:02 24 ---hs---- C:\WINDOWS\S72C093FB.tmp 2007-11-09 18:57 . 2007-11-09 18:57 <DIR> d-------- C:\Program Files\Guild Wars 2007-11-08 17:45 . 2007-11-08 17:45 <DIR> d-------- C:\Program Files\iTunes 2007-11-08 17:45 . 2007-11-08 17:45 <DIR> d-------- C:\Program Files\iPod . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-02 19:53 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-02 18:25 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-30 01:10 --------- d-----w C:\Documents and Settings\Brad\Application Data\Skype 2007-11-22 14:44 --------- d-----w C:\Program Files\Yahoo! 2007-11-17 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-17 00:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2007-11-17 00:08 --------- d-----w C:\Program Files\LimeWire 2007-11-11 02:50 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment 2007-11-08 23:45 --------- d-----w C:\Program Files\QuickTime Alternative 2007-11-06 01:53 --------- d-----w C:\Program Files\Stamps.com Internet Postage 2007-10-26 22:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth 2007-10-26 21:48 --------- d-----w C:\Program Files\IVT Corporation 2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\DllCache\shell32.dll 2007-10-23 22:42 --------- d-----w C:\Program Files\Apple Software Update 2007-10-23 22:41 --------- d-----w C:\Program Files\Common Files\Apple 2007-10-23 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-10-21 16:47 --------- d--h--r C:\Documents and Settings\Brad\Application Data\yahoo! 2007-10-20 21:49 --------- d-s---w C:\Program Files\Xfire 2007-10-20 21:48 --------- d-----w C:\Documents and Settings\Brad\Application Data\Xfire 2007-10-20 18:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo! 2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe 2007-10-11 01:42 --------- d-----w C:\Program Files\Starcraft 2007-10-11 01:42 --------- d-----w C:\Program Files\Folding@Home 2007-10-11 01:30 --------- d-----w C:\Program Files\Summitsoft 2007-09-18 01:35 164 ----a-w C:\install.dat 2007-09-17 23:46 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-09-13 00:45 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2007-03-10 20:28 32 ----a-r C:\Documents and Settings\All Users\hash.dat 2006-11-19 17:13 209,893 ----a-w C:\Program Files\wap11_fw_v22.zip 2006-11-19 17:12 1,098,187 ----a-w C:\Program Files\wap11_dr_ver22.zip . ((((((((((((((((((((((((((((( snapshot@2007-12-08_ 1.40.05.35 ))))))))))))))))))))))))))))))))))))))))) . + 2004-07-15 05:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_aspnet_isapi.dll + 2004-07-15 04:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_CORPerfMonExt.dll + 2004-07-15 04:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_fusion.dll + 2004-07-15 04:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_mscorjit.dll + 2004-07-15 18:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_mscorlib.dll + 2003-02-20 23:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_mscorsn.dll + 2004-07-15 04:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_mscorsvr.dll + 2004-07-15 04:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_mscorwks.dll + 2003-02-21 08:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_msvcr71.dll + 2004-07-15 04:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_PerfCounter.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}] 2007-06-27 14:27 1044480 --a------ C:\Program Files\ContextTool\ContextTool-2.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AD44D3E-7316-4251-B754-9B10EC96AF92}] 2007-11-30 04:12 63488 --a------ C:\WINDOWS\system32\sprt_ads.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-01 12:18] "npad_ql"="C:\WINDOWS\system32\Npad.exe" [2005-12-17 13:25] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [] "Vistadrv"="C:\WINDOWS\system32\vsdrv.exe" [2006-07-30 03:37] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50] "nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-03 22:56 C:\WINDOWS\system32\rundll32.exe] "NvCplDaemon"="RUNDLL32.exe" [2004-08-03 22:56 C:\WINDOWS\system32\rundll32.exe] "hcsystray"="C:\Program Files\Kuma Games\hcsystray\hc_tray.exe" [] "DXDllRegExe"="dxdllreg.exe" [] "EPSON Stylus CX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.exe" [2005-03-07 13:00] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [] "QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2007-10-19 20:16] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36] "RegistryMechanic"="" [] "spa_start"="C:\WINDOWS\System32\Rundll32.exe" [2004-08-03 22:56] "SansaDispatch"="C:\Documents and Settings\Brad\Desktop\SansaDispatch.exe" [2007-05-02 19:00] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "npad_ql"="C:\WINDOWS\system32\Npad.exe" [2005-12-17 13:25] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSharedDocuments"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoRecentDocsMenu"= 1 (0x1) "NoRecentDocsHistory"= 1 (0x1) "NoSMMyDocs"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoRecentDocsMenu"= 1 (0x1) "NoRecentDocsHistory"= 1 (0x1) "NoSMMyDocs"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime "LClock"=C:\Program Files\LClock\LClock.exe "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys . Contents of the 'Scheduled Tasks' folder "2007-12-06 23:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-08 01:08:26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{AE75908B-8294-4A09-9F36-23EE90111646}.job" - C:\WINDOWS\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-08 11:41:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-08 11:42:15 C:\ComboFix2.txt ... 2007-12-08 01:43 . --- E O F --- |
|
|
|
|
12-08-2007, 01:04 PM
|
#12 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,578
OS: WinXP and Vista
|
Re: Serious HELP! yet others welcome
Thanks.
 Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. *************************************************** 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. --------------------------------------------------------------------- Open notepad and copy/paste the text in the code box below into it: Code:
http://www.techsupportforum.com/security-center/hijackthis-log-help/197840-serious-help-yet-others-welcome-post1202458.html#post1202458
Collect::
C:\WINDOWS\system32\sprt_ads.dll
C:\WINDOWS\system32\Npad.exe
File::
C:\WINDOWS\system32\CDUninst.isu
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\superiorads-uninst.exe
C:\WINDOWS\S72C093FB.tmp
Folder::
C:\Program Files\ContextTool
C:\Documents and Settings\Brad\Application Data\Dcads Advanced Toolbar
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AD44D3E-7316-4251-B754-9B10EC96AF92}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"npad_ql"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"spa_start"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"npad_ql"=-
 Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you. Post that log in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall **When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
Run a new scan with HijackThis and save the log. --------------------------------------------------------------------- Please include the following in your next reply: C:\ComboFix.txt New HijackThis log Update on system behavior |
|
|
|
|
12-08-2007, 01:16 PM
|
#14 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,578
OS: WinXP and Vista
|
Re: Serious HELP! yet others welcome
Close open browsers--you will need the internet connection to upload the files when ComboFix has completed it's run.
|
|
|
|
|
12-08-2007, 02:47 PM
|
#15 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 36
OS: windows XP SP2
|
Re: Serious HELP! yet others welcome
allright I ran it, it rebooted my system then sent to bleeping computer. here is the hijack this:
Logfile of HijackThis v1.99.1 Scan saved at 15:42, on 2007-12-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE C:\Program Files\QuickTime Alternative\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Documents and Settings\Brad\Desktop\SansaDispatch.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Documents and Settings\Brad\My Documents\Unzipped\hijackthis[1]\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing) O2 - BHO: superiorads - {4AD44D3E-7316-4251-B754-9B10EC96AF92} - C:\WINDOWS\system32\sprt_ads.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\vsdrv.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe" O4 - HKLM\..\Run: [OM_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" /P26 "EPSON Stylus CX4200 Series" /O6 "USB002" /M "Stylus CX4200" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify O4 - HKLM\..\Run: [SansaDispatch] C:\Documents and Settings\Brad\Desktop\SansaDispatch.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\cmd.exe" /c "cd /d C:\ComboFix\ & Combobatch.bat" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [npad_ql] C:\WINDOWS\system32\Npad.exe O4 - HKCU\..\Run: [OM_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" -NoStart O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {1896F800-6EFB-422F-A04B-AA7D44D9A4A9} (ATI Web DVR Control) - http://www.ati247.com/livedemo/WebClient.cab O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://mail.mixthis.com:8080/kxhcm10.ocx O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/...nlineGames.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} - http://h30155.www3.hp.com/ediags/dd/...allMgr_v01.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by135fd.bay135.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1163638020578 O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://webcam5.hrz.tu-darmstadt.de/activex/AMC.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://213.141.95.146/activex/AxisCamControl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/5...l/gtdownls.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://intercam.pat.forthnet.gr:8083/activex/AMC.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Messenger Sharing USN Journal Reader service (usnsvc) - Unknown owner - C:\Program.exe (file missing) O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe |
|
|
|
|
12-08-2007, 08:36 PM
|
#16 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,578
OS: WinXP and Vista
|
Re: Serious HELP! yet others welcome
Hi wtrmn76,
Thank you, the files have been received. Before we can continue, I need you to post that C:\ComboFix.txt for further review. (You will see ComboFix3.txt, ComboFix2.txt and a ComboFix.txt. The ComboFix.txt with no number in it's title, is the most recent--copy/paste that one into your next reply.) I also would like for you to update me on your system behavior. |
|
|
|
|
12-09-2007, 07:47 AM
|
#17 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 36
OS: windows XP SP2
|
Re: Serious HELP! yet others welcome
Well, The popups for the ads have stopped. It doesnt seem that my system is running hard all the time although I am still latent on opening webpages and no matter what site I goto I get the message that I am about to view pages over a secure connection.as well when I reboot I get an error the "C:\Windows\System32\sprt_ads.dll failed.
ComboFix 07-12-07.5 - Brad 2007-12-08 11:50:17.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.593 [GMT -6:00] Running from: C:\Documents and Settings\Brad\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-11-08 to 2007-12-08 ))))))))))))))))))))))))))))))) . 2007-12-08 01:39 . 2007-12-08 01:39 <DIR> d-------- C:\WINDOWS\system32\xircom 2007-12-08 01:39 . 2007-12-08 01:39 <DIR> d-------- C:\WINDOWS\system32\restore 2007-12-08 01:39 . 2007-12-08 01:39 <DIR> d-------- C:\WINDOWS\srchasst 2007-12-08 01:39 . 2007-12-08 01:39 <DIR> d-------- C:\Program Files\microsoft frontpage 2007-12-07 21:13 . 2007-12-07 21:13 <DIR> d-------- C:\Program Files\Wootalyzer 2007-12-07 21:13 . 2007-12-07 21:13 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\Wootalyzer 2007-11-30 04:12 . 2007-11-30 04:12 63,488 --a------ C:\WINDOWS\system32\sprt_ads.dll 2007-11-27 18:17 . 2007-11-27 18:29 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-11-27 18:17 . 2007-11-27 18:17 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-11-27 18:17 . 2007-11-27 18:17 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-11-27 18:17 . 2007-11-27 18:17 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-11-26 19:02 . 2007-11-26 19:02 <DIR> d-------- C:\Deckard 2007-11-26 17:43 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat 2007-11-24 13:40 . 2007-11-26 02:18 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-11-24 13:40 . 2007-11-24 13:40 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\PC Tools 2007-11-24 13:40 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-11-24 13:40 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-11-24 13:40 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-11-24 13:40 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-11-24 13:39 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-11-24 12:42 . 2007-11-24 13:14 <DIR> d-------- C:\Documents and Settings\Brad\.housecall6.6 2007-11-24 12:42 . 2007-11-24 12:42 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-11-24 11:49 . 2007-12-04 17:00 <DIR> d-------- C:\Program Files\ContextTool 2007-11-16 18:57 . 1998-02-13 14:30 143,872 --a------ C:\WINDOWS\system32\iacenc.dll 2007-11-16 18:57 . 1997-06-13 08:56 56,832 --a------ C:\WINDOWS\system32\Iyvu9_32.dll 2007-11-16 18:57 . 2007-11-16 18:57 5,768 --a------ C:\WINDOWS\system32\CDUninst.isu 2007-11-16 18:28 . 2007-11-18 10:23 <DIR> d-------- C:\Program Files\Dcads Advanced Toolbar 2007-11-16 18:28 . 2007-11-16 18:32 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\Dcads Advanced Toolbar 2007-11-16 18:28 . 2007-11-19 23:49 80,105 --a------ C:\WINDOWS\system32\dcads-remove.exe 2007-11-16 18:28 . 2007-11-30 06:39 40,734 --a------ C:\WINDOWS\system32\superiorads-uninst.exe 2007-11-16 18:03 . 2007-11-16 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft 2007-11-16 18:00 . 2007-11-22 08:41 <DIR> d-------- C:\Program Files\SlySoft 2007-11-16 18:00 . 2007-11-16 18:02 24 ---hs---- C:\WINDOWS\S72C093FB.tmp 2007-11-09 18:57 . 2007-11-09 18:57 <DIR> d-------- C:\Program Files\Guild Wars 2007-11-08 17:45 . 2007-11-08 17:45 <DIR> d-------- C:\Program Files\iTunes 2007-11-08 17:45 . 2007-11-08 17:45 <DIR> d-------- C:\Program Files\iPod . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-02 19:53 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-02 18:25 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-30 01:10 --------- d-----w C:\Documents and Settings\Brad\Application Data\Skype 2007-11-22 14:44 --------- d-----w C:\Program Files\Yahoo! 2007-11-17 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-17 00:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2007-11-17 00:08 --------- d-----w C:\Program Files\LimeWire 2007-11-11 02:50 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment 2007-11-08 23:45 --------- d-----w C:\Program Files\QuickTime Alternative 2007-11-06 01:53 --------- d-----w C:\Program Files\Stamps.com Internet Postage 2007-10-26 22:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth 2007-10-26 21:48 --------- d-----w C:\Program Files\IVT Corporation 2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\DllCache\shell32.dll 2007-10-23 22:42 --------- d-----w C:\Program Files\Apple Software Update 2007-10-23 22:41 --------- d-----w C:\Program Files\Common Files\Apple 2007-10-23 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-10-21 16:47 --------- d--h--r C:\Documents and Settings\Brad\Application Data\yahoo! 2007-10-20 21:49 --------- d-s---w C:\Program Files\Xfire 2007-10-20 21:48 --------- d-----w C:\Documents and Settings\Brad\Application Data\Xfire 2007-10-20 18:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo! 2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe 2007-10-11 01:42 --------- d-----w C:\Program Files\Starcraft 2007-10-11 01:42 --------- d-----w C:\Program Files\Folding@Home 2007-10-11 01:30 --------- d-----w C:\Program Files\Summitsoft 2007-09-18 01:35 164 ----a-w C:\install.dat 2007-09-17 23:46 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-09-13 00:45 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2007-03-10 20:28 32 ----a-r C:\Documents and Settings\All Users\hash.dat 2006-11-19 17:13 209,893 ----a-w C:\Program Files\wap11_fw_v22.zip 2006-11-19 17:12 1,098,187 ----a-w C:\Program Files\wap11_dr_ver22.zip . ((((((((((((((((((((((((((((( snapshot@2007-12-08_ 1.40.05.35 ))))))))))))))))))))))))))))))))))))))))) . + 2004-07-15 05:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_aspnet_isapi.dll + 2004-07-15 04:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_CORPerfMonExt.dll + 2004-07-15 04:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_fusion.dll + 2004-07-15 04:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_mscorjit.dll + 2004-07-15 18:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_mscorlib.dll + 2003-02-20 23:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_mscorsn.dll + 2004-07-15 04:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_mscorsvr.dll + 2004-07-15 04:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_mscorwks.dll + 2003-02-21 08:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_msvcr71.dll + 2004-07-15 04:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_PerfCounter.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}] 2007-06-27 14:27 1044480 --a------ C:\Program Files\ContextTool\ContextTool-2.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AD44D3E-7316-4251-B754-9B10EC96AF92}] 2007-11-30 04:12 63488 --a------ C:\WINDOWS\system32\sprt_ads.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-01 12:18] "npad_ql"="C:\WINDOWS\system32\Npad.exe" [2005-12-17 13:25] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [] "Vistadrv"="C:\WINDOWS\system32\vsdrv.exe" [2006-07-30 03:37] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50] "nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-03 22:56 C:\WINDOWS\system32\rundll32.exe] "NvCplDaemon"="RUNDLL32.exe" [2004-08-03 22:56 C:\WINDOWS\system32\rundll32.exe] "hcsystray"="C:\Program Files\Kuma Games\hcsystray\hc_tray.exe" [] "DXDllRegExe"="dxdllreg.exe" [] "EPSON Stylus CX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.exe" [2005-03-07 13:00] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [] "QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2007-10-19 20:16] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36] "RegistryMechanic"="" [] "spa_start"="C:\WINDOWS\System32\Rundll32.exe" [2004-08-03 22:56] "SansaDispatch"="C:\Documents and Settings\Brad\Desktop\SansaDispatch.exe" [2007-05-02 19:00] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "npad_ql"="C:\WINDOWS\system32\Npad.exe" [2005-12-17 13:25] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSharedDocuments"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoRecentDocsMenu"= 1 (0x1) "NoRecentDocsHistory"= 1 (0x1) "NoSMMyDocs"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoRecentDocsMenu"= 1 (0x1) "NoRecentDocsHistory"= 1 (0x1) "NoSMMyDocs"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime "LClock"=C:\Program Files\LClock\LClock.exe "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" |
|
|
|
|
12-09-2007, 10:17 AM
|
#18 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,578
OS: WinXP and Vista
|
Re: Serious HELP! yet others welcome
It looks as though you ran ComboFix again. Do not run ComboFix.exe again. Each time you run it, it renames the previous logs.
I need to see the log that was produced when we ran the CFScript, which should now be named ComboFix 2.txt. Click your green Start button in the bottom left of your taskbar. In the menu that appears, click on My Computer (It should be on the right hand side toward to top) Under Hard Disk Drives, double click the C:\ drive. You'll now see many folders and files--they are listed alphabetically--folders first. 1. Look for ComboFix 2.txt. When you find it, double click to open it and copy/paste the entire contents. |
|
|
|
|
12-09-2007, 11:11 AM
|
#19 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 36
OS: windows XP SP2
|
Re: Serious HELP! yet others welcome
here ya go..though I do have a combofix3
ComboFix 07-12-07.5 - Brad 2007-12-08 11:41:13.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.540 [GMT -6:00] Running from: C:\Documents and Settings\Brad\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-11-08 to 2007-12-08 ))))))))))))))))))))))))))))))) . 2007-12-08 01:39 . 2007-12-08 01:39 <DIR> d-------- C:\WINDOWS\system32\xircom 2007-12-08 01:39 . 2007-12-08 01:39 <DIR> d-------- C:\WINDOWS\system32\restore 2007-12-08 01:39 . 2007-12-08 01:39 <DIR> d-------- C:\WINDOWS\srchasst 2007-12-08 01:39 . 2007-12-08 01:39 <DIR> d-------- C:\Program Files\microsoft frontpage 2007-12-07 21:13 . 2007-12-07 21:13 <DIR> d-------- C:\Program Files\Wootalyzer 2007-12-07 21:13 . 2007-12-07 21:13 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\Wootalyzer 2007-11-30 04:12 . 2007-11-30 04:12 63,488 --a------ C:\WINDOWS\system32\sprt_ads.dll 2007-11-27 18:17 . 2007-11-27 18:29 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-11-27 18:17 . 2007-11-27 18:17 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-11-27 18:17 . 2007-11-27 18:17 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-11-27 18:17 . 2007-11-27 18:17 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-11-26 19:02 . 2007-11-26 19:02 <DIR> d-------- C:\Deckard 2007-11-26 17:43 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat 2007-11-24 13:40 . 2007-11-26 02:18 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-11-24 13:40 . 2007-11-24 13:40 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\PC Tools 2007-11-24 13:40 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-11-24 13:40 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-11-24 13:40 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-11-24 13:40 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-11-24 13:39 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-11-24 12:42 . 2007-11-24 13:14 <DIR> d-------- C:\Documents and Settings\Brad\.housecall6.6 2007-11-24 12:42 . 2007-11-24 12:42 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-11-24 11:49 . 2007-12-04 17:00 <DIR> d-------- C:\Program Files\ContextTool 2007-11-16 18:57 . 1998-02-13 14:30 143,872 --a------ C:\WINDOWS\system32\iacenc.dll 2007-11-16 18:57 . 1997-06-13 08:56 56,832 --a------ C:\WINDOWS\system32\Iyvu9_32.dll 2007-11-16 18:57 . 2007-11-16 18:57 5,768 --a------ C:\WINDOWS\system32\CDUninst.isu 2007-11-16 18:28 . 2007-11-18 10:23 <DIR> d-------- C:\Program Files\Dcads Advanced Toolbar 2007-11-16 18:28 . 2007-11-16 18:32 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\Dcads Advanced Toolbar 2007-11-16 18:28 . 2007-11-19 23:49 80,105 --a------ C:\WINDOWS\system32\dcads-remove.exe 2007-11-16 18:28 . 2007-11-30 06:39 40,734 --a------ C:\WINDOWS\system32\superiorads-uninst.exe 2007-11-16 18:03 . 2007-11-16 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft 2007-11-16 18:00 . 2007-11-22 08:41 <DIR> d-------- C:\Program Files\SlySoft 2007-11-16 18:00 . 2007-11-16 18:02 24 ---hs---- C:\WINDOWS\S72C093FB.tmp 2007-11-09 18:57 . 2007-11-09 18:57 <DIR> d-------- C:\Program Files\Guild Wars 2007-11-08 17:45 . 2007-11-08 17:45 <DIR> d-------- C:\Program Files\iTunes 2007-11-08 17:45 . 2007-11-08 17:45 <DIR> d-------- C:\Program Files\iPod . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-02 19:53 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-02 18:25 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-30 01:10 --------- d-----w C:\Documents and Settings\Brad\Application Data\Skype 2007-11-22 14:44 --------- d-----w C:\Program Files\Yahoo! 2007-11-17 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-17 00:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2007-11-17 00:08 --------- d-----w C:\Program Files\LimeWire 2007-11-11 02:50 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment 2007-11-08 23:45 --------- d-----w C:\Program Files\QuickTime Alternative 2007-11-06 01:53 --------- d-----w C:\Program Files\Stamps.com Internet Postage 2007-10-26 22:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth 2007-10-26 21:48 --------- d-----w C:\Program Files\IVT Corporation 2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\DllCache\shell32.dll 2007-10-23 22:42 --------- d-----w C:\Program Files\Apple Software Update 2007-10-23 22:41 --------- d-----w C:\Program Files\Common Files\Apple 2007-10-23 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-10-21 16:47 --------- d--h--r C:\Documents and Settings\Brad\Application Data\yahoo! 2007-10-20 21:49 --------- d-s---w C:\Program Files\Xfire 2007-10-20 21:48 --------- d-----w C:\Documents and Settings\Brad\Application Data\Xfire 2007-10-20 18:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo! 2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe 2007-10-11 01:42 --------- d-----w C:\Program Files\Starcraft 2007-10-11 01:42 --------- d-----w C:\Program Files\Folding@Home 2007-10-11 01:30 --------- d-----w C:\Program Files\Summitsoft 2007-09-18 01:35 164 ----a-w C:\install.dat 2007-09-17 23:46 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-09-13 00:45 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2007-03-10 20:28 32 ----a-r C:\Documents and Settings\All Users\hash.dat 2006-11-19 17:13 209,893 ----a-w C:\Program Files\wap11_fw_v22.zip 2006-11-19 17:12 1,098,187 ----a-w C:\Program Files\wap11_dr_ver22.zip . ((((((((((((((((((((((((((((( snapshot@2007-12-08_ 1.40.05.35 ))))))))))))))))))))))))))))))))))))))))) . + 2004-07-15 05:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_aspnet_isapi.dll + 2004-07-15 04:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_CORPerfMonExt.dll + 2004-07-15 04:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_fusion.dll + 2004-07-15 04:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_mscorjit.dll + 2004-07-15 18:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_mscorlib.dll + 2003-02-20 23:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_mscorsn.dll + 2004-07-15 04:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_mscorsvr.dll + 2004-07-15 04:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_mscorwks.dll + 2003-02-21 08:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_msvcr71.dll + 2004-07-15 04:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_PerfCounter.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}] 2007-06-27 14:27 1044480 --a------ C:\Program Files\ContextTool\ContextTool-2.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AD44D3E-7316-4251-B754-9B10EC96AF92}] 2007-11-30 04:12 63488 --a------ C:\WINDOWS\system32\sprt_ads.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-01 12:18] "npad_ql"="C:\WINDOWS\system32\Npad.exe" [2005-12-17 13:25] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [] "Vistadrv"="C:\WINDOWS\system32\vsdrv.exe" [2006-07-30 03:37] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50] "nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-03 22:56 C:\WINDOWS\system32\rundll32.exe] "NvCplDaemon"="RUNDLL32.exe" [2004-08-03 22:56 C:\WINDOWS\system32\rundll32.exe] "hcsystray"="C:\Program Files\Kuma Games\hcsystray\hc_tray.exe" [] "DXDllRegExe"="dxdllreg.exe" [] "EPSON Stylus CX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.exe" [2005-03-07 13:00] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [] "QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2007-10-19 20:16] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36] "RegistryMechanic"="" [] "spa_start"="C:\WINDOWS\System32\Rundll32.exe" [2004-08-03 22:56] "SansaDispatch"="C:\Documents and Settings\Brad\Desktop\SansaDispatch.exe" [2007-05-02 19:00] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "npad_ql"="C:\WINDOWS\system32\Npad.exe" [2005-12-17 13:25] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSharedDocuments"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoRecentDocsMenu"= 1 (0x1) "NoRecentDocsHistory"= 1 (0x1) "NoSMMyDocs"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoRecentDocsMenu"= 1 (0x1) "NoRecentDocsHistory"= 1 (0x1) "NoSMMyDocs"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime "LClock"=C:\Program Files\LClock\LClock.exe "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys . Contents of the 'Scheduled Tasks' folder "2007-12-06 23:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-08 01:08:26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{AE75908B-8294-4A09-9F36-23EE90111646}.job" - C:\WINDOWS\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-08 11:41:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-08 11:42:15 C:\ComboFix2.txt ... 2007-12-08 01:43 . --- E O F --- |
|
|
|
| Thread Tools | |
|
|
