Tech Support banner

Status
Not open for further replies.
1 - 10 of 10 Posts

·
Registered
Joined
·
5 Posts
Discussion Starter #1
Hi - I've been having problems since 11/16 with unwanted browser windows opening, all claiming to be finding adware, and spyware on my pc and then directing me to their website to clean it up. Yourprivacyguard, securepc, and confidentsurf are a few of them. I discovered (too late) that my macafee was out of date, so I installed norton, adaware, and xoft. They all find this stuff, and supposedly get rid of it, but it keeps coming right back. My pc is going at a snails pace with these browsers opening up all over. Is this stuff still coming in or is it just hiding in my pc really good? I did the 5 steps and will attempt to attach the logs. Thanks!!!Deckard's System Scanner v20071014.68
Run by Michelle on 2007-11-20 21:00:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
97: 2007-11-21 02:00:30 UTC - RP973 - Deckard's System Scanner Restore Point
96: 2007-11-20 23:25:13 UTC - RP972 - System Checkpoint
95: 2007-11-19 22:55:07 UTC - RP971 - Restore Operation
94: 2007-11-19 22:50:39 UTC - RP970 - Restore Operation
93: 2007-11-19 22:45:55 UTC - RP969 - Restore Operation


-- First Restore Point --
1: 2007-08-24 01:45:20 UTC - RP877 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Michelle.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:06 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1154390723\ee\AOLSoftware.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\InterMute\SpySubtract\spysub.exe
C:\Program Files\InterMute\AdSubtract\AdSub.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Michelle\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Michelle.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:3384
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {2D42D689-4B94-4734-92C2-606FC5F4C15D} - C:\WINDOWS\oprevtdp.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: The bonsws - {CBF19702-9D5B-44E7-8F8A-6750209B76F3} - C:\WINDOWS\bonsws.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154390723\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2929081581-1671966086-3842708014-1008\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Cara')
O4 - HKUS\S-1-5-21-2929081581-1671966086-3842708014-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Cara')
O4 - HKUS\S-1-5-21-2929081581-1671966086-3842708014-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Cara')
O4 - HKUS\S-1-5-21-2929081581-1671966086-3842708014-1008\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User 'Cara')
O4 - HKUS\S-1-5-21-2929081581-1671966086-3842708014-1008\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe" (User 'Cara')
O4 - HKUS\S-1-5-21-2929081581-1671966086-3842708014-1008\..\Run: [QdrPack9] "C:\Program Files\QdrPack\QdrPack9.exe" (User 'Cara')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - S-1-5-18 Startup: AdSubtract.lnk = C:\Program Files\InterMute\AdSubtract\AdSub.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: PowerReg Scheduler V3.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AdSubtract.lnk = C:\Program Files\InterMute\AdSubtract\AdSub.exe (User 'Default user')
O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user')
O4 - Startup: AdSubtract.lnk = C:\Program Files\InterMute\AdSubtract\AdSub.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\spysub.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\InterMute\AdSubtract\AdSub.exe/360
O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\InterMute\AdSubtract\AdSub.exe/361
O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\InterMute\AdSubtract\AdSub.exe/359
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195253896578
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O21 - SSODL: nopctrl - {A87B87D2-4119-4049-819A-C8DB82EA1C1D} - C:\WINDOWS\nopctrl.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13616 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>

S3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
S3 HSFHWCD2 - c:\windows\system32\drivers\hsfhwcd2.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 82865G Graphics Controller
Device ID: PCI\VEN_8086&DEV_2572&SUBSYS_019D1028&REV_02\3&172E68DD&0&10
Manufacturer: Intel Corporation
Name: Intel(R) 82865G Graphics Controller
PNP Device ID: PCI\VEN_8086&DEV_2572&SUBSYS_019D1028&REV_02\3&172E68DD&0&10
Service: ialm


-- Scheduled Tasks -------------------------------------------------------------

2007-11-20 18:37:00 348 --a------ C:\WINDOWS\Tasks\HP Usg Daily.job
2007-11-20 17:00:07 454 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2007-11-20 06:45:08 368 --a------ C:\WINDOWS\Tasks\XoftSpySE.job
2007-11-19 20:51:53 628 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Michelle.job
2007-11-17 20:05:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-02-07 22:40:12 436 --a------ C:\WINDOWS\Tasks\WebReg 20050207224012.job


-- Files created between 2007-10-20 and 2007-11-20 -----------------------------

2007-11-20 21:04:11 0 d-------- C:\Program Files\Trend Micro
2007-11-20 14:54:45 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-20 14:54:41 0 d-------- C:\WINDOWS\LastGood
2007-11-20 07:32:48 0 d-------- C:\Documents and Settings\Cara\Application Data\Lavasoft
2007-11-19 19:06:51 0 d-------- C:\Documents and Settings\Michelle\Application Data\Lavasoft
2007-11-18 22:16:05 0 d-------- C:\Documents and Settings\Bill\Application Data\Symantec
2007-11-18 22:01:36 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-18 22:01:36 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-11-18 22:01:36 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-18 22:01:36 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-11-18 22:01:36 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-11-18 22:01:36 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-18 22:01:36 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-11-18 22:01:36 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-18 22:01:36 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-11-18 22:01:36 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-18 22:01:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-11-18 22:01:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-11-18 22:01:36 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-18 22:01:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2007-11-18 22:01:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-11-18 22:01:35 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-18 22:01:35 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-18 22:01:35 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-11-18 21:55:00 5336 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-18 21:24:58 0 d-------- C:\Program Files\Enigma Software Group
2007-11-18 10:17:54 0 d-------- C:\Program Files\QdrPack
2007-11-18 10:17:27 0 d-------- C:\Documents and Settings\Cara\Application Data\Symantec
2007-11-17 11:39:03 0 d-------- C:\Documents and Settings\Michelle\Application Data\Symantec
2007-11-17 11:35:47 0 d-------- C:\Program Files\Windows Sidebar
2007-11-17 11:34:05 0 d-------- C:\Program Files\Norton Internet Security
2007-11-17 11:32:11 0 d-------- C:\Program Files\Symantec
2007-11-17 11:32:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-17 11:26:25 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-17 07:53:56 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2007-11-17 07:43:03 0 d---s---- C:\Documents and Settings\LocalService\UserData
2007-11-17 07:31:15 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2007-11-17 07:28:09 153 --a------ C:\WINDOWS\system32\delFSF.bat
2007-11-16 18:14:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-11-16 12:08:23 0 d-------- C:\Program Files\XoftSpySE
2007-11-15 22:37:51 81920 --a------ C:\WINDOWS\sawkip.exe
2007-11-15 22:37:51 282624 --a------ C:\WINDOWS\oprevtdp.dll <Not Verified; ; oprevtdp>
2007-11-15 22:37:51 327680 --a------ C:\WINDOWS\nopctrl.dll
2007-11-15 22:37:51 249856 --a------ C:\WINDOWS\ddkret.dll <Not Verified; ; ddkret>
2007-11-15 22:37:51 188416 --a------ C:\WINDOWS\bonsws.dll <Not Verified; ; bonsws Module>
2007-11-11 10:38:38 0 d-------- C:\Documents and Settings\Double x l Master\Application Data\Microsoft Games
2007-11-07 21:14:00 0 d-------- C:\Program Files\Apple Software Update
2007-11-07 21:13:45 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-11-07 21:13:27 0 d-------- C:\Program Files\Common Files\Apple
2007-11-07 21:13:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-04 14:19:10 0 d-------- C:\Documents and Settings\Cara\Application Data\Microsoft Games
2007-11-04 13:05:30 0 d-------- C:\Program Files\QdrModule
2007-11-04 12:12:02 0 d-------- C:\Documents and Settings\Bill\Application Data\Adobe


-- Find3M Report ---------------------------------------------------------------

2007-11-20 16:07:29 0 d-------- C:\Program Files\iTunes
2007-11-20 16:04:13 0 d-------- C:\Program Files\DellSupport
2007-11-20 15:59:09 0 d-------- C:\Program Files\Bonjour
2007-11-17 13:04:06 0 d-------- C:\Program Files\Common Files
2007-11-17 11:23:23 0 d-------- C:\Program Files\McAfee.com
2007-11-07 21:16:29 0 d-------- C:\Program Files\QuickTime
2007-11-07 18:49:21 4 --a------ C:\WINDOWS\system32\389A4F
2007-10-08 19:54:11 0 d-------- C:\Documents and Settings\Michelle\Application Data\Adobe
2007-10-06 08:44:25 40183 ---hs---- C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
2007-10-01 18:48:46 0 d-------- C:\Program Files\Best Buy Rhapsody
2007-09-24 16:40:17 0 d-------- C:\Program Files\Common Files\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D42D689-4B94-4734-92C2-606FC5F4C15D}]
11/15/2007 12:01 PM 282624 --a------ C:\WINDOWS\oprevtdp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
08/24/2007 10:51 PM 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
11/17/2007 11:35 AM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [08/24/2007 10:51 PM 316784]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [04/13/2005 03:48 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [06/30/2004 02:33 PM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [04/11/2004 09:15 PM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 02:01 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/13/2004 02:05 AM]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [01/17/2006 01:03 PM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [01/04/2005 12:51 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [12/04/2003 07:44 AM]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [11/12/2003 08:23 AM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 08:38 AM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [12/05/2003 03:41 PM]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [02/02/2004 03:41 AM]
"masqform.exe"="C:\Program Files\PureEdge\Viewer 6.0\masqform.exe" [12/03/2003 11:43 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/17/2004 11:20 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 08:35 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 08:32 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 08:36 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1154390723\ee\AOLSoftware.exe" [09/25/2006 07:52 PM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 05:41 PM]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/23/2006 07:50 AM]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [01/17/2006 01:03 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 10:09 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 02:06 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/19/2007 08:16 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/25/2007 12:07 AM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [08/24/2007 11:53 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AIM"=C:\Program Files\AIM\aim.exe -cnetwait.odl
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\
AdSubtract.lnk - C:\Program Files\InterMute\AdSubtract\AdSub.exe [12/26/2006 4:19:29 PM]
DESKTOP.INI [8/10/2004 2:04:12 PM]
PowerReg Scheduler V3.exe [4/28/2005 6:01:31 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinCinema Manager.lnk - C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe [6/14/2007 6:12:42 AM]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [1/4/2005 12:51:00 AM]
DESKTOP.INI [8/10/2004 2:04:12 PM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [6/2/2006 4:29:26 AM]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 2:12:08 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2/18/2005 11:28:26 AM]
SpySubtract.lnk - C:\Program Files\InterMute\SpySubtract\spysub.exe [12/26/2006 4:19:31 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"nopctrl"= {A87B87D2-4119-4049-819A-C8DB82EA1C1D} - C:\WINDOWS\nopctrl.dll [11/15/2007 12:01 PM 327680]

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2007-11-20 21:05:58 ------------
 

Attachments

·
TSF-Enthusiast
Joined
·
923 Posts
Apologies for the delay in responding.

The workload on this forum is intense, and sometimes it is not possible to respond to every
inquiry.

Please do the following:

Download SDFix
Save it to the Desktop
Right click SDFix.zip
Select: Extract All
Follow the prompts...​
Now, reboot to Safe Mode
  • When the machine starts, tap the F8 key before Windows starts
  • You are presented with a Windows XP Advanced Options menu.
  • Select the option for Safe Mode using the arrow keys.
  • Press Enter to boot into Safe Mode.
In Safe Mode, open the SDFix folder on the Desktop
  • Double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • The process removes any Trojan Services or Registry Entries found, and then prompts you to press any key to Reboot.
  • Press any key to restart the PC.
  • When the PC restarts the SDFix will run again and complete the removal process
  • It then displays Finished
  • Press any key to end the script and load the Desktop icons.
  • Once the Desktop icons load, the SDFix report opens on screen and saves itself in the SDFix folder as Report.txt.
Next, download ComboFix
Save to the Desktop. <<< Important!!

Follow the prompts.
Then type 1 and press Enter to begin the scan.

Do not mouse-click the ComboFix window while it runs. It may cause it to stall.

When finished, a log, ComboFix.txt, is produced.

~~~~
Run HijackThis once again to obtain a new log.

~~~~
Please provide the contents of the ComboFix log , the SDFix Report.txt, and the new HijackThis log in your reply.
 

·
Registered
Joined
·
5 Posts
Discussion Starter #3
Hi thanks for the help - here's my log - well all I can find is the one from SDFix - I did the combofix and hijack this, but don't know where to find the logs?

SDFix: Version 1.115

Run by Michelle on Tue 11/27/2007 at 03:27 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Michelle\Desktop\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\D8.TMP - Deleted
C:\DD.TMP - Deleted
C:\DE.TMP - Deleted
C:\DF.TMP - Deleted
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe - Deleted
C:\WINDOWS\bonsws.dll - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\ddkret.dll - Deleted
C:\WINDOWS\nopctrl.dll - Deleted
C:\WINDOWS\oprevtdp.dll - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\sawkip.exe - Deleted
C:\WINDOWS\search_res.txt - Deleted
C:\WINDOWS\system32\delFSF.bat - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 15:38:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"="C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1154390723\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1154390723\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Common Files\\AOL\\1154390723\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1154390723\\ee\\aolsoftware.exe:*:Enabled:AOL Services"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1154390723\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1154390723\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\Michelle\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\PRIMOSDK.DLL"
Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\PX.DLL"
Wed 28 Jul 2004 56,832 A..H. --- "C:\DELL\PXCPYA64.EXE"
Wed 28 Jul 2004 108,544 A..H. --- "C:\DELL\PXCPYI64.EXE"
Wed 18 Aug 2004 389,120 A..H. --- "C:\DELL\PXDRV.DLL"
Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\PXHELP20.SYS"
Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\PXHELP64.SYS"
Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\PXHELPER.SYS"
Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\PXHLPA64.SYS"
Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\PXHPINST.EXE"
Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\PXINSA64.EXE"
Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\PXINSI64.EXE"
Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\PXMAS.DLL"
Wed 28 Jul 2004 57,344 A..H. --- "C:\DELL\PXSETUP.EXE"
Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\PXWAVE.DLL"
Thu 20 May 2004 28,672 A..H. --- "C:\DELL\VXBLOCK.DLL"
Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\MEDIAEXE\PRIMOSDK.DLL"
Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\MEDIAEXE\PX.DLL"
Wed 28 Jul 2004 56,832 A..H. --- "C:\DELL\MEDIAEXE\PXCPYA64.EXE"
Wed 28 Jul 2004 108,544 A..H. --- "C:\DELL\MEDIAEXE\PXCPYI64.EXE"
Wed 18 Aug 2004 389,120 A..H. --- "C:\DELL\MEDIAEXE\PXDRV.DLL"
Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\MEDIAEXE\PXHELP20.SYS"
Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\MEDIAEXE\PXHELP64.SYS"
Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\MEDIAEXE\PXHELPER.SYS"
Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\MEDIAEXE\PXHLPA64.SYS"
Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXHPINST.EXE"
Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\MEDIAEXE\PXINSA64.EXE"
Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\MEDIAEXE\PXINSI64.EXE"
Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\MEDIAEXE\PXMAS.DLL"
Wed 28 Jul 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXSETUP.EXE"
Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\MEDIAEXE\PXWAVE.DLL"
Thu 20 May 2004 28,672 A..H. --- "C:\DELL\MEDIAEXE\VXBLOCK.DLL"
Wed 1 Sep 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
Wed 1 Sep 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
Wed 1 Sep 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
Tue 26 Dec 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 11 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Cara\Local Settings\Temp\BIT3E.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Cara\Local Settings\Temp\BIT42.tmp"
Sun 18 Nov 2007 0 A..H. --- "C:\Documents and Settings\Cara\Local Settings\Temp\BIT5D.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Cara\Local Settings\Temp\BIT7F.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Cara\Local Settings\Temp\BIT8.tmp"
Sat 17 Nov 2007 0 A..H. --- "C:\Documents and Settings\Cara\Local Settings\Temp\BIT81.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Cara\Local Settings\Temp\BITC3F.tmp"
Thu 28 Apr 2005 165,376 ...H. --- "C:\Documents and Settings\Michelle\My Documents\grants\~WRL0002.tmp"
Thu 10 Mar 2005 27,648 ...H. --- "C:\Documents and Settings\Michelle\My Documents\winery\~WRL0005.tmp"
Sun 28 Oct 2007 1,386 A..H. --- "C:\Program Files\Common Files\AOL\IPHSend\IPH.BAK"
Wed 8 Aug 2007 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg"
Wed 8 Aug 2007 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg"
Tue 11 Apr 2006 2,461,696 A..H. --- "C:\Documents and Settings\Michelle\Application Data\U3\temp\Launchpad Removal.exe"
Tue 26 Dec 2006 4,348 ...H. --- "C:\Documents and Settings\Cara\Application Data\Real\Rhapsody\wmlicbackup\drmv1key.bak"
Mon 10 Sep 2007 20 A..H. --- "C:\Documents and Settings\Cara\Application Data\Real\Rhapsody\wmlicbackup\drmv1lic.bak"
Thu 2 Feb 2006 312 A.SH. --- "C:\Documents and Settings\Cara\Application Data\Real\Rhapsody\wmlicbackup\drmv2key.bak"
Tue 26 Dec 2006 4,348 ...H. --- "C:\Documents and Settings\Michelle\Application Data\Real\Rhapsody\wmlicbackup\drmv1key.bak"
Fri 29 Dec 2006 20 A..H. --- "C:\Documents and Settings\Michelle\Application Data\Real\Rhapsody\wmlicbackup\drmv1lic.bak"
Thu 2 Feb 2006 312 A.SH. --- "C:\Documents and Settings\Michelle\Application Data\Real\Rhapsody\wmlicbackup\drmv2key.bak"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Michelle\LOCALS~1\Temp\BIT2D.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Michelle\LOCALS~1\Temp\BITC58.tmp"
Fri 20 Jul 2007 8 A..H. --- "C:\Documents and Settings\Bill\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Fri 20 Jul 2007 8 A..H. --- "C:\Documents and Settings\Bill\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Fri 20 Jul 2007 8 A..H. --- "C:\Documents and Settings\Bill\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Fri 20 Jul 2007 8 A..H. --- "C:\Documents and Settings\Bill\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Sun 26 Aug 2007 8 A..H. --- "C:\Documents and Settings\Breanne\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sun 26 Aug 2007 8 A..H. --- "C:\Documents and Settings\Breanne\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Sun 26 Aug 2007 8 A..H. --- "C:\Documents and Settings\Breanne\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Sun 26 Aug 2007 8 A..H. --- "C:\Documents and Settings\Breanne\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Sat 28 Apr 2007 8 A..H. --- "C:\Documents and Settings\Cara\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Mon 30 Apr 2007 8 A..H. --- "C:\Documents and Settings\Cara\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Mon 30 Apr 2007 8 A..H. --- "C:\Documents and Settings\Cara\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Mon 30 Apr 2007 8 A..H. --- "C:\Documents and Settings\Cara\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Sun 23 Sep 2007 8 A..H. --- "C:\Documents and Settings\Double x l Master\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sun 23 Sep 2007 8 A..H. --- "C:\Documents and Settings\Double x l Master\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Sun 23 Sep 2007 8 A..H. --- "C:\Documents and Settings\Double x l Master\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Sun 23 Sep 2007 8 A..H. --- "C:\Documents and Settings\Double x l Master\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Mon 9 Jul 2007 8 A..H. --- "C:\Documents and Settings\Guest\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Mon 9 Jul 2007 8 A..H. --- "C:\Documents and Settings\Guest\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Thu 1 Nov 2007 8 A..H. --- "C:\Documents and Settings\Guest\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Sun 29 Apr 2007 8 A..H. --- "C:\Documents and Settings\Michelle\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sun 29 Apr 2007 8 A..H. --- "C:\Documents and Settings\Michelle\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Tue 1 May 2007 8 A..H. --- "C:\Documents and Settings\Michelle\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Tue 1 May 2007 8 A..H. --- "C:\Documents and Settings\Michelle\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

Finished!

SDFix: Version 1.115

Run by Michelle on Tue 11/27/2007 at 03:27 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Michelle\Desktop\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\D8.TMP - Deleted
C:\DD.TMP - Deleted
C:\DE.TMP - Deleted
C:\DF.TMP - Deleted
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe - Deleted
C:\WINDOWS\bonsws.dll - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\ddkret.dll - Deleted
C:\WINDOWS\nopctrl.dll - Deleted
C:\WINDOWS\oprevtdp.dll - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\sawkip.exe - Deleted
C:\WINDOWS\search_res.txt - Deleted
C:\WINDOWS\system32\delFSF.bat - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 15:38:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"="C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1154390723\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1154390723\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Common Files\\AOL\\1154390723\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1154390723\\ee\\aolsoftware.exe:*:Enabled:AOL Services"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1154390723\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1154390723\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\Michelle\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\PRIMOSDK.DLL"
Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\PX.DLL"
Wed 28 Jul 2004 56,832 A..H. --- "C:\DELL\PXCPYA64.EXE"
Wed 28 Jul 2004 108,544 A..H. --- "C:\DELL\PXCPYI64.EXE"
Wed 18 Aug 2004 389,120 A..H. --- "C:\DELL\PXDRV.DLL"
Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\PXHELP20.SYS"
Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\PXHELP64.SYS"
Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\PXHELPER.SYS"
Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\PXHLPA64.SYS"
Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\PXHPINST.EXE"
Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\PXINSA64.EXE"
Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\PXINSI64.EXE"
Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\PXMAS.DLL"
Wed 28 Jul 2004 57,344 A..H. --- "C:\DELL\PXSETUP.EXE"
Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\PXWAVE.DLL"
Thu 20 May 2004 28,672 A..H. --- "C:\DELL\VXBLOCK.DLL"
Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\MEDIAEXE\PRIMOSDK.DLL"
Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\MEDIAEXE\PX.DLL"
Wed 28 Jul 2004 56,832 A..H. --- "C:\DELL\MEDIAEXE\PXCPYA64.EXE"
Wed 28 Jul 2004 108,544 A..H. --- "C:\DELL\MEDIAEXE\PXCPYI64.EXE"
Wed 18 Aug 2004 389,120 A..H. --- "C:\DELL\MEDIAEXE\PXDRV.DLL"
Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\MEDIAEXE\PXHELP20.SYS"
Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\MEDIAEXE\PXHELP64.SYS"
Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\MEDIAEXE\PXHELPER.SYS"
Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\MEDIAEXE\PXHLPA64.SYS"
Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXHPINST.EXE"
Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\MEDIAEXE\PXINSA64.EXE"
Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\MEDIAEXE\PXINSI64.EXE"
Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\MEDIAEXE\PXMAS.DLL"
Wed 28 Jul 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXSETUP.EXE"
Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\MEDIAEXE\PXWAVE.DLL"
Thu 20 May 2004 28,672 A..H. --- "C:\DELL\MEDIAEXE\VXBLOCK.DLL"
Wed 1 Sep 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
Wed 1 Sep 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
Wed 1 Sep 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
Tue 26 Dec 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 11 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Cara\Local Settings\Temp\BIT3E.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Cara\Local Settings\Temp\BIT42.tmp"
Sun 18 Nov 2007 0 A..H. --- "C:\Documents and Settings\Cara\Local Settings\Temp\BIT5D.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Cara\Local Settings\Temp\BIT7F.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Cara\Local Settings\Temp\BIT8.tmp"
Sat 17 Nov 2007 0 A..H. --- "C:\Documents and Settings\Cara\Local Settings\Temp\BIT81.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\Cara\Local Settings\Temp\BITC3F.tmp"
Thu 28 Apr 2005 165,376 ...H. --- "C:\Documents and Settings\Michelle\My Documents\grants\~WRL0002.tmp"
Thu 10 Mar 2005 27,648 ...H. --- "C:\Documents and Settings\Michelle\My Documents\winery\~WRL0005.tmp"
Sun 28 Oct 2007 1,386 A..H. --- "C:\Program Files\Common Files\AOL\IPHSend\IPH.BAK"
Wed 8 Aug 2007 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg"
Wed 8 Aug 2007 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg"
Tue 11 Apr 2006 2,461,696 A..H. --- "C:\Documents and Settings\Michelle\Application Data\U3\temp\Launchpad Removal.exe"
Tue 26 Dec 2006 4,348 ...H. --- "C:\Documents and Settings\Cara\Application Data\Real\Rhapsody\wmlicbackup\drmv1key.bak"
Mon 10 Sep 2007 20 A..H. --- "C:\Documents and Settings\Cara\Application Data\Real\Rhapsody\wmlicbackup\drmv1lic.bak"
Thu 2 Feb 2006 312 A.SH. --- "C:\Documents and Settings\Cara\Application Data\Real\Rhapsody\wmlicbackup\drmv2key.bak"
Tue 26 Dec 2006 4,348 ...H. --- "C:\Documents and Settings\Michelle\Application Data\Real\Rhapsody\wmlicbackup\drmv1key.bak"
Fri 29 Dec 2006 20 A..H. --- "C:\Documents and Settings\Michelle\Application Data\Real\Rhapsody\wmlicbackup\drmv1lic.bak"
Thu 2 Feb 2006 312 A.SH. --- "C:\Documents and Settings\Michelle\Application Data\Real\Rhapsody\wmlicbackup\drmv2key.bak"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Michelle\LOCALS~1\Temp\BIT2D.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Michelle\LOCALS~1\Temp\BITC58.tmp"
Fri 20 Jul 2007 8 A..H. --- "C:\Documents and Settings\Bill\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Fri 20 Jul 2007 8 A..H. --- "C:\Documents and Settings\Bill\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Fri 20 Jul 2007 8 A..H. --- "C:\Documents and Settings\Bill\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Fri 20 Jul 2007 8 A..H. --- "C:\Documents and Settings\Bill\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Sun 26 Aug 2007 8 A..H. --- "C:\Documents and Settings\Breanne\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sun 26 Aug 2007 8 A..H. --- "C:\Documents and Settings\Breanne\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Sun 26 Aug 2007 8 A..H. --- "C:\Documents and Settings\Breanne\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Sun 26 Aug 2007 8 A..H. --- "C:\Documents and Settings\Breanne\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Sat 28 Apr 2007 8 A..H. --- "C:\Documents and Settings\Cara\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Mon 30 Apr 2007 8 A..H. --- "C:\Documents and Settings\Cara\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Mon 30 Apr 2007 8 A..H. --- "C:\Documents and Settings\Cara\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Mon 30 Apr 2007 8 A..H. --- "C:\Documents and Settings\Cara\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Sun 23 Sep 2007 8 A..H. --- "C:\Documents and Settings\Double x l Master\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sun 23 Sep 2007 8 A..H. --- "C:\Documents and Settings\Double x l Master\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Sun 23 Sep 2007 8 A..H. --- "C:\Documents and Settings\Double x l Master\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Sun 23 Sep 2007 8 A..H. --- "C:\Documents and Settings\Double x l Master\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Mon 9 Jul 2007 8 A..H. --- "C:\Documents and Settings\Guest\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Mon 9 Jul 2007 8 A..H. --- "C:\Documents and Settings\Guest\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Thu 1 Nov 2007 8 A..H. --- "C:\Documents and Settings\Guest\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Sun 29 Apr 2007 8 A..H. --- "C:\Documents and Settings\Michelle\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sun 29 Apr 2007 8 A..H. --- "C:\Documents and Settings\Michelle\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Tue 1 May 2007 8 A..H. --- "C:\Documents and Settings\Michelle\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Tue 1 May 2007 8 A..H. --- "C:\Documents and Settings\Michelle\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

Finished!
 

·
TSF-Enthusiast
Joined
·
923 Posts
ComboFix automatically saves the log file to C:\combofix.txt
You need to search for it in C:\


To obtain the HijackThis log:

Have HijackThis scan your computer by clicking on the Scan button designated by the red arrow (below) (Disregard the blue arrow!)


After you are presented with a screen listing all the items found by the program, click on the Save Log button, designated by the red arrow (below):

Save the log to your Desktop or somewhere you will remember, and then post it here.
 

·
Registered
Joined
·
5 Posts
Discussion Starter #5
Found them - Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:45 AM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1154390723\ee\AOLSoftware.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\InterMute\SpySubtract\spysub.exe
C:\Program Files\InterMute\AdSubtract\AdSub.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:3384
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154390723\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - S-1-5-18 Startup: AdSubtract.lnk = C:\Program Files\InterMute\AdSubtract\AdSub.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: PowerReg Scheduler V3.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AdSubtract.lnk = C:\Program Files\InterMute\AdSubtract\AdSub.exe (User 'Default user')
O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user')
O4 - Startup: AdSubtract.lnk = C:\Program Files\InterMute\AdSubtract\AdSub.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\spysub.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\InterMute\AdSubtract\AdSub.exe/360
O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\InterMute\AdSubtract\AdSub.exe/361
O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\InterMute\AdSubtract\AdSub.exe/359
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195253896578
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12758 bytes
ComboFix 07-11-19.4 - Michelle 2007-11-27 16:06:26.1 - NTFSx86
Running from: C:\Documents and Settings\Michelle\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Cara\Desktop\Error Cleaner.url
C:\Documents and Settings\Cara\Desktop\Privacy Protector.url
C:\Documents and Settings\Cara\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Cara\Favorites\Error Cleaner.url
C:\Documents and Settings\Cara\Favorites\Privacy Protector.url
C:\Documents and Settings\Cara\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\Cara\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Cara\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Cara\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack9.exe
C:\Program Files\QdrPack\trgts.gz

.
((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))
.

2007-11-27 15:26 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-20 21:04 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-20 20:59 <DIR> d-------- C:\Deckard
2007-11-20 14:54 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2007-11-20 14:54 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2007-11-20 07:32 <DIR> d-------- C:\Documents and Settings\Cara\Application Data\Lavasoft
2007-11-19 19:06 <DIR> d-------- C:\Documents and Settings\Michelle\Application Data\Lavasoft
2007-11-18 22:16 <DIR> d-------- C:\Documents and Settings\Bill\Application Data\Symantec
2007-11-18 22:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-11-18 22:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2007-11-18 21:24 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-11-18 10:17 <DIR> d-------- C:\Documents and Settings\Cara\Application Data\Symantec
2007-11-17 12:51 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-11-17 12:51 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2007-11-17 11:39 <DIR> d-------- C:\Documents and Settings\Michelle\Application Data\Symantec
2007-11-17 11:35 <DIR> d-------- C:\Program Files\Windows Sidebar
2007-11-17 11:34 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-11-17 11:32 <DIR> d-------- C:\Program Files\Symantec
2007-11-17 11:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-17 11:32 123,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2007-11-17 11:32 60,800 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2007-11-17 11:32 10,740 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.CAT
2007-11-17 11:32 805 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.INF
2007-11-17 11:26 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-17 07:43 <DIR> d---s---- C:\Documents and Settings\LocalService\UserData
2007-11-16 12:08 <DIR> d-------- C:\Program Files\XoftSpySE
2007-11-11 10:38 <DIR> d-------- C:\Documents and Settings\Double x l Master\Application Data\Microsoft Games
2007-11-07 21:14 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-07 21:13 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-11-07 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-04 14:19 <DIR> d-------- C:\Documents and Settings\Cara\Application Data\Microsoft Games
2007-11-04 13:05 <DIR> d-------- C:\Program Files\QdrModule

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-20 21:07 --------- d-----w C:\Program Files\iTunes
2007-11-20 21:04 --------- d-----w C:\Program Files\DellSupport
2007-11-20 20:59 --------- d-----w C:\Program Files\Bonjour
2007-11-19 03:30 5,336 ----a-w C:\WINDOWS\SYSTEM32\tmp.reg
2007-11-17 16:23 --------- d-----w C:\Program Files\McAfee.com
2007-11-17 16:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-11-16 12:46 --------- d-----w C:\Documents and Settings\Bill\Application Data\McAfee.com Personal Firewall
2007-11-08 02:16 --------- d-----w C:\Program Files\QuickTime
2007-11-08 02:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-26 03:36 8,454,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-02 01:36 8,413 ----a-w C:\WINDOWS\system32\drivers\mcstrm.sys
2007-10-01 23:48 --------- d-----w C:\Program Files\Best Buy Rhapsody
2007-08-29 19:18 577,928 ----a-w C:\WINDOWS\SYSTEM32\SymNeti.dll
2005-07-12 13:05 0 -c-ha-w C:\Documents and Settings\Cara\hpothb07.dat
2005-01-18 18:21 0 -c-ha-w C:\Documents and Settings\Michelle\hpothb07.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 22:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-11-17 11:35 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 22:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 22:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 14:33]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 02:05]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 13:03]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-01-04 00:51]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 07:44]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-12 08:23]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 15:41]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-02-02 03:41]
"masqform.exe"="C:\Program Files\PureEdge\Viewer 6.0\masqform.exe" [2003-12-03 11:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-17 23:20]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 08:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 08:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 08:36]
"HostManager"="C:\Program Files\Common Files\AOL\1154390723\ee\AOLSoftware.exe" [2006-09-25 19:52]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 13:03]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 00:07]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 23:53]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 14:08]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]

C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\
AdSubtract.lnk - C:\Program Files\InterMute\AdSubtract\AdSub.exe [2006-12-26 16:19:29]
PowerReg Scheduler V3.exe [2005-04-28 18:01:31]

C:\Documents and Settings\Breanne\Start Menu\Programs\Startup\
Registration Open Season.LNK - C:\Program Files\Ubisoft\Open Season\RegistrationReminder\RegistrationReminder.exe [2006-12-25 12:31:30]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinCinema Manager.lnk - C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe [2007-06-14 06:12:42]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-01-04 00:51:00]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-02 04:29:26]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-02-18 11:28:26]
SpySubtract.lnk - C:\Program Files\InterMute\SpySubtract\spysub.exe [2006-12-26 16:19:31]

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys
S3 COH_Mon;COH_Mon;\??\C:\WINDOWS\system32\Drivers\COH_Mon.sys
S3 HSFHWCD2;HSFHWCD2;C:\WINDOWS\system32\DRIVERS\HSFHWCD2.sys
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-11-25 01:05:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-27 19:37:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe
"2007-11-27 01:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Michelle.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2005-02-08 03:40:12 C:\WINDOWS\Tasks\WebReg 20050207224012.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exeb/TaskName 20050207224012 /N
"2007-11-27 20:38:56 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-11-27 08:00:00 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 16:14:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-27 16:15:53
.
--- E O F ---
 

·
TSF-Enthusiast
Joined
·
923 Posts


If you are not having malware problems, you are good to go!

Please do the following to wrap up:

  • Go to Start then Run
  • Type Combofix /u in the Open box, and click OK. (Notice the space before /u)
  • This command uninstalls ComboFix, implements some cleanup procedures, and resets System Restore points to prevent re-infection from old Restore points.



Also remove the following folder (blue):
C:\Documents and Settings\Michelle\Desktop\SDFix



Some of the best suggestions and programs to remain malware free are contained in Tony Klein’s article:
How Did I Get Infected In The First Place

It is also a very good practice to perform an online virus scan on a regular basis.
Scanners do not have identical malware definitions, and what one misses, another one can catch.
Some of the scanners are:
BitDefender Online Scanner
ESET NOD32 Online Scanner
F-Secure Online Scanner
Panda ActiveScan
TrendMicro HouseCall

~~~~
If you have any questions or comments, post back. Otherwise...

Good luck, and safe journey through the Internet!!
 
1 - 10 of 10 Posts
Status
Not open for further replies.
Top