Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Dropper Removal

Started by playon , Mar 06 2008 12:22 PM

  • Please log in to reply

#1
playon
Posted 06 March 2008 - 12:22 PM

playon

    New Member

  • Member
  • Pip
  • 2 posts
I was reading a thread on the removal of Trojan Dropper I ran the Dss software below are my txt files.



Extra txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 73%
Physical Memory (total/avail): 509.98 MiB / 133.71 MiB
Pagefile Memory (total/avail): 1245.32 MiB / 831.96 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.54 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.21 GiB total, 28.33 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD400BB-75DEA0 - 37.25 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.

AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Novell\\GroupWise\\grpwise.exe"="C:\\Novell\\GroupWise\\grpwise.exe:*:Enabled:Novell GroupWise"
"C:\\Novell\\GroupWise\\notify.exe"="C:\\Novell\\GroupWise\\notify.exe:*:Enabled:Novell Notify"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator.T12A\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=T12A
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator.T12A
LOGONSERVER=\\T12A
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Windows Resource Kits\Tools\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Attachmate\E!E2K\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1.T12\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1.T12\LOCALS~1\Temp
USERDOMAIN=T12A
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator.T12A
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator.T12A (admin)
Administrator.T12A (admin)
hpalomino (admin)
ddonaldson (admin)

jejones (admin)
Jdouglas (admin)
karnold (admin)
jbhorton (new local, admin, net ready)
hisadmin.USADIR (admin)
hisadmin.USADIR (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Attachmate myEXTRA! Enterprise 7.11 --> MsiExec.exe /I{ACA93BC6-A0E1-4032-BFD5-50D42BF64570}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Citrix Presentation Server Client - Web Only --> MsiExec.exe /X{C49067A8-8212-4A82-A4D9-1519701644F0}
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
GroupWise --> MsiExec.exe /I{97A2FF67-1EB6-483C-A6E6-716D91298763}
GroupWise Internet Browser Mail Integration --> C:\Novell\GroupWise\gwmailto.exe /uninstall
GroupWise Tip of the Day C3PO --> C:\Novell\GroupWise\gwtip.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel ® Pro Alerting Agent --> MsiExec.exe /I{3C50A915-DD33-4802-B83B-9EA997D3337B}
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Lexmark Printer Software Uninstall --> C:\Program Files\Lexmark\Install\Uninstall.exe
LiveUpdate 2.0 (Symantec Corporation) --> C:\PROGRA~1\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
OMCI --> MsiExec.exe /X{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Symantec AntiVirus --> MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows NT Messaging --> RunDll32 setupapi.dll,InstallHinfSection Uninstall 4 MSMail.inf
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type13200 / Error
Event Submitted/Written: 03/04/2008 07:51:07 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type13190 / Error
Event Submitted/Written: 03/04/2008 04:02:20 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: Trojan Horse in File: C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP195\A0038394.exe by: Auto-Protect scan. Action: Delete succeeded : Access denied. Action Description: The file was deleted successfully.

Event Record #/Type13189 / Error
Event Submitted/Written: 03/04/2008 04:02:20 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: Trojan Horse in File: C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP195\A0038393.exe by: Auto-Protect scan. Action: Delete succeeded : Access denied. Action Description: The file was deleted successfully.

Event Record #/Type13188 / Error
Event Submitted/Written: 03/04/2008 04:02:20 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: Trojan Horse in File: C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP195\A0038392.exe by: Auto-Protect scan. Action: Delete succeeded : Access denied. Action Description: The file was deleted successfully.

Event Record #/Type13187 / Error
Event Submitted/Written: 03/04/2008 04:02:20 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: Trojan Horse in File: C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP195\A0038391.exe by: Auto-Protect scan. Action: Delete succeeded : Access denied. Action Description: The file was deleted successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type10779 / Error
Event Submitted/Written: 03/06/2008 07:40:13 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service Iap with arguments "-Service"
in order to run the server:
{B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Event Record #/Type10778 / Error
Event Submitted/Written: 03/06/2008 07:40:07 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service Iap with arguments "-Service"
in order to run the server:
{B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Event Record #/Type10777 / Error
Event Submitted/Written: 03/06/2008 07:26:07 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service Iap with arguments "-Service"
in order to run the server:
{B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Event Record #/Type10776 / Error
Event Submitted/Written: 03/06/2008 06:50:12 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service Iap with arguments "-Service"
in order to run the server:
{B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Event Record #/Type10775 / Error
Event Submitted/Written: 03/06/2008 06:50:07 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service Iap with arguments "-Service"
in order to run the server:
{B0C61A79-0870-4BE4-9153-9CCAF422E31F}



-- End of Deckard's System Scanner: finished at 2008-03-06 12:12:13 ------------




Main txt


Deckard's System Scanner v20071014.68
Run by Administrator on 2008-03-06 12:09:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
31: 2008-03-06 18:09:34 UTC - RP199 - Deckard's System Scanner Restore Point
30: 2008-03-06 16:49:33 UTC - RP198 - Installed AVG 7.5
29: 2008-03-05 19:33:05 UTC - RP197 - System Checkpoint
28: 2008-03-04 16:52:24 UTC - RP196 - Installed Ad-Aware 2007
27: 2008-03-04 01:36:17 UTC - RP195 - System Checkpoint


-- First Restore Point --
1: 2008-02-07 09:27:10 UTC - RP169 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-06 12:10:56
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\windows\system32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\windows\system32\tlntsvr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\windows\explorer.exe
C:\windows\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
\\t64k\H\DSS anti virus removal\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usouthal.edu/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.usouthal.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NGClient] C:\Program Files\SYMANTEC\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\windows\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\windows\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.www.telerad.usouthal.emed.net (HKCU)
O15 - Trusted Zone: http://dashboard.usouthal.edu (HKCU)
O15 - Trusted Zone: https://healthgate.usouthal.edu (HKCU)
O15 - Trusted Zone: http://hos.usouthal.edu (HKCU)
O15 - Trusted Zone: https://magicweb.usouthal.edu (HKCU)
O15 - Trusted Zone: *.netaccess.usouthal.edu (HKCU)
O15 - Trusted Zone: http://oasgp.usouthal.edu (HKCU)
O15 - Trusted Zone: http://oasgt.usouthal.edu (HKCU)
O15 - Trusted Zone: http://sisformssrv.usouthal.edu (HKCU)
O15 - Trusted Zone: *.testnetaccess.usouthal.edu (HKCU)
O15 - Trusted IP Range: http://192.168.14.81 (HKCU)
O15 - Trusted IP Range: http://192.168.14.83 (HKCU)
O15 - Trusted IP Range: http://192.168.14.100 (HKCU)
O15 - Trusted IP Range: http://192.168.14.101 (HKCU)
O15 - Trusted IP Range: http://192.168.14.60 (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1096558951296
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse...se/ghplayer.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://aolsvc.aol.co...mesLauncher.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupd...8040.2959837963
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoe...ggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse...zylomplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse...opcaploader.cab
O17 - HKLM\Software\..\Telephony: DomainName = usadir.usa.usouthal.edu
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{CFAEC9F4-8EDE-406A-AEBF-3891BAEDD8BC}: Domain = usadir.usa.usouthal.edu
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = usadir.usa.usouthal.edu
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: SearchList = usouthal.edu,usadir.usa.usouthal.edu
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = usadir.usa.usouthal.edu
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: SearchList = usouthal.edu,usadir.usa.usouthal.edu
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = usadir.usa.usouthal.edu
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: SearchList = usouthal.edu,usadir.usa.usouthal.edu
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\system32\LogonDll.dll
O21 - SSODL: RunOnceBoot - {8062718d-6386-42e0-94f7-79ca0fd6723d} - C:\WINDOWS\Installer\{8062718d-6386-42e0-94f7-79ca0fd6723d}\RunOnceBoot.dll (file missing)
O21 - SSODL: zip - {9fee46eb-d2f7-4340-9a3c-110837d9af2a} - C:\WINDOWS\Installer\{9fee46eb-d2f7-4340-9a3c-110837d9af2a}\zip.dll (file missing)
O21 - SSODL: ComponentAlrt - {4418ba09-c2b7-4871-8f81-50f3c1403e69} - C:\WINDOWS\Installer\{4418ba09-c2b7-4871-8f81-50f3c1403e69}\ComponentAlrt.dll (file missing)
O21 - SSODL: BootKernel - {ad1f7375-e0a8-4ae8-beb6-0f4758c98c73} - C:\WINDOWS\Installer\{ad1f7375-e0a8-4ae8-beb6-0f4758c98c73}\BootKernel.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Ghost Client Agent (NGClient) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


--
End of file - 12143 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
R0 DeepFrz - c:\windows\system32\drivers\deepfrz.sys <Not Verified; Faronics Corporation; Deep Freeze 5>
R1 ATMDLC (Attachmate DLC Protocol) - c:\windows\system32\drivers\atmdlc.sys <Not Verified; Attachmate Corporation; myEXTRA! Enterprise>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 AsfAlrt - c:\windows\system32\drivers\asfalrt.sys <Not Verified; Intel Corporation; Intel Alert on LAN® 2>

S0 GhPostConfig (Ghost Post-Configuration Driver) - c:\windows\system32\drivers\ghpcw2k.sys <Not Verified; Symantec Corporation; Ghost Enterprise client>
S2 GhPostConfig_Auto (GhostPostConfig - Auto Phase Driver) - c:\windows\system32\drivers\ghpcw2k.sys <Not Verified; Symantec Corporation; Ghost Enterprise client>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ASFAgent (ASF Agent) - c:\program files\intel\asf agent\asfagent.exe <Not Verified; Intel Corporation; Intel® PRO Alerting Suite ASF 1.0 and ASF 2.0 Compatible>
R2 DF5Serv - c:\program files\faronics\deep freeze\install c-0\df5serv.exe <Not Verified; Faronics Corporation; Deep Freeze 5>
R2 Iap - c:\program files\dell\openmanage\client\iap.exe <Not Verified; Dell Computer Corporation; OpenManage Client Instrumentation>
R2 NGClient (Symantec Ghost Client Agent) - c:\program files\symantec\ghost\ngctw32.exe <Not Verified; Symantec Corporation; Symantec Ghost Enterprise>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-29 08:28:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-02-06 and 2008-03-06 -----------------------------

2008-03-06 11:52:09 0 dr-h----- C:\$VAULT$.AVG
2008-03-06 10:51:05 0 d-------- C:\Documents and Settings\Administrator.T12A\Application Data\AVG7
2008-03-06 10:50:11 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-06 08:37:06 0 d-------- C:\Documents and Settings\Administrator.T12A\Application Data\Macromedia
2008-03-05 15:22:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-05 07:39:24 691545 --a------ C:\WINDOWS\unins000.exe
2008-03-05 07:39:23 2542 --a------ C:\WINDOWS\unins000.dat
2008-03-04 13:32:40 0 d-------- C:\Documents and Settings\hisadmin.USADIR\Application Data\Macromedia
2008-03-04 11:27:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-04 10:52:33 0 d-------- C:\Program Files\Lavasoft
2008-03-04 10:52:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-04 10:51:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-04 10:09:30 0 d-------- C:\Documents and Settings\hisadmin.USADIR\Application Data\alot
2008-03-04 04:24:53 0 d-------- C:\Documents and Settings\LocalService\Application Data\alot
2008-03-03 19:15:23 0 d-------- C:\Program Files\XP Antivirus
2008-02-15 13:27:20 159744 --a------ C:\WINDOWS\system32\LexLog.dll <Not Verified; Lexmark International; Uninstall Log Interface DLL>
2008-02-15 13:27:20 0 d-------- C:\Program Files\Lexmark


-- Find3M Report ---------------------------------------------------------------

2008-03-06 08:51:32 0 d-------- C:\Program Files\Symantec AntiVirus
2008-03-04 10:51:44 0 d-------- C:\Program Files\Common Files
2008-03-04 10:40:35 0 d-------- C:\Program Files\Coupons


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [04/07/2003 05:19 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [04/07/2003 05:07 AM]
"NGClient"="C:\Program Files\SYMANTEC\Ghost\ngctw32.exe" [12/01/2001 11:01 AM]
"C2K"="C:\WINDOWS\Cyb2k.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/29/2004 03:44 PM]
"vptray"="C:\PROGRA~1\SYMANT~2\VPTray.exe" [03/12/2004 02:18 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [03/04/2008 12:11 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03/06/2008 10:49 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"RunOnceBoot"= {8062718d-6386-42e0-94f7-79ca0fd6723d} - C:\WINDOWS\Installer\{8062718d-6386-42e0-94f7-79ca0fd6723d}\RunOnceBoot.dll [ ]
"zip"= {9fee46eb-d2f7-4340-9a3c-110837d9af2a} - C:\WINDOWS\Installer\{9fee46eb-d2f7-4340-9a3c-110837d9af2a}\zip.dll [ ]
"ComponentAlrt"= {4418ba09-c2b7-4871-8f81-50f3c1403e69} - C:\WINDOWS\Installer\{4418ba09-c2b7-4871-8f81-50f3c1403e69}\ComponentAlrt.dll [ ]
"BootKernel"= {ad1f7375-e0a8-4ae8-beb6-0f4758c98c73} - C:\WINDOWS\Installer\{ad1f7375-e0a8-4ae8-beb6-0f4758c98c73}\BootKernel.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]
LogonDll.dll 07/07/2005 04:12 AM 49152 C:\windows\system32\LogonDll.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to SSS.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to SSS.lnk
backup=C:\WINDOWS\pss\Shortcut to SSS.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antiviirus]
C:\Program Files\antiviirus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72615ab1-2922-11d9-bc36-806d6172696f}]
AutoRun\command- E:\Programs\nu2menu\nu2menu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a063fc19-1d58-11d9-8009-806d6172696f}]
AutoRun\command- D:\Programs\nu2menu\nu2menu.exe

*Newly Created Service* - AVG7ALRT
*Newly Created Service* - AVG7CORE
*Newly Created Service* - AVG7RSXP
*Newly Created Service* - AVG7UPDSVC
*Newly Created Service* - AVGCLEAN
*Newly Created Service* - AVGEMS
*Newly Created Service* - AVGTDI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 hi.studioaperto.net
127.0.0.1 www.webbrowser.tv
127.0.0.1 www.wazzupnet.com
127.0.0.1 gueb.com
127.0.0.1 kabex.com
127.0.0.1 www.hityou.com
127.0.0.1 miosearch.com
127.0.0.1 wazzupnet.com

8039 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-03-06 12:12:13 ------------


Your help would be greatly appreciated.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP