Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware, trojan infection [RESOLVED]

Started by jtroop , Mar 30 2008 04:47 PM

  • This topic is locked This topic is locked

#1
jtroop
Posted 30 March 2008 - 04:47 PM

jtroop

    Member

  • Member
  • PipPip
  • 70 posts
I clicked on a myspace profile and got tricked into thinking windows security center was alerting me to an infection. When I clicked what I thought was an authentic windows security center link, my computer became infected. The desktop background changed, fake Windows Security Center virus and spyware warnings came up in a window and IE then automatically opened and went to a site selling Spymaxx. My task manager stated it was disabled by the administrator.

Multiple warning windows in the form of a yellow triangle in the task bar also popped up indicating various spyware and trojans infecting the computer and when clicked also sent me to the same product site.

The background was changed as well saing Windows had detected a virus or spyware and to click on the warning. It also took you to the site.

I ran AVG virus scan, spybot S&D, and super anti spyware. The malware appears to be gone but I'm not sure. The computer is running much slower than before. It takes a much longer time to start up and shut down.


I have followed and run all of the steps as outlined in the "You must read this first before posting a HJT log."

My computer has Windows XP with SP2.

AV program: AVG 7.5.519
Spyare programs: SAS and Spybot S&D.

AVG anti spyware didn't generate me a log even though I directed it to generate a log.

SAS log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/30/2008 at 05:20 PM

Application Version : 4.0.1154

Core Rules Database Version : 3427
Trace Rules Database Version: 1419

Scan type : Complete Scan
Total Scan Time : 03:27:34

Memory items scanned : 615
Memory threats detected : 0
Registry items scanned : 5695
Registry threats detected : 3
File items scanned : 71054
File threats detected : 11

Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}

Adware.2020Search
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}

Adware.Second Thought
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}

Malware.Installer-Pkg/Gen
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\DELL GAMES\LAUNCH DINER DASH.LNK
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\DELL GAMES\LAUNCH POLAR GOLFER.LNK
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{B4B8F5EA-2FEB-4C52-AF94-0C1A8721BBF1}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE

Rogue.Unclassified/Loader
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP319\A0286272.EXE

Trojan.FakeDrop-2020Search
C:\WINDOWS\2020SEARCH.DLL

Trojan.FakeDrop-BJam
C:\WINDOWS\BJAM.DLL


-----------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:33 PM, on 4/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\AOL\1142538487\ee\AOLSoftware.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
c:\program files\common files\aol\1142538487\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1142538487\ee\aolsoftware.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp....search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142538487\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...._v1-0-3-36.cab
O16 - DPF: {4C8D6404-A9F6-4236-8488-6C5732CB3BFA} (TCBrowseForFolder Class) - http://musicstore.so....BLDActiveX.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://musicstore.so....rk/install.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx...owserPlugin.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {86ED3659-02F6-465D-8F19-A9334614CCC3} (TCBrowseForFolder Class) - http://musicstore.so...x/TPActiveX.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://198.182.65.15...sCamControl.cab
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://cdn.digitalci...m/video/kdx.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart....loadClient.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.strea....INIBrowser.CAB
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.gamehouse...outLauncher.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://trueswitch.co...eInstallSBC.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe



HJT uninstall list:


2Wire Wireless Client
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
ALPS Touch Pad Driver
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
ArcSoft Camera Suite 1.3
AT&T Yahoo! Applications
AVG 7.5
Broadcom Management Programs 2
CCleaner (remove only)
CK Font Organizer
Conexant D110 MDC V.9x Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support Center
Dell Wireless WLAN Card
DellSupport
Diego's Wolfpup Rescue
Digital Content Portal
Digital Line Detect
Dora's Carnival Adventure
EducateU
ELIcon
ESPNMotion
Galaxy of Games 201
Get High Speed Internet!
Google
Google Earth
Google Video Uploader
HijackThis 2.0.2
Intel® Graphics Media Accelerator Driver for Mobile
Internal Network Card Power Management
iPod for Windows 2006-03-23
iTunes
J2SE Runtime Environment 5.0 Update 7
Java 2 Runtime Environment, SE v1.4.2_03
Java™ SE Runtime Environment 6 Update 1
Jetcast 1.0.1
MadeSafe Photopaint
Magic DVD Ripper V5.0.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Reader
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2000 SR-1
Microsoft Works
Modem Helper
Mozilla Firefox (2.0.0.7)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch for Windows Media Player
NetWaiting
Otto
PassAlong Software
Philips Device Manager
Polar Bowler
PowerDVD 5.5
QuickSet
QuickTime
QuickVerse 7.0
RCA SMV Video Converter
RealPlayer
SBC Yahoo! DSL Activation
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
SureThing CD Labeler SE - Sonic
URGE
URL Assistant
Viewpoint Media Player
Wal-Mart Music Downloads Store
WebCyberCoach 3.2 Dell
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player 11
WordPerfect Office 12
Yahoo! Photos Easy Upload Tool
Yahoo! Photos Print-at-Home Tool
Zuma Deluxe


Thank you for your assistance!

Edited by jtroop, 02 April 2008 - 03:18 AM.

  • 0

Advertisements

#2
jtroop
Posted 31 March 2008 - 08:48 AM

jtroop

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
I am not trying to bump the post as I'll wait the required three days and then post in the waiting room. I have more information to report on this. It looked like after running SAS everything was fine. However, my wife just told me when she goes into her account on windows xp, the computer is behaving strangely. She said she has the malware's wallpaper that I had on my account. I changed the wallpaper on my account as it was still there after I ran SAS. I could not find the file after a search to delete it. It has the name "default."

Thanks!
  • 0

#3
kahdah
Posted 02 April 2008 - 11:45 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello jtroop

Welcome to G2Go. :)
=====================
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#4
jtroop
Posted 02 April 2008 - 01:16 PM

jtroop

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Hello kahdah! I'm glad to see you. I dowloaded Deckard's and ran it like you said. It keeps having an error when I run it. It gets as far as, "Backing up registry hives" and then says dss.exe has encountered a problem and needs to close. I have tried several times and even re-installed it.

Also, for further information, I have C Cleaner and run that all the time.
  • 0

#5
kahdah
Posted 02 April 2008 - 03:47 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#6
jtroop
Posted 03 April 2008 - 06:08 AM

jtroop

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Why won't Deckerd's run on my computer? Is Combo Fix equal to Deckerd's? Okay, on to Combo Fix. After CF finished and generated a log, Spybot S&D opened and gave me several registry entry change warnings asking me if I wanted to allow the change. I denied the changes. I hope the changes weren't ordered by CF? I didn't want to risk the registry changes being ordered by malware, so I denied the changes.

CF log:

ComboFix 08-04-02.1 - Bill 2008-04-03 7:50:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.518 [GMT -4:00]
Running from: C:\Documents and Settings\Bill\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cdsm32.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\Cache

.
((((((((((((((((((((((((( Files Created from 2008-03-03 to 2008-04-03 )))))))))))))))))))))))))))))))
.

2008-04-02 14:53 . 2008-04-02 14:53 <DIR> d-------- C:\Deckard
2008-03-30 18:35 . 2008-03-30 18:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-29 19:09 . 2008-03-29 19:09 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-29 19:09 . 2008-03-29 19:09 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-29 16:11 . 2008-03-29 19:24 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-29 16:11 . 2008-03-29 16:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 16:11 . 2008-03-29 16:11 <DIR> d-------- C:\Documents and Settings\Bill\Application Data\SUPERAntiSpyware.com
2008-03-29 16:11 . 2008-03-29 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-29 14:00 . 2008-03-29 14:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-29 14:00 . 2008-03-29 14:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-03-29 11:00 . 2008-03-29 11:00 15,872 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-03-29 10:29 . 2008-03-29 11:03 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-29 10:27 . 2008-03-29 11:04 <DIR> d-------- C:\Documents and Settings\Bill\.housecall6.6
2008-03-29 01:26 . 2008-03-29 01:27 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-29 01:26 . 2008-03-29 02:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-29 00:59 . 2008-03-29 00:59 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-28 23:42 . 2008-03-28 23:42 30,208 --a------ C:\WINDOWS\ntnut.exe
2008-03-28 23:42 . 2008-03-28 23:42 22,016 --a------ C:\WINDOWS\msa64chk.dll
2008-03-28 23:42 . 2008-03-28 23:42 18,176 --a------ C:\WINDOWS\msapasrc.dll
2008-03-28 23:42 . 2008-03-28 23:42 17,664 --a------ C:\WINDOWS\shdocpl.dll
2008-03-28 23:42 . 2008-03-28 23:42 11,776 --a------ C:\WINDOWS\123messenger.per
2008-03-28 23:42 . 2008-03-28 23:42 9,728 --a------ C:\WINDOWS\system32\shdocpe.dll
2008-03-28 23:41 . 2008-03-28 23:41 <DIR> d-------- C:\Program Files\Sysmnt
2008-03-16 18:45 . 2008-03-16 18:45 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-15 15:50 . 2004-08-10 07:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-03-15 15:35 . 2004-08-10 07:00 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2008-03-09 17:25 . 2008-03-09 17:25 <DIR> d-------- C:\Program Files\PassAlong
2008-03-09 17:25 . 2007-10-11 17:41 111,944 --a------ C:\WINDOWS\system32\TPActiveX.dll
2008-03-09 17:04 . 2008-03-09 17:04 <DIR> d-------- C:\Program Files\Napster
2008-03-09 17:04 . 2008-03-09 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Napster

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 11:35 --------- d-----w C:\Documents and Settings\Bill\Application Data\AVG7
2008-04-02 14:41 --------- d-----w C:\Documents and Settings\Carmela\Application Data\AVG7
2008-03-30 01:01 --------- d-----w C:\Program Files\MySpace
2008-03-30 00:59 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-30 00:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-29 23:24 --------- d-----w C:\Program Files\Common Files\aolshare
2008-03-29 23:24 --------- d-----w C:\Program Files\Apoint
2008-03-29 23:23 --------- d-----w C:\Program Files\Digital Line Detect
2008-03-29 23:23 --------- d-----w C:\Program Files\DellSupport
2008-03-29 23:23 --------- d-----w C:\Program Files\Common Files\Scanner
2008-03-29 23:23 --------- d-----w C:\Program Files\America Online 9.0
2008-03-29 19:57 --------- d-----w C:\Program Files\DIGStream
2008-03-29 04:39 8,704 ----a-w C:\WINDOWS\apphelp32.dll
2008-03-27 13:36 7,518 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-09 21:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-09 16:29 --------- d-----w C:\Program Files\Wal-Mart Music Downloads Store
2008-02-26 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-02-24 22:48 --------- d-----w C:\Documents and Settings\Bill\Application Data\Apple Computer
2008-02-24 20:11 --------- d-----w C:\Program Files\RCA
2008-02-18 15:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-16 19:22 --------- d-----w C:\Program Files\FriendAdder Combo Pack
2008-02-15 13:10 --------- d-----w C:\Program Files\Nick Jr. Arcade
2008-02-03 23:29 --------- d-----w C:\Program Files\Oberon Media
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-10 18:44 369,664 ----a-w C:\WINDOWS\system32\dllcache\asp51.dll
2008-01-10 05:20 257,024 ----a-w C:\WINDOWS\system32\dllcache\infocomm.dll
2007-02-02 15:56 586 -c--a-w C:\Documents and Settings\Carmela\Application Data\wklnhst.dat
2006-10-07 00:01 7,423,332 -c--a-w C:\Program Files\mxPaint.pat
2006-10-07 00:01 68 -c--a-w C:\Program Files\mxPaint.col
2006-10-07 00:01 50,056 -c--a-w C:\Program Files\mxPaint.gr
2006-10-07 00:01 50 -c--a-w C:\Program Files\mxPaint.abd
2006-10-07 00:01 219,908 -c--a-w C:\Program Files\mxPaint.br
2006-10-06 23:56 6,663 -c--a-w C:\Program Files\DeIsL1.isu
2006-09-15 22:56 3,733,080 -c----w C:\Program Files\msreadersetup.exe
2006-06-24 13:36 753,152 -c----w C:\Program Files\ehthumbs.db
2004-03-04 17:08 151,552 -c--a-w C:\Program Files\RegWiz.exe
2004-03-04 14:24 2,957,312 -c--a-w C:\Program Files\abenu.dll
2003-05-07 14:29 2,453,504 ----a-w C:\Program Files\MXPAINT.EXE
2003-05-07 13:58 307,200 -c--a-w C:\Program Files\ABShare.dll
2003-04-10 16:11 602,112 -c--a-w C:\Program Files\A4W195.DLL
2003-04-03 22:04 278,528 -c--a-w C:\Program Files\ABDRDLL.DLL
2003-04-03 21:26 90,112 -c--a-w C:\Program Files\ABViewForms.dll
2003-04-03 21:17 90,112 -c--a-w C:\Program Files\FORMCTLS.OCX
2003-04-03 21:11 335,872 -c--a-w C:\Program Files\ABMCMN.DLL
2003-04-03 21:11 327,680 -c--a-w C:\Program Files\ABTool.dll
2003-04-03 19:27 368,640 -c--a-w C:\Program Files\ABDBCMN.DLL
2003-04-03 19:15 536,576 -c--a-w C:\Program Files\Abcells.dll
2003-03-27 15:23 45,056 -c--a-w C:\Program Files\ABHook.dll
2003-02-13 16:11 1,597,440 -c--a-w C:\Program Files\OG70AS.DLL
2003-02-13 16:02 229,376 -c--a-w C:\Program Files\IMAGE.DLL
2003-02-05 14:27 45,056 -c--a-w C:\Program Files\Abspel.dll
2002-07-18 15:43 180,224 -c--a-w C:\Program Files\SSCE5332.dll
2002-06-21 21:59 253,952 -c--a-w C:\Program Files\FormEdit.exe
2002-05-10 00:26 1,306,690 -c--a-w C:\Program Files\WRITEFX.DLL
2002-05-09 20:52 73,728 -c--a-w C:\Program Files\Vexx.dll
2002-05-09 20:52 40,960 -c--a-w C:\Program Files\Thxx.dll
2002-04-19 00:05 114,688 -c--a-w C:\Program Files\Abfield.ocx
2002-02-08 19:10 131,072 -c--a-w C:\Program Files\Lektor52.dll
2001-06-15 22:59 180,656 -c--a-w C:\Program Files\ACFPDF.DRV
2001-06-08 22:09 43,796 -c--a-w C:\Program Files\ACFPDFUI.DLL
2001-06-08 22:09 18,704 -c--a-w C:\Program Files\PDFMON.DLL
2001-06-08 22:09 137,164 -c--a-w C:\Program Files\ACFPDF.DLL
2001-06-08 21:59 376,832 -c--a-w C:\Program Files\CDINTF.DLL
2001-02-14 20:53 11,032 -c--a-w C:\Program Files\ABMacro.tlb
2001-01-19 21:38 5,292 -c--a-w C:\Program Files\ABMCmn.tlb
2001-01-15 14:25 45,056 -c--a-w C:\Program Files\FllIntf.fll
2000-06-06 17:59 18,964 -c--a-w C:\Program Files\A4w195.tlb
2000-02-25 12:46 262,144 -c--a-w C:\Program Files\Abdata.sdb
2000-02-01 18:04 13 -c--a-w C:\Program Files\FORMEDIT.BI
2000-02-01 18:04 12,613 -c--a-w C:\Program Files\CLASSES.BI
1999-11-19 21:54 3,508 -c--a-w C:\Program Files\FormEdit.tlb
1999-11-14 15:37 32,768 -c--a-w C:\Program Files\PDFINTF.DLL
1999-08-16 15:48 1,100 -c--a-w C:\Program Files\ABViewForms.tlb
1998-12-05 04:32 61 -c--a-w C:\Program Files\ACFPDF.TXT
1998-08-03 16:57 66,560 -c--a-w C:\Program Files\AUTO32W.DLL
1998-06-22 04:00 68,608 -c--a-w C:\Program Files\ODBCINT.DLL
1998-06-22 04:00 279,552 -c--a-w C:\Program Files\ODBC32.DLL
1997-01-31 21:44 50,176 -c--a-w C:\Program Files\Csh.dll
2007-09-16 02:22 152 --sh--r C:\WINDOWS\system32\320C8353F3.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 05:40 218032]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 01:17 50776]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-29 18:58 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 08:13 176128]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 22:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 22:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 22:50 114688]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 19:24 684032]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 05:40 218032]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 05:40 86960]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"HostManager"="C:\Program Files\Common Files\AOL\1142538487\ee\AOLSoftware.exe" [2006-09-25 20:52 50736]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50 71216]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-23 13:45 579072]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-22 23:42 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-02-21 02:03:49 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-03-29 18:57 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1142538487\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Parsons\\QuickVerse\\QuickVerse\\qvwin.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\WINDOWS\\kdx\\khost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Common Files\\AOL\\1142538487\\EE\\aolsoftware.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Yahoo!\\YOP\\yop.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25360:TCP"= 25360:TCP:BitComet 25360 TCP
"25360:UDP"= 25360:UDP:BitComet 25360 UDP

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-10 07:00]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-24 02:38:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 07:54:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-03 7:56:07
ComboFix-quarantined-files.txt 2008-04-03 11:55:45
Pre-Run: 53,711,638,528 bytes free
Post-Run: 53,697,351,680 bytes free
.
2008-03-17 01:03:16 --- E O F ---





HJT LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:50 AM, on 4/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\AOL\1142538487\ee\AOLSoftware.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\America Online 9.0\waol.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
c:\program files\common files\aol\1142538487\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1142538487\ee\aolsoftware.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142538487\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {4C8D6404-A9F6-4236-8488-6C5732CB3BFA} (TCBrowseForFolder Class) - http://musicstore.so...PBLDActiveX.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://musicstore.so...ork/install.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx...owserPlugin.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {86ED3659-02F6-465D-8F19-A9334614CCC3} (TCBrowseForFolder Class) - http://musicstore.so...x/TPActiveX.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://198.182.65.15...sCamControl.cab
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://cdn.digitalci...m/video/kdx.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.strea...MINIBrowser.CAB
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.gamehouse...outLauncher.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://trueswitch.co...eInstallSBC.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10836 bytes
  • 0

#7
kahdah
Posted 03 April 2008 - 05:54 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi sometimes Deckard won't run.
Combofix deletes and produces a log similar to Deckard.
=====================================
We now suggest that you install the Windows Recovery Console. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.


Posted Image


Download the file & save it as it's originally named, next to ComboFix.exe.



Posted Image


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.
  • 0

#8
jtroop
Posted 03 April 2008 - 06:29 PM

jtroop

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Okay, before I forget the name, I want to inform you that now AOL Spyware manager has detected something called Bifrost. AOL says it is a backdoor security threat. Also, should I allow Spybot S&D to permit registry changes when it prompts me?
  • 0

#9
kahdah
Posted 03 April 2008 - 06:33 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
For now shut down tea timer as it will more than likely interfere with the process.

  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.

  • 0

#10
jtroop
Posted 03 April 2008 - 06:51 PM

jtroop

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
I will now shut down the tea timer. The following was done before shutting down the tea timer. Here is the CF_RC.txt log:

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
  • 0

Advertisements

#11
kahdah
Posted 03 April 2008 - 07:04 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\ntnut.exe
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\123messenger.per
C:\WINDOWS\system32\shdocpe.dll
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\system32\sbwltbxa.exe
Folder::
C:\Program Files\Sysmnt


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#12
jtroop
Posted 03 April 2008 - 07:24 PM

jtroop

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Combofix log:

ComboFix 08-04-02.1 - Bill 2008-04-03 21:15:58.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.629 [GMT -4:00]Running from: C:\Documents and Settings\Bill\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bill\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\123messenger.per
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\ntnut.exe
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\system32\sbwltbxa.exe
C:\WINDOWS\system32\shdocpe.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Sysmnt
C:\Program Files\Sysmnt\Ssmgr.exe
C:\WINDOWS\123messenger.per
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\ntnut.exe
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\system32\shdocpe.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-04-02 14:53 . 2008-04-02 14:53 <DIR> d-------- C:\Deckard
2008-03-30 18:35 . 2008-03-30 18:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-29 19:09 . 2008-03-29 19:09 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-29 19:09 . 2008-03-29 19:09 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-29 16:11 . 2008-03-29 19:24 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-29 16:11 . 2008-03-29 16:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 16:11 . 2008-03-29 16:11 <DIR> d-------- C:\Documents and Settings\Bill\Application Data\SUPERAntiSpyware.com
2008-03-29 16:11 . 2008-03-29 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-29 14:00 . 2008-03-29 14:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-29 14:00 . 2008-03-29 14:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-03-29 11:00 . 2008-03-29 11:00 15,872 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-03-29 10:29 . 2008-03-29 11:03 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-29 10:27 . 2008-03-29 11:04 <DIR> d-------- C:\Documents and Settings\Bill\.housecall6.6
2008-03-29 01:26 . 2008-03-29 01:27 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-29 01:26 . 2008-03-29 02:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-29 00:59 . 2008-03-29 00:59 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-16 18:45 . 2008-03-16 18:45 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-15 15:50 . 2004-08-10 07:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-03-15 15:35 . 2004-08-10 07:00 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2008-03-09 17:25 . 2008-03-09 17:25 <DIR> d-------- C:\Program Files\PassAlong
2008-03-09 17:25 . 2007-10-11 17:41 111,944 --a------ C:\WINDOWS\system32\TPActiveX.dll
2008-03-09 17:04 . 2008-03-09 17:04 <DIR> d-------- C:\Program Files\Napster
2008-03-09 17:04 . 2008-03-09 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Napster

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 00:09 --------- d-----w C:\Documents and Settings\Bill\Application Data\AVG7
2008-04-03 12:35 --------- d-----w C:\Documents and Settings\Carmela\Application Data\AVG7
2008-03-30 01:01 --------- d-----w C:\Program Files\MySpace
2008-03-30 00:59 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-30 00:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-29 23:24 --------- d-----w C:\Program Files\Common Files\aolshare
2008-03-29 23:24 --------- d-----w C:\Program Files\Apoint
2008-03-29 23:23 --------- d-----w C:\Program Files\Digital Line Detect
2008-03-29 23:23 --------- d-----w C:\Program Files\DellSupport
2008-03-29 23:23 --------- d-----w C:\Program Files\Common Files\Scanner
2008-03-29 23:23 --------- d-----w C:\Program Files\America Online 9.0
2008-03-29 19:57 --------- d-----w C:\Program Files\DIGStream
2008-03-27 13:36 7,518 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-09 21:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-09 16:29 --------- d-----w C:\Program Files\Wal-Mart Music Downloads Store
2008-02-26 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-02-24 22:48 --------- d-----w C:\Documents and Settings\Bill\Application Data\Apple Computer
2008-02-24 20:11 --------- d-----w C:\Program Files\RCA
2008-02-18 15:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-16 19:22 --------- d-----w C:\Program Files\FriendAdder Combo Pack
2008-02-15 13:10 --------- d-----w C:\Program Files\Nick Jr. Arcade
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-10 18:44 369,664 ----a-w C:\WINDOWS\system32\dllcache\asp51.dll
2008-01-10 05:20 257,024 ----a-w C:\WINDOWS\system32\dllcache\infocomm.dll
2007-02-02 15:56 586 -c--a-w C:\Documents and Settings\Carmela\Application Data\wklnhst.dat
2006-10-07 00:01 7,423,332 -c--a-w C:\Program Files\mxPaint.pat
2006-10-07 00:01 68 -c--a-w C:\Program Files\mxPaint.col
2006-10-07 00:01 50,056 -c--a-w C:\Program Files\mxPaint.gr
2006-10-07 00:01 50 -c--a-w C:\Program Files\mxPaint.abd
2006-10-07 00:01 219,908 -c--a-w C:\Program Files\mxPaint.br
2006-10-06 23:56 6,663 -c--a-w C:\Program Files\DeIsL1.isu
2006-09-15 22:56 3,733,080 -c----w C:\Program Files\msreadersetup.exe
2006-06-24 13:36 753,152 -c----w C:\Program Files\ehthumbs.db
2004-03-04 17:08 151,552 -c--a-w C:\Program Files\RegWiz.exe
2004-03-04 14:24 2,957,312 -c--a-w C:\Program Files\abenu.dll
2003-05-07 14:29 2,453,504 ----a-w C:\Program Files\MXPAINT.EXE
2003-05-07 13:58 307,200 -c--a-w C:\Program Files\ABShare.dll
2003-04-10 16:11 602,112 -c--a-w C:\Program Files\A4W195.DLL
2003-04-03 22:04 278,528 -c--a-w C:\Program Files\ABDRDLL.DLL
2003-04-03 21:26 90,112 -c--a-w C:\Program Files\ABViewForms.dll
2003-04-03 21:17 90,112 -c--a-w C:\Program Files\FORMCTLS.OCX
2003-04-03 21:11 335,872 -c--a-w C:\Program Files\ABMCMN.DLL
2003-04-03 21:11 327,680 -c--a-w C:\Program Files\ABTool.dll
2003-04-03 19:27 368,640 -c--a-w C:\Program Files\ABDBCMN.DLL
2003-04-03 19:15 536,576 -c--a-w C:\Program Files\Abcells.dll
2003-03-27 15:23 45,056 -c--a-w C:\Program Files\ABHook.dll
2003-02-13 16:11 1,597,440 -c--a-w C:\Program Files\OG70AS.DLL
2003-02-13 16:02 229,376 -c--a-w C:\Program Files\IMAGE.DLL
2003-02-05 14:27 45,056 -c--a-w C:\Program Files\Abspel.dll
2002-07-18 15:43 180,224 -c--a-w C:\Program Files\SSCE5332.dll
2002-06-21 21:59 253,952 -c--a-w C:\Program Files\FormEdit.exe
2002-05-10 00:26 1,306,690 -c--a-w C:\Program Files\WRITEFX.DLL
2002-05-09 20:52 73,728 -c--a-w C:\Program Files\Vexx.dll
2002-05-09 20:52 40,960 -c--a-w C:\Program Files\Thxx.dll
2002-04-19 00:05 114,688 -c--a-w C:\Program Files\Abfield.ocx
2002-02-08 19:10 131,072 -c--a-w C:\Program Files\Lektor52.dll
2001-06-15 22:59 180,656 -c--a-w C:\Program Files\ACFPDF.DRV
2001-06-08 22:09 43,796 -c--a-w C:\Program Files\ACFPDFUI.DLL
2001-06-08 22:09 18,704 -c--a-w C:\Program Files\PDFMON.DLL
2001-06-08 22:09 137,164 -c--a-w C:\Program Files\ACFPDF.DLL
2001-06-08 21:59 376,832 -c--a-w C:\Program Files\CDINTF.DLL
2001-02-14 20:53 11,032 -c--a-w C:\Program Files\ABMacro.tlb
2001-01-19 21:38 5,292 -c--a-w C:\Program Files\ABMCmn.tlb
2001-01-15 14:25 45,056 -c--a-w C:\Program Files\FllIntf.fll
2000-06-06 17:59 18,964 -c--a-w C:\Program Files\A4w195.tlb
2000-02-25 12:46 262,144 -c--a-w C:\Program Files\Abdata.sdb
2000-02-01 18:04 13 -c--a-w C:\Program Files\FORMEDIT.BI
2000-02-01 18:04 12,613 -c--a-w C:\Program Files\CLASSES.BI
1999-11-19 21:54 3,508 -c--a-w C:\Program Files\FormEdit.tlb
1999-11-14 15:37 32,768 -c--a-w C:\Program Files\PDFINTF.DLL
1999-08-16 15:48 1,100 -c--a-w C:\Program Files\ABViewForms.tlb
1998-12-05 04:32 61 -c--a-w C:\Program Files\ACFPDF.TXT
1998-08-03 16:57 66,560 -c--a-w C:\Program Files\AUTO32W.DLL
1998-06-22 04:00 68,608 -c--a-w C:\Program Files\ODBCINT.DLL
1998-06-22 04:00 279,552 -c--a-w C:\Program Files\ODBC32.DLL
1997-01-31 21:44 50,176 -c--a-w C:\Program Files\Csh.dll
2007-09-16 02:22 152 --sh--r C:\WINDOWS\system32\320C8353F3.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-03_ 7.55.31.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-03 11:37:48 214,803 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-04-03 22:28:21 214,802 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-04-03 22:24:39 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_570.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 05:40 218032]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 01:17 50776]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-29 18:58 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 08:13 176128]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 22:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 22:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 22:50 114688]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 19:24 684032]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 05:40 218032]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 05:40 86960]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"HostManager"="C:\Program Files\Common Files\AOL\1142538487\ee\AOLSoftware.exe" [2006-09-25 20:52 50736]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50 71216]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-23 13:45 579072]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-22 23:42 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-02-21 02:03:49 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-03-29 18:57 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1142538487\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Parsons\\QuickVerse\\QuickVerse\\qvwin.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\WINDOWS\\kdx\\khost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Common Files\\AOL\\1142538487\\EE\\aolsoftware.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Yahoo!\\YOP\\yop.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25360:TCP"= 25360:TCP:BitComet 25360 TCP
"25360:UDP"= 25360:UDP:BitComet 25360 UDP

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-10 07:00]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-24 02:38:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 21:19:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-03 21:21:00
ComboFix-quarantined-files.txt 2008-04-04 01:20:37
ComboFix2.txt 2008-04-03 12:19:49
ComboFix3.txt 2008-04-03 11:56:08
Pre-Run: 53,641,506,816 bytes free
Post-Run: 53,628,268,544 bytes free
.
2008-03-17 01:03:16 --- E O F ---




HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:50 PM, on 4/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\AOL\1142538487\ee\AOLSoftware.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\program files\common files\aol\1142538487\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1142538487\ee\aolsoftware.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142538487\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {4C8D6404-A9F6-4236-8488-6C5732CB3BFA} (TCBrowseForFolder Class) - http://musicstore.so...PBLDActiveX.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://musicstore.so...ork/install.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx...owserPlugin.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {86ED3659-02F6-465D-8F19-A9334614CCC3} (TCBrowseForFolder Class) - http://musicstore.so...x/TPActiveX.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://198.182.65.15...sCamControl.cab
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://cdn.digitalci...m/video/kdx.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.strea...MINIBrowser.CAB
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.gamehouse...outLauncher.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://trueswitch.co...eInstallSBC.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10485 bytes
  • 0

#13
kahdah
Posted 03 April 2008 - 07:31 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
  • 0

#14
jtroop
Posted 03 April 2008 - 07:33 PM

jtroop

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
I'll get right on it Kahdah. Quick question. Which one do you like better, ATF cleaner or CCleaner?
  • 0

#15
kahdah
Posted 03 April 2008 - 07:36 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Atf because CCLeaner is also a registry cleaner that can be helpful but you have to be careful because registry cleaning can be harmful if done incorrectly and tools like that can do damage to the registry.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP