Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Vundo Trojan [RESOLVED]


  • This topic is locked This topic is locked

#1
DanTanna

DanTanna

    Member

  • Member
  • PipPip
  • 18 posts
I recently removed a vundo trojan with MS OneCare Live. The system still seems rather sluggish so I'm posting the hijack this log file. Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:32 AM, on 4/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\verizon wireless\venturi\Client\ventc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1186065710\ee\AOLSoftware.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Common Files\aol\1186065710\ee\AOLDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\WINDOWS\system32\msiexec.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINDOWS\system32\nnnlmkj.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BM67bb4d80] Rundll32.exe "C:\WINDOWS\system32\ckkwpjqy.dll",s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1186065710\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\aol\Launch\aollaunch.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O20 - Winlogon Notify: nnnlmkj - nnnlmkj.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\venturi\Client\ventc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8435 bytes
  • 0

Advertisements


#2
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there,

Welcome to GeeksToGo. My name is RatHat, and I will help you get through the process of cleaning the malware from your computer.


OK firstly, I need you to print out each post I make so that you can refer to it while we fix your computer. This is because there will be times when you are unable to be online to read my instructions, and I will want you to do everything very carefully. I also need you to follow my instructions in the order that they are given. If however, you cannot carry out one of them, please continue on with the next and let me know what you were unsuccessful with. Please ensure you turn off word wrap in Notepad. To do this, open Notepad, choose Format, then Un-check Word Wrap. (Word Wrap makes reading your log difficult).

Next, I would like to make sure that you can view hidden files and folders;
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading SELECT Show hidden files and folders.
  • UNCHECK the Hide protected operating system files (recommended) option.
  • UNCHECK the Hide extensions for known file types option.
  • Click Yes to confirm.
  • Click OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, DSS will open two Notepad files: main.txt and extra.txt
  • Use Save As to save both Notepad files to your Desktop and post them in your next reply.
Note: A copy of these files can be found in you root drive, usually C:\Deckard\System Scanner\

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


So in your next reply, please include the following logs:
  • The contents of Combofix.txt
  • The contents of DSS Main.txt
  • The contents of DSS Extra.txt

Regards,
RatHat
  • 0

#3
DanTanna

DanTanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OK. Here are the 3 log files:

ComboFix 08-04-12.7 - gerard and steve 2008-04-13 9:43:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.179 [GMT -4:00]
Running from: C:\Documents and Settings\gerard and steve\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\mcroso~1.net
C:\Program Files\ecurit~1
C:\Program Files\fnts~1
C:\Program Files\fnts~1\F?nts\
C:\Program Files\Router
C:\WINDOWS\BM67bb4d80.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\ssembl~1
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oqtss.ini
C:\WINDOWS\system32\oqtss.ini2

.
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-11 22:49 . 2008-04-11 22:49 <DIR> d-------- C:\Documents and Settings\gerard and steve\Application Data\ieSpell
2008-04-11 22:48 . 2008-04-12 11:28 <DIR> d-------- C:\Program Files\ieSpell
2008-04-11 18:06 . 2008-04-11 18:07 <DIR> d-------- C:\ComboFix[1]
2008-04-04 22:41 . 2008-04-04 22:41 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-04 12:40 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-04 12:40 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-04 12:40 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-01 05:12 . 2008-04-01 05:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-31 17:15 . 2008-03-31 17:15 2,764 --a------ C:\WINDOWS\system32\OEMINFO.PNF
2008-03-31 16:54 . 2007-11-27 22:56 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-03-31 16:54 . 2007-11-27 22:56 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-03-31 16:52 . 2008-03-31 16:52 <DIR> d-------- C:\WINDOWS\system32\bits
2008-03-31 16:52 . 2007-07-06 15:09 70,928 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2008-03-31 16:51 . 2007-03-29 08:56 409,600 --------- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-03-31 16:51 . 2007-03-29 08:56 18,944 --------- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-03-31 16:51 . 2007-03-29 08:56 8,192 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-03-31 16:51 . 2007-03-29 08:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-03-31 16:51 . 2007-03-29 08:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-03-31 16:51 . 2007-03-29 08:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-03-31 16:47 . 2008-04-12 21:10 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-03-30 00:00 . 2008-04-11 01:07 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-30 00:00 . 2008-03-30 00:00 <DIR> d-------- C:\Documents and Settings\gerard and steve\Application Data\PC Tools
2008-03-30 00:00 . 2008-04-13 09:33 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-30 00:00 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-30 00:00 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-30 00:00 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-30 00:00 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-29 23:59 . 2008-04-12 20:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-29 23:31 . 2008-03-29 23:31 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-29 19:29 . 2008-03-29 19:29 <DIR> d-------- C:\WINDOWS\aolshare
2008-03-29 19:29 . 2008-03-29 19:31 <DIR> d-------- C:\Program Files\Common Files\aolshare
2008-03-29 19:29 . 2008-03-29 23:20 <DIR> d-------- C:\Program Files\AOL 9.1
2008-03-29 18:55 . 2008-03-29 18:56 4 --a------ C:\WINDOWS\msoffice.ini
2008-03-29 16:10 . 2008-03-29 16:10 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-03-29 16:10 . 2008-03-29 20:20 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-03-29 16:05 . 2008-03-29 16:05 <DIR> d-------- C:\Documents and Settings\gerard and steve\Application Data\Yahoo!
2008-03-29 16:05 . 2008-03-29 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-29 16:04 . 2008-03-29 16:05 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-29 14:44 . 2008-03-29 14:44 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-03-29 08:48 . 2008-03-29 14:37 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-28 20:48 . 2008-03-28 16:04 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-28 20:48 . 2008-03-28 20:48 2,552 --a------ C:\WINDOWS\unins000.dat
2008-03-27 17:10 . 2008-03-27 17:10 <DIR> d-------- C:\mcafee_mcpr
2008-03-27 17:01 . 2008-03-31 17:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-26 19:27 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-03-26 19:27 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-03-26 19:27 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-03-26 19:27 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-03-20 22:25 . 2008-03-20 22:25 215 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-20 12:31 . 2008-03-27 18:03 1,391,489 ---hs---- C:\WINDOWS\system32\ydrjefxu.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 22:52 --------- d-----w C:\Program Files\Google
2008-04-03 01:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-03 01:03 --------- d-----w C:\Documents and Settings\gerard and steve\Application Data\AdobeUM
2008-03-30 13:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-29 23:32 --------- d-----w C:\Documents and Settings\gerard and steve\Application Data\AOL
2008-03-29 23:30 --------- d-----w C:\Program Files\Common Files\aol
2008-03-29 23:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-03-29 18:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-29 18:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-29 18:39 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-28 00:59 --------- d-----w C:\Program Files\iTunes
2008-03-27 21:49 --------- d-----w C:\Program Files\Dot1XCfg
2008-03-21 02:24 --------- d-----w C:\Program Files\QuickTime
2008-03-20 16:25 --------- d-----w C:\Program Files\TomTom HOME
2008-03-20 16:25 --------- d-----w C:\Program Files\AIM6
2008-03-20 16:25 --------- d-----w C:\Documents and Settings\gerard and steve\Application Data\Smilebox
.
<pre>
----a-w		   201,352 2008-03-20 16:27:01  C:\Documents and Settings\gerard and steve\Application Data\Smilebox\SmileboxTray .exe
----a-w		 5,043,528 2008-03-20 16:26:09  C:\Program Files\AIM\AIM Pro\aimpro .exe
----a-w			50,528 2008-03-20 16:27:32  C:\Program Files\AIM6\aim6 .exe
----a-w			42,032 2008-03-20 16:25:47  C:\Program Files\Common Files\aol\1186065710\ee\AOLSoftware .exe
----a-w		   267,048 2008-03-20 16:26:26  C:\Program Files\iTunes\iTunesHelper .exe
----a-w		 1,694,208 2008-03-20 16:26:55  C:\Program Files\Messenger\msmsgs .exe
----a-w		 1,289,000 2008-03-20 16:27:34  C:\Program Files\Microsoft ActiveSync\wcescomm		.exe
----a-w		 1,289,000 2008-03-27 21:54:11  C:\Program Files\Microsoft ActiveSync\wcescomm	   .exe
----a-w		 1,289,000 2008-03-27 21:54:12  C:\Program Files\Microsoft ActiveSync\wcescomm	  .exe
----a-w		 1,289,000 2008-03-27 21:54:12  C:\Program Files\Microsoft ActiveSync\wcescomm	 .exe
----a-w		 1,289,000 2008-03-27 21:54:13  C:\Program Files\Microsoft ActiveSync\wcescomm	.exe
----a-w		 1,289,000 2008-03-27 21:54:13  C:\Program Files\Microsoft ActiveSync\wcescomm   .exe
----a-w		 1,289,000 2008-03-27 21:54:14  C:\Program Files\Microsoft ActiveSync\wcescomm  .exe
----a-w		 1,289,000 2008-03-27 21:54:15  C:\Program Files\Microsoft ActiveSync\wcescomm .exe
----a-w		   286,720 2008-03-20 16:26:13  C:\Program Files\QuickTime\qttask		.exe
----a-w		   286,720 2008-03-27 21:57:03  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   286,720 2008-03-27 21:57:03  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   286,720 2008-03-27 21:57:04  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   286,720 2008-03-27 21:57:04  C:\Program Files\QuickTime\qttask	.exe
----a-w		   286,720 2008-03-27 21:57:09  C:\Program Files\QuickTime\qttask   .exe
----a-w		   286,720 2008-03-27 21:57:09  C:\Program Files\QuickTime\qttask  .exe
----a-w		   286,720 2008-03-27 21:57:10  C:\Program Files\QuickTime\qttask .exe
----a-w		 3,770,024 2008-03-20 16:26:27  C:\Program Files\TomTom HOME\TomTomHOME .exe
----a-w			15,360 2008-03-20 16:26:51  C:\WINDOWS\system32\ctfmon .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A051B1FF-8D7E-418B-AABE-4FF82F4280A2}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM67bb4d80"="C:\WINDOWS\system32\ckkwpjqy.dll" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"HostManager"="C:\Program Files\Common Files\AOL\1186065710\ee\AOLSoftware.exe" [2007-10-08 17:50 41824]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-01-22 19:43 67112]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Documents and Settings\gerard and steve\Start Menu\Programs\Startup\
AOL Desktop.lnk - C:\Program Files\Common Files\aol\Launch\aollaunch.exe [2007-05-25 13:16:09 42032]
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-09-15 15:20:53 947544]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-29 23:59:42 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlmkj]
nnnlmkj.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-09-13 05:33 155648 C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a------ 2006-01-06 16:06 61440 c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2005-09-01 19:24 684032 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 03:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-26 10:04 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2006-01-06 16:27 168448 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-12 00:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 17:32 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 17:36 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 17:35 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 19:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 03:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=
"C:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\aol\\1186065710\\ee\\AOLDesktop.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service


Deckard's System Scanner v20071014.68
Run by gerard and steve on 2008-04-13 09:59:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
96: 2008-04-13 14:00:07 UTC - RP171 - Deckard's System Scanner Restore Point
95: 2008-04-13 13:43:28 UTC - RP170 - ComboFix created restore point
94: 2008-04-13 07:01:58 UTC - RP169 - Software Distribution Service 3.0
93: 2008-04-12 21:22:55 UTC - RP168 - Installed Windows Internet Explorer 7.
92: 2008-04-12 21:22:27 UTC - RP167 - Installed Windows IDNMitigationAPIs.


-- First Restore Point --
1: 2008-01-19 15:01:05 UTC - RP76 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as gerard and steve.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:13 AM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\verizon wireless\venturi\Client\ventc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1186065710\ee\AOLSoftware.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Common Files\aol\1186065710\ee\AOLDesktop.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\gerard and steve\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\gerard and steve.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BM67bb4d80] Rundll32.exe "C:\WINDOWS\system32\ckkwpjqy.dll",s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1186065710\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\aol\Launch\aollaunch.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O20 - Winlogon Notify: nnnlmkj - nnnlmkj.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\venturi\Client\ventc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7669 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R3 catchme - c:\docume~1\gerard~1\locals~1\temp\catchme.sys (file missing)

S3 lgatbus (LG USB Composite Device driver (WDM)) - c:\windows\system32\drivers\lgatbus.sys <Not Verified; MCCI; LG USB Composite Device>
S3 lgatmdm (LG CDMA USB Modem Drivers) - c:\windows\system32\drivers\lgatmdm.sys <Not Verified; MCCI; LG CDMA USB Modem>
S3 lgatserd (LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM)) - c:\windows\system32\drivers\lgatserd.sys <Not Verified; MCCI; LG CDMA USB Modem Diagnostic Serial Port>
S3 SMNDIS5 (SMNDIS5 NDIS Protocol Driver) - c:\program files\verizon wireless\vzaccess manager\smndis5.sys <Not Verified; Smith Micro Software, Inc.; QuickLink Wi-Fi>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 Venturi2 (Venturi Client) - c:\program files\verizon wireless\venturi\client\ventc.exe <Not Verified; Venturi Wireless; VentC>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\12D31121324FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\12D31121324FC000
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Dell Wireless 1370 WLAN Mini-PCI Card
Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_00051028&REV_02\4&2FA23535&0&18F0
Manufacturer: Broadcom
Name: Dell Wireless 1370 WLAN Mini-PCI Card
PNP Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_00051028&REV_02\4&2FA23535&0&18F0
Service: BCM43XX


-- Scheduled Tasks -------------------------------------------------------------

2008-04-07 13:24:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-13 and 2008-04-13 -----------------------------

2008-04-13 09:42:31 68096 --a------ C:\WINDOWS\zip.exe
2008-04-13 09:42:31 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-13 09:42:31 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-13 09:42:31 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-13 09:42:31 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-13 09:42:31 98816 --a------ C:\WINDOWS\sed.exe
2008-04-13 09:42:31 80412 --a------ C:\WINDOWS\grep.exe
2008-04-13 09:42:31 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-11 23:10:04 0 dr-h----- C:\Documents and Settings\gerard and steve\Recent
2008-04-11 22:49:15 0 d-------- C:\Documents and Settings\gerard and steve\Application Data\ieSpell
2008-04-11 22:48:43 0 d-------- C:\Program Files\ieSpell
2008-04-11 18:06:24 0 d-------- C:\ComboFix[1]
2008-04-04 22:41:31 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-03 21:23:37 1759 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2008-04-01 05:12:46 0 d-------- C:\Program Files\Trend Micro
2008-03-31 16:52:12 0 d-------- C:\WINDOWS\system32\bits
2008-03-31 16:47:42 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-03-30 00:00:57 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-30 00:00:34 0 d-------- C:\Program Files\Spyware Doctor
2008-03-30 00:00:34 0 d-------- C:\Documents and Settings\gerard and steve\Application Data\PC Tools
2008-03-29 23:59:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-29 19:29:39 0 d-------- C:\WINDOWS\aolshare
2008-03-29 19:29:06 0 d-------- C:\Program Files\Common Files\aolshare
2008-03-29 19:29:06 0 d-------- C:\Program Files\AOL 9.1
2008-03-29 16:10:32 0 d-------- C:\Program Files\Common Files\Scanner
2008-03-29 16:10:27 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-03-29 16:05:23 0 d-------- C:\Documents and Settings\gerard and steve\Application Data\Yahoo!
2008-03-29 16:05:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-29 16:04:54 0 d-------- C:\Program Files\Yahoo!
2008-03-29 14:44:04 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-29 08:48:24 0 d-------- C:\Program Files\Windows Defender
2008-03-28 20:48:34 691545 --a------ C:\WINDOWS\unins000.exe
2008-03-28 20:48:34 2552 --a------ C:\WINDOWS\unins000.dat
2008-03-27 17:10:31 0 d-------- C:\mcafee_mcpr
2008-03-27 17:01:21 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-22 10:52:28 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia


-- Find3M Report ---------------------------------------------------------------

2008-04-13 09:44:09 0 d-a------ C:\Program Files\Common Files
2008-04-10 18:52:48 0 d-------- C:\Program Files\Google
2008-04-02 21:09:48 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-02 21:03:31 0 d-------- C:\Documents and Settings\gerard and steve\Application Data\AdobeUM
2008-04-02 21:01:26 0 d-------- C:\Documents and Settings\gerard and steve\Application Data\Adobe
2008-03-29 19:32:33 0 d-------- C:\Documents and Settings\gerard and steve\Application Data\AOL
2008-03-29 19:30:58 0 d-------- C:\Program Files\Common Files\aol
2008-03-29 14:39:48 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-27 20:59:15 0 d-------- C:\Program Files\iTunes
2008-03-27 17:49:51 0 d-------- C:\Program Files\Dot1XCfg
2008-03-20 22:24:29 0 d-------- C:\Program Files\QuickTime
2008-03-20 12:25:29 0 d-------- C:\Program Files\TomTom HOME
2008-03-20 12:25:03 0 d-------- C:\Program Files\AIM6
2008-03-20 12:25:01 0 d-------- C:\Documents and Settings\gerard and steve\Application Data\Smilebox
2008-03-20 12:24:58 0 d-------- C:\Program Files\Messenger
2008-01-21 09:44:11 2528 --a------ C:\Documents and Settings\gerard and steve\Application Data\$_hpcst$.hpc


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM67bb4d80"="C:\WINDOWS\system32\ckkwpjqy.dll" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1186065710\ee\AOLSoftware.exe" [10/08/2007 05:50 PM]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [01/22/2008 07:43 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\gerard and steve\Start Menu\Programs\Startup\
AOL Desktop.lnk - C:\Program Files\Common Files\aol\Launch\aollaunch.exe [5/25/2007 1:16:09 PM]
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [9/15/2007 3:20:53 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [3/29/2008 11:59:42 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlmkj]
nnnlmkj.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3297421e-9148-11dc-9f51-00038a000015}]
AutoRun\command- E:\InstallTomTomHOME.exe




-- End of Deckard's System Scanner: finished at 2008-04-13 10:02:20 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.73GHz
Percentage of Memory in Use: 60%
Physical Memory (total/avail): 503.37 MiB / 201.05 MiB
Pagefile Memory (total/avail): 1228.25 MiB / 857.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.29 MiB

C: is Fixed (NTFS) - 37.21 GiB total, 25.54 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541040G9AT00 - 37.26 GiB - 2 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
  • 0

#4
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there,

I have to go out for a couple of hours, but will post you a fix to get rid of this thing when I get back OK.

Regards,
RatHat
  • 0

#5
DanTanna

DanTanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Hi there,

I have to go out for a couple of hours, but will post you a fix to get rid of this thing when I get back OK.

Regards,
RatHat



Thank you so much.
  • 0

#6
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there,

OK, lets get started on cleaning the rest of the crap off your computer!

Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\ydrjefxu.ini
C:\WINDOWS\system32\ckkwpjqy.dll
C:\WINDOWS\system32\nnnlmkj.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A051B1FF-8D7E-418B-AABE-4FF82F4280A2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM67bb4d80"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlmkj]

RENV::
----a-w		   201,352 2008-03-20 16:27:01  C:\Documents and Settings\gerard and steve\Application Data\Smilebox\SmileboxTray .exe
----a-w		 5,043,528 2008-03-20 16:26:09  C:\Program Files\AIM\AIM Pro\aimpro .exe
----a-w			50,528 2008-03-20 16:27:32  C:\Program Files\AIM6\aim6 .exe
----a-w			42,032 2008-03-20 16:25:47  C:\Program Files\Common Files\aol\1186065710\ee\AOLSoftware .exe
----a-w		   267,048 2008-03-20 16:26:26  C:\Program Files\iTunes\iTunesHelper .exe
----a-w		 1,694,208 2008-03-20 16:26:55  C:\Program Files\Messenger\msmsgs .exe
----a-w		 1,289,000 2008-03-20 16:27:34  C:\Program Files\Microsoft ActiveSync\wcescomm		.exe
----a-w		 1,289,000 2008-03-27 21:54:11  C:\Program Files\Microsoft ActiveSync\wcescomm	   .exe
----a-w		 1,289,000 2008-03-27 21:54:12  C:\Program Files\Microsoft ActiveSync\wcescomm	  .exe
----a-w		 1,289,000 2008-03-27 21:54:12  C:\Program Files\Microsoft ActiveSync\wcescomm	 .exe
----a-w		 1,289,000 2008-03-27 21:54:13  C:\Program Files\Microsoft ActiveSync\wcescomm	.exe
----a-w		 1,289,000 2008-03-27 21:54:13  C:\Program Files\Microsoft ActiveSync\wcescomm   .exe
----a-w		 1,289,000 2008-03-27 21:54:14  C:\Program Files\Microsoft ActiveSync\wcescomm  .exe
----a-w		 1,289,000 2008-03-27 21:54:15  C:\Program Files\Microsoft ActiveSync\wcescomm .exe
----a-w		   286,720 2008-03-20 16:26:13  C:\Program Files\QuickTime\qttask		.exe
----a-w		   286,720 2008-03-27 21:57:03  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   286,720 2008-03-27 21:57:03  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   286,720 2008-03-27 21:57:04  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   286,720 2008-03-27 21:57:04  C:\Program Files\QuickTime\qttask	.exe
----a-w		   286,720 2008-03-27 21:57:09  C:\Program Files\QuickTime\qttask   .exe
----a-w		   286,720 2008-03-27 21:57:09  C:\Program Files\QuickTime\qttask  .exe
----a-w		   286,720 2008-03-27 21:57:10  C:\Program Files\QuickTime\qttask .exe
----a-w		 3,770,024 2008-03-20 16:26:27  C:\Program Files\TomTom HOME\TomTomHOME .exe
----a-w			15,360 2008-03-20 16:26:51  C:\WINDOWS\system32\ctfmon .exe


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new DSS log.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please run an online scan with Kaspersky WebScanner. Note: You must use Internet Explorer to run this scan.

Click the Accept button.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display the results if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop as Kaspersky.txt.
  • Copy and paste that information in your next post.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


So in your next reply, please include the following logs:
  • The contents of Combofix.txt
  • The MBAM log
  • The contents of Kaspersky.txt
  • A fresh DSS log, taken after completing the above
And could you re-post the DSS extra.txt as most of it was cut off. If the logs this time are large, please use two or three posts to make sure they are all included.

Regards,
RatHat
  • 0

#7
DanTanna

DanTanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
ComboFix 08-04-12.7 - gerard and steve 2008-04-13 15:55:51.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.158 [GMT -4:00]
Running from: C:\Documents and Settings\gerard and steve\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\gerard and steve\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\ckkwpjqy.dll
C:\WINDOWS\system32\nnnlmkj.dll
C:\WINDOWS\system32\ydrjefxu.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\gerard and steve\err.log
C:\WINDOWS\system32\ydrjefxu.ini
C:\WINDOWS\system32\zvmlhjzh.dllbox

.
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-13 15:52 . 2008-04-13 15:52 0 --a------ C:\Documents and Settings\gerard and steve\.exe
2008-04-13 13:35 . 2008-04-13 14:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-13 13:35 . 2008-04-13 13:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-13 13:28 . 2008-04-13 13:28 <DIR> d-------- C:\Program Files\Bonjour
2008-04-13 09:59 . 2008-04-13 09:59 <DIR> d-------- C:\Deckard
2008-04-11 22:49 . 2008-04-11 22:49 <DIR> d-------- C:\Documents and Settings\gerard and steve\Application Data\ieSpell
2008-04-11 22:48 . 2008-04-12 11:28 <DIR> d-------- C:\Program Files\ieSpell
2008-04-11 18:06 . 2008-04-11 18:07 <DIR> d-------- C:\ComboFix[1]
2008-04-04 22:41 . 2008-04-04 22:41 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-04 12:40 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-04 12:40 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-04 12:40 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-01 05:12 . 2008-04-01 05:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-31 17:15 . 2008-03-31 17:15 2,764 --a------ C:\WINDOWS\system32\OEMINFO.PNF
2008-03-31 16:54 . 2007-11-27 22:56 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-03-31 16:54 . 2007-11-27 22:56 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-03-31 16:52 . 2008-03-31 16:52 <DIR> d-------- C:\WINDOWS\system32\bits
2008-03-31 16:52 . 2007-07-06 15:09 70,928 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2008-03-31 16:51 . 2007-03-29 08:56 409,600 --------- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-03-31 16:51 . 2007-03-29 08:56 18,944 --------- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-03-31 16:51 . 2007-03-29 08:56 8,192 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-03-31 16:51 . 2007-03-29 08:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-03-31 16:51 . 2007-03-29 08:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-03-31 16:51 . 2007-03-29 08:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-03-31 16:47 . 2008-04-12 21:10 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-03-30 00:00 . 2008-04-11 01:07 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-30 00:00 . 2008-03-30 00:00 <DIR> d-------- C:\Documents and Settings\gerard and steve\Application Data\PC Tools
2008-03-30 00:00 . 2008-04-13 09:33 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-30 00:00 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-30 00:00 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-30 00:00 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-30 00:00 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-29 23:59 . 2008-04-12 20:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-29 23:31 . 2008-03-29 23:31 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-29 19:29 . 2008-03-29 19:29 <DIR> d-------- C:\WINDOWS\aolshare
2008-03-29 19:29 . 2008-03-29 19:31 <DIR> d-------- C:\Program Files\Common Files\aolshare
2008-03-29 19:29 . 2008-03-29 23:20 <DIR> d-------- C:\Program Files\AOL 9.1
2008-03-29 18:55 . 2008-03-29 18:56 4 --a------ C:\WINDOWS\msoffice.ini
2008-03-29 16:10 . 2008-03-29 16:10 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-03-29 16:10 . 2008-03-29 20:20 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-03-29 16:05 . 2008-03-29 16:05 <DIR> d-------- C:\Documents and Settings\gerard and steve\Application Data\Yahoo!
2008-03-29 16:05 . 2008-03-29 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-29 16:04 . 2008-03-29 16:05 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-29 14:44 . 2008-03-29 14:44 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-03-29 08:48 . 2008-03-29 14:37 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-28 20:48 . 2008-03-28 16:04 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-28 20:48 . 2008-03-28 20:48 2,552 --a------ C:\WINDOWS\unins000.dat
2008-03-27 17:10 . 2008-03-27 17:10 <DIR> d-------- C:\mcafee_mcpr
2008-03-27 17:01 . 2008-03-31 17:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-26 19:27 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-03-26 19:27 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-03-26 19:27 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-03-26 19:27 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-03-20 22:25 . 2008-03-20 22:25 215 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 19:59 --------- d-----w C:\Program Files\iTunes
2008-04-13 19:55 --------- d-----w C:\Program Files\TomTom HOME
2008-04-13 19:55 --------- d-----w C:\Program Files\QuickTime
2008-04-13 19:55 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-13 19:54 --------- d-----w C:\Program Files\AIM6
2008-04-13 19:54 --------- d-----w C:\Documents and Settings\gerard and steve\Application Data\Smilebox
2008-04-13 19:52 0 ----a-w C:\Documents and Settings\gerard and steve\.exe
2008-04-13 18:02 --------- d-----w C:\Program Files\MSECache
2008-04-10 22:52 --------- d-----w C:\Program Files\Google
2008-04-03 01:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-03 01:03 --------- d-----w C:\Documents and Settings\gerard and steve\Application Data\AdobeUM
2008-03-30 13:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-29 23:32 --------- d-----w C:\Documents and Settings\gerard and steve\Application Data\AOL
2008-03-29 23:30 --------- d-----w C:\Program Files\Common Files\aol
2008-03-29 23:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-03-29 18:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-29 18:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-27 21:49 --------- d-----w C:\Program Files\Dot1XCfg
2008-03-20 16:26 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-03-20 16:26 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-06 10:12 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-03-06 10:12 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-01 22:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-01-29 16:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.

((((((((((((((((((((((((((((( [email protected]_ 9.52.14.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-13 13:48:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-13 19:59:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-13 17:28:38 86,016 ----a-r C:\WINDOWS\Installer\{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}\PrntWzrdIco.exe
+ 2008-04-13 17:30:20 102,400 ----a-r C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe
+ 2007-07-24 19:17:08 81,920 ----a-w C:\WINDOWS\system32\dns-sd.exe
+ 2007-07-24 19:17:08 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
- 2006-09-19 18:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-01-29 16:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-20 12:26 267048]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"HostManager"="C:\Program Files\Common Files\AOL\1186065710\ee\AOLSoftware.exe" [2008-03-20 12:25 42032]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-01-22 19:43 67112]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-27 17:57 286720]

C:\Documents and Settings\gerard and steve\Start Menu\Programs\Startup\
AOL Desktop.lnk - C:\Program Files\Common Files\aol\Launch\aollaunch.exe [2007-05-25 13:16:09 42032]
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-09-15 15:20:53 947544]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-29 23:59:42 124400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-09-13 05:33 155648 C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a------ 2006-01-06 16:06 61440 c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-03-20 12:26 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2005-09-01 19:24 684032 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 03:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-26 10:04 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2006-01-06 16:27 168448 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-12 00:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 17:32 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 17:36 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 17:35 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 19:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 03:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=
"C:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\aol\\1186065710\\ee\\AOLDesktop.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 lgatbus;LG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\lgatbus.sys [2002-10-15 15:03]
S3 lgatmdm;LG CDMA USB Modem Drivers;C:\WINDOWS\system32\DRIVERS\lgatmdm.sys [2002-10-16 03:05]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\lgatserd.sys [2002-10-16 03:07]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3297421e-9148-11dc-9f51-00038a000015}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-07 17:24:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 16:00:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Common Files\aol\acs\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Verizon Wireless\venturi\Client\VentC.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Common Files\aol\1186065710\ee\AOLDesktop.exe
.
**************************************************************************
.
Completion time: 2008-04-13 16:06:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-13 20:06:26
ComboFix2.txt 2008-04-13 13:52:45
Pre-Run: 27,111,202,816 bytes free
Post-Run: 27,098,886,144 bytes free
.
2008-04-13 07:03:14 --- E O F ---
  • 0

#8
DanTanna

DanTanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Malwarebytes' Anti-Malware 1.11
Database version: 622

Scan type: Quick Scan
Objects scanned: 28779
Time elapsed: 6 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Dot1XCfg (Trojan.Downloader) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 13, 2008 9:41:31 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/04/2008
Kaspersky Anti-Virus database records: 702574
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 55660
Number of viruses found: 17
Number of infected objects: 89
Number of suspicious objects: 0
Duration of the scan process: 00:48:48

Infected Object Name / Virus Name / Last Action
C:\7e840813aec361dfe83a67dd6a296e\msxml4-KB927978-enu.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Support\MPLog-03312008-165239.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\edb.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\edbtmp.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\MPSSVCPolicyIdLog.etl Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\gerard and steve\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\gerard and steve\Local Settings\Application Data\AOL\AOLDiag\AOL\HelixUSGM\Win32\2.7.13.1\00025450.prm Object is locked skipped
C:\Documents and Settings\gerard and steve\Local Settings\Application Data\AOL\UserProfiles\1186065710\oj91169\cls\common.cls Object is locked skipped
C:\Documents and Settings\gerard and steve\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\gerard and steve\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\gerard and steve\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\gerard and steve\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\gerard and steve\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\gerard and steve\Local Settings\History\History.IE5\MSHist012008041320080414\index.dat Object is locked skipped
C:\Documents and Settings\gerard and steve\Local Settings\Temp\CMLS--2008-04-13--16-02-16.log Object is locked skipped
C:\Documents and Settings\gerard and steve\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\gerard and steve\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\gerard and steve\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\gerard and steve\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Ent.dat Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\prov.xml Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\service.xml Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\service.xml.bak Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\user.xml Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\user.xml.bak Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\SubInfo.xml Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\edb.log Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\tmp.edb Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\WinSS_st.edb Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\onecaremp_log.bin Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\WinSSSvc_log.bin Object is locked skipped
C:\Program Files\Verizon Wireless\venturi\Client\vent2.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP126\A0051496.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP126\A0051502.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\A0051527.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\A0051535.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\A0052525.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\A0052536.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\A0052539.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\A0052543.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\A0053525.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\A0053535.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\A0053545.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\A0053547.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP129\A0053843.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP129\A0053854.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP129\A0053855.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP129\A0053857.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP130\A0054797.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP130\A0054806.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP130\A0054807.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP130\A0054820.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP130\A0055795.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP130\A0055809.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP130\A0055820.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP130\A0055822.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0056796.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0056808.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0057795.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0057808.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0057824.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0057825.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0058797.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0058809.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0058821.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0058822.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0059797.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0059808.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0059818.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0059820.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0060796.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0060808.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0060824.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0060826.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0061797.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0061809.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0061821.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0061822.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0062795.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0062808.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0063797.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0063809.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0063821.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP132\A0063823.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP134\A0063937.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP134\A0063938.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067106.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067127.dll Infected: not-a-virus:AdWare.Win32.180Solutions.bl skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067133.exe Infected: not-a-virus:AdWare.Win32.180Solutions.bp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067581.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067582.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067583.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067584.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067586.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067587.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067588.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067589.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067590.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067591.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067592.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067593.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067594.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067595.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067596.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067597.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067598.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067600.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067601.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067603.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067605.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067606.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067607.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067609.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067610.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067611.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067612.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067613.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067614.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0067631.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP143\A0069768.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP144\A0070584.rbf Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP176\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{7BFD9EC8-1F82-4401-A07E-2C8287F82CD5}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\MSFWSVC.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\Windows_OneCare_Evt.evt Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_628.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
  • 0

#9
DanTanna

DanTanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Deckard's System Scanner v20071014.68
Run by gerard and steve on 2008-04-14 04:39:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as gerard and steve.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:39:40 AM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\verizon wireless\venturi\Client\ventc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Common Files\AOL\1186065710\ee\AOLSoftware.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Common Files\aol\1186065710\ee\AOLDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\gerard and steve\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\GERARD~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1186065710\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\aol\Launch\aollaunch.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\venturi\Client\ventc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7877 bytes

-- Files created between 2008-03-14 and 2008-04-14 -----------------------------

2008-04-13 19:16:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-13 19:16:22 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-13 19:16:21 0 d-------- C:\WINDOWS\LastGood
2008-04-13 16:22:50 0 d-------- C:\Documents and Settings\gerard and steve\Application Data\Malwarebytes
2008-04-13 16:22:35 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-13 16:22:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-13 15:52:15 0 --a------ C:\Documents and Settings\gerard and steve\.exe
2008-04-13 13:28:34 0 d-------- C:\Program Files\Bonjour
2008-04-13 09:42:31 68096 --a------ C:\WINDOWS\zip.exe
2008-04-13 09:42:31 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-13 09:42:31 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-13 09:42:31 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-13 09:42:31 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-13 09:42:31 98816 --a------ C:\WINDOWS\sed.exe
2008-04-13 09:42:31 80412 --a------ C:\WINDOWS\grep.exe
2008-04-13 09:42:31 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-11 23:10:04 0 dr-h----- C:\Documents and Settings\gerard and steve\Recent
2008-04-11 22:49:15 0 d-------- C:\Documents and Settings\gerard and steve\Application Data\ieSpell
2008-04-11 22:48:43 0 d-------- C:\Program Files\ieSpell
2008-04-11 18:06:24 0 d-------- C:\ComboFix[1]
2008-04-04 22:41:31 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-03 21:23:37 1759 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2008-04-01 05:12:46 0 d-------- C:\Program Files\Trend Micro
2008-03-31 16:52:12 0 d-------- C:\WINDOWS\system32\bits
2008-03-31 16:47:42 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-03-30 00:00:57 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-30 00:00:34 0 d-------- C:\Program Files\Spyware Doctor
2008-03-30 00:00:34 0 d-------- C:\Documents and Settings\gerard and steve\Application Data\PC Tools
2008-03-29 23:59:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-29 19:29:39 0 d-------- C:\WINDOWS\aolshare
2008-03-29 19:29:06 0 d-------- C:\Program Files\Common Files\aolshare
2008-03-29 19:29:06 0 d-------- C:\Program Files\AOL 9.1
2008-03-29 16:10:32 0 d-------- C:\Program Files\Common Files\Scanner
2008-03-29 16:10:27 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-03-29 16:05:23 0 d-------- C:\Documents and Settings\gerard and steve\Application Data\Yahoo!
2008-03-29 16:05:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-29 16:04:54 0 d-------- C:\Program Files\Yahoo!
2008-03-29 14:44:04 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-29 08:48:24 0 d-------- C:\Program Files\Windows Defender
2008-03-28 20:48:34 691545 --a------ C:\WINDOWS\unins000.exe
2008-03-28 20:48:34 2552 --a------ C:\WINDOWS\unins000.dat
2008-03-27 17:10:31 0 d-------- C:\mcafee_mcpr
2008-03-27 17:01:21 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-22 10:52:28 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia


-- Find3M Report ---------------------------------------------------------------

2008-04-13 15:59:35 0 d-------- C:\Program Files\iTunes
2008-04-13 15:55:48 0 d-------- C:\Program Files\TomTom HOME
2008-04-13 15:55:47 0 d-------- C:\Program Files\QuickTime
2008-04-13 15:55:30 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-13 15:55:02 0 d-------- C:\Program Files\Messenger
2008-04-13 15:54:58 0 d-------- C:\Program Files\AIM6
2008-04-13 15:54:58 0 d-------- C:\Documents and Settings\gerard and steve\Application Data\Smilebox
2008-04-13 14:02:16 0 d-------- C:\Program Files\MSECache
2008-04-13 09:44:09 0 d-a------ C:\Program Files\Common Files
2008-04-10 18:52:48 0 d-------- C:\Program Files\Google
2008-04-02 21:09:48 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-02 21:03:31 0 d-------- C:\Documents and Settings\gerard and steve\Application Data\AdobeUM
2008-04-02 21:01:26 0 d-------- C:\Documents and Settings\gerard and steve\Application Data\Adobe
2008-03-29 19:32:33 0 d-------- C:\Documents and Settings\gerard and steve\Application Data\AOL
2008-03-29 19:30:58 0 d-------- C:\Program Files\Common Files\aol
2008-01-21 09:44:11 2528 --a------ C:\Documents and Settings\gerard and steve\Application Data\$_hpcst$.hpc
  • 0

#10
DanTanna

DanTanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/20/2008 12:26 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1186065710\ee\AOLSoftware.exe" [03/20/2008 12:25 PM]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [01/22/2008 07:43 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/27/2008 05:57 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/20/2008 12:26 PM]

C:\Documents and Settings\gerard and steve\Start Menu\Programs\Startup\
AOL Desktop.lnk - C:\Program Files\Common Files\aol\Launch\aollaunch.exe [5/25/2007 1:16:09 PM]
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [9/15/2007 3:20:53 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [3/29/2008 11:59:42 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3297421e-9148-11dc-9f51-00038a000015}]
AutoRun\command- E:\InstallTomTomHOME.exe




-- End of Deckard's System Scanner: finished at 2008-04-14 04:40:21 ------------
  • 0

Advertisements


#11
DanTanna

DanTanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here is the truncated DSS extra.txt file you requested:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.73GHz
Percentage of Memory in Use: 60%
Physical Memory (total/avail): 503.37 MiB / 201.05 MiB
Pagefile Memory (total/avail): 1228.25 MiB / 857.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.29 MiB

C: is Fixed (NTFS) - 37.21 GiB total, 25.54 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541040G9AT00 - 37.26 GiB - 2 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Windows Live OneCare Firewall v1.0.0 (Microsoft Corporation) Disabled
AV: Windows Live OneCare v1.0.0 (Microsoft Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"="C:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
"C:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"="C:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\\Program Files\\AOL 9.1\\waol.exe"="C:\\Program Files\\AOL 9.1\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe:*:Enabled:AOL System Information"
"C:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\aol\\1186065710\\ee\\AOLDesktop.exe"="C:\\Program Files\\Common Files\\aol\\1186065710\\ee\\AOLDesktop.exe:*:Enabled:AOL Desktop"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\gerard and steve\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TRUVAL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\gerard and steve
LOGONSERVER=\\TRUVAL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\GERARD~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\GERARD~1\LOCALS~1\Temp
USERDOMAIN=TRUVAL
USERNAME=gerard and steve
USERPROFILE=C:\Documents and Settings\gerard and steve
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

gerard and steve (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F900A34E-99A9-4F0A-8842-884377553794}\Setup.exe" -l0x9 UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 6.0 Standard --> MsiExec.exe /I{AC76BA86-1033-0000-BA7E-000000000001}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0 --> "C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AOL Pictures Tools (version 10.6.0.8) --> C:\Program Files\AOL Pictures\10_6_0_8a\aolpInstaller.exe /u
AOL Registration --> "C:\Program Files\AOL\RC\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Broadcom Management Programs 2 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1033
CA Yahoo! Anti-Spy (remove only) --> "C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
Conexant D110 MDC V.9x Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Curitel PC Card Software --> C:\Program Files\Verizon Wireless\PC5740\PWI_Uninstall.exe
Dell Wireless WLAN Card --> C:\WINDOWS\system32\BCMWLU00.exe verbose
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
ebgcInfra --> MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes --> MsiExec.exe /X{F3920462-9007-4258-8BD7-6CB744CF808E}
ebgcSDK --> MsiExec.exe /X{53B2D537-21CF-44D5-A03A-0DAF993B5728}
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
FormDocs 6.0 --> C:\Program Files\FormDocs\UNINSTAL.EXE C:\Program Files\FormDocs\INSTALL.LOG
Google AFE --> regsvr32 /u /s "c:\Program Files\GoogleAFE\GoogleAE.dll"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GTOneCare --> MsiExec.exe /X{72690A58-4C2A-4CDE-928C-DF925B125F43}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Extended Capabilities 5.3 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
ieSpell --> "C:\Program Files\ieSpell\uninst.exe"
Intel® Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Internal Network Card Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
LGUsbDriver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB866374-B705-4749-83D9-997AC77146B3}\setup.exe"
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2007 (English) --> MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Protection Service --> MsiExec.exe /I{85CFDC2D-710E-49D5-B799-F3743CA506BA}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Live OneCare Resources v2.0.2500.22 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{E6A31482-989E-4E3C-B0C0-1ED4DBD5BC83}
Microsoft Windows OneCare Live v2.0.2500.22 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Microsoft Windows OneCare Live v2.0.2500.22 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4 SET_LIM_RADIO - ALL
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! Plus --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
TomTom HOME --> C:\Program Files\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
V CAST Music Manager --> C:\PROGRA~1\VERIZO~1\VCASTM~1\Setup.exe /remove /q0
Venturi Client 3.1.4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C59FA2E-EEDA-41FA-90AC-F8FCBD032E85}\Setup.exe" -l0x9 -vuninstall
Verizon Online --> C:\WINDOWS\system32\VerizonUninstaller.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VZAccess Manager --> C:\PROGRA~1\VERIZO~1\VZACCE~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\VZACCE~1\INSTALL.LOG
WebEx AIM Pro Business Edition --> MsiExec.exe /X{D3A04D2F-28C4-4D9C-8487-DAB75992AE09}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live OneCare --> "C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE


-- Application Event Log -------------------------------------------------------

Event Record #/Type4103 / Warning
Event Submitted/Written: 04/13/2008 09:59:01 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{91130409-6000-11D3-8CFE-0150048383C9}', feature 'HandWritingFiles' failed during request for component '{E6BFD503-3A35-4B78-BAB5-9570EDDEF81C}'

Event Record #/Type4102 / Warning
Event Submitted/Written: 04/13/2008 09:59:01 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{91130409-6000-11D3-8CFE-0150048383C9}', feature 'CiceroFiles', component '{D3146E44-B39F-4D61-93CD-07241D982881}' failed. The resource 'C:\WINDOWS\system32\CTFMON.EXE' does not exist.

Event Record #/Type4100 / Warning
Event Submitted/Written: 04/13/2008 09:58:57 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{91130409-6000-11D3-8CFE-0150048383C9}', feature 'HandWritingFiles' failed during request for component '{E6BFD503-3A35-4B78-BAB5-9570EDDEF81C}'

Event Record #/Type4099 / Warning
Event Submitted/Written: 04/13/2008 09:58:57 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{91130409-6000-11D3-8CFE-0150048383C9}', feature 'CiceroFiles', component '{D3146E44-B39F-4D61-93CD-07241D982881}' failed. The resource 'C:\WINDOWS\system32\CTFMON.EXE' does not exist.

Event Record #/Type4097 / Error
Event Submitted/Written: 04/13/2008 09:58:36 AM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: Microsoft Office Basic Edition 2003 -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type17792 / Error
Event Submitted/Written: 04/13/2008 09:46:56 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Venturi Client service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type17759 / Warning
Event Submitted/Written: 04/13/2008 07:10:00 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type17731 / Error
Event Submitted/Written: 04/12/2008 05:25:22 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Venturi Client service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type17724 / Error
Event Submitted/Written: 04/12/2008 05:04:33 PM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type17723 / Error
Event Submitted/Written: 04/12/2008 05:04:33 PM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.



-- End of Deckard's System Scanner: finished at 2008-04-13 10:02:20 ------------
  • 0

#12
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Looks like you are almost clean!

Please uninstall the following programs:

Viewpoint Media Player

  • Go to Start then Settings, then Control Panel
  • Choose Add or Remove Programs
  • Remove all of the above


Click here to download the latest version (Java Runtime Environment (JRE) 6 Update 5). Once downloaded, install it and then Reboot your computer.

It is most important that you also uninstall older versions of Java.
  • Click Start, Control Panel, Add/Remove Programs.
  • Delete all Java updates except Java ™ 6 Update 5


Let me know how your computer is performing after completing the above.

Regards,
RatHat
  • 0

#13
DanTanna

DanTanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Looks like you are almost clean!


Let me know how your computer is performing after completing the above.

Regards,
RatHat


Evertthing is working and at breakneck speed. Thanks so much for your help. :)

Dan
  • 0

#14
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hey there,

OK! Well done, your log is clean again! :)

The first thing we need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

Click Here to download OTCleanIt
Double-click OTCleanIt.exe to run it.
Click the Clean up button
Click Yes to the reboot.

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Now lets Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Turn OFF System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Restart your computer.

Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore.
  • Click Apply, and then click OK.

System Restore will now be active again.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Next, lets reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

Reset Hidden/System Files & Folders
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
  • CHECK the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OK, now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware
  • SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. A tutorial can be found here.
  • Spybot Search & Destroy a powerful tool which can "search and destroy" nasties that make it onto your system. Now with an Immunize section that will help prevent future infections. A tutorial can be found here.
  • AdAware another very powerful tool which searches and kills nasties that infect your system. A tutorial can be found here. AdAware and Spybot Search & Destroy compliment each other very well.

Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


On to personal Anti Virus programs. One AV is a must have! But never more than one, as this can and will cause conflicts and false readings. I have listed three free AV's below which are as good as any paid subscription AV, as long as you allow them to update themselves.

Anti Virus Programs~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Lastly, it is a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

Temp File Cleaners
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Note: Do NOT run this program if you have XP Professional 64 bit edition.
  • ATF Cleaner A very powerful cleaning program for XP and Windows 2000 only. Note: You may have this already as part of the fixes you have run.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I will keep this log open for the next couple of days, so if you have any further problems post another reply here.

OK, all the best, and stay safe!

Best regards,
RatHat
  • 0

#15
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP