Please download Combofix and save to your desktop:
Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the contents of the C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang.
bamajim this is part of the log I'm submitting the second part next.
ComboFix 07-12-05.2 - sgardner 2007-12-06 15:50:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.477 [GMT -5:00]
Running from: C:\Documents and Settings\sgardner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
S3 smrtdrv;SMART Technologies Inc. Mirror Driver;C:\WINDOWS\system32\DRIVERS\smrtdrv.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70452d65-edc0-11db-98f1-00123f629c78}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net Rootkit scan 2007-12-06 15:55:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-06 15:58:38 - machine was rebooted
.
--- E O F ---
Save the File as
CFScript(exactly as shown no spaces) ->> Save it to your
Desktop
Using the Image as a reference, drag
CFScript into
ComboFix.exe
You will be prompted to run Combofix again, Do so Following the same rules as indicated in my first post Then post the contents of the C:\ComboFix.txt log in your reply
2. You have a suspicious file I would like to have a look at
and In the file to submit box, click Browse.Using Windows Explorer
(Right click on "Start," select "Explore," and you will see the "tree' of file folders in the left side of the window. Click on the "+" next to any folder name to expand its contents)
Locate the file
C:\WINDOWS\system32\katzpsaci.exe
In the comments tell them that I asked you to upload the file
Then Select
Send File.
ComboFix 07-12-05.2 - sgardner 2007-12-07 14:37:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.492 [GMT -5:00]
Running from: C:\Documents and Settings\sgardner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\sgardner\Desktop\CFScript.txt
* Created a new restore point
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S3 smrtdrv;SMART Technologies Inc. Mirror Driver;C:\WINDOWS\system32\DRIVERS\smrtdrv.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70452d65-edc0-11db-98f1-00123f629c78}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
Adobe Acrobat 4.0
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.5
Adobe Shockwave Player
Art Explosion Greeting Card Factory Express
Broadcom Advanced Control Suite
ccCommon
Crick Picture Library
Dell AIO Printer A940
Dell ResourceCD
Digital Photo Navigator 1.5
ExamView Pro
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
HP Memories Disc
HP Photo Printing Software
HP Precisionscan Pro 3.1
HP Share-to-Web
IKatzu
Intel(R) Graphics Media Accelerator Driver
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Kodak DIGITAL GEM Professional Plug-In 2.0.0
LiveReg (Symantec Corporation)
LiveUpdate 2.0 (Symantec Corporation)
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Office Professional Edition 2003
Microsoft Text-to-Speech Engine 4.0 (English)
MSN
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Norton AntiSpam
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Photodex Presenter
Photogize PrintWizard
PowerDVD 5.5
QuickTime
RegCure 1.3.0.2
Roxio PhotoSuite 5
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Symantec AntiVirus
Trellix Web Express Site Building
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB923845)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Yahoo! Install Manager
Yahoo! Toolbar
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:54, on 2007-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
1. Rerun Hijackthis (scan only) and place checks beside the following entries
O2 - BHO: (no name) - SOFTWARE - (no file) O4 - HKLM\..\Run: [ArtChk] C:\WINDOWS\system32\artchker.exe
Close all other open windows except Hijackthis and Select " Fix checked"
Close Hijackthis
2. Your log does show you are running 2 Antivirus programs: Norton and McAfee.
Running 2 Antivirus programs is never a good idea. Since they both do the same job, running 2 can cause conflicts, system slowdowns, and may even allow some malware to slip by. I recommend that you unistall one of them through Add/Remove Programs.
Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log.
And in your reply tell me which Antivirus Program you decided to keep
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:05, on 2007-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
You may now remove/delete/uninstall the tools we used to clean your PC
Now that your log is clean
There are some final notes: Disable and Enable System Restore
Lets create a clean System Restore point the instructions are here
Make your Internet Explorer more secure This can be done by following these simple instructions:
Open Internet Explorer click Tools->> Options. Click Security tab Click once on the Internet icon so it becomes highlighted. Click Custom Level. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialise and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click OK. If it prompts you to save the settings, press Yes. Next press Apply and then OK to exit the Internet Properties page
Update your Anti Virus Software
Use and maintain a Firewall
Download and install SiteHound by Firetrust for protection against malicious websites.
Pick the version that matches your browser
Visit Microsoft's Windows Update Site Frequently for critical updates
Backup your Important Documents and Files on a regular basis
bamajim
10.4K Posts
0
December 6th, 2007 17:00
Please download Combofix and save to your desktop:
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.
"The world is what you make of it"
starrchild07
38 Posts
0
December 6th, 2007 19:00
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
2007-10-18 15:38 23040 --a------ C:\Program Files\Adsense Helper Object\aho.v4.dll
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 10:49]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-17 07:33]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-06 02:22]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-06 02:19]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-06 02:23]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 17:44]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 16:18]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-28 07:49]
"Dell AIO Printer A940"="C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 17:00]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-08 21:39]
"ArtChk"="C:\WINDOWS\system32\artchker.exe" [2007-10-15 08:02]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 15:30]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-01-19 17:11]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 01:01]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-17 07:33:43]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\ 0\ 0]
"Script"=\\jcsd.net\netlogon\DST-update.cmd
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\GPLink-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\GPO-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPLink-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPLink-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPLink-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPO-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPLink-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPLink-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPLink-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPLink-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPLink-List\8]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPO-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPO-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPO-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\GPLink-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\GPO-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\Extension-List\{00000000-0000-0000-0000-000000000000}]
starrchild07
38 Posts
0
December 6th, 2007 19:00
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.477 [GMT -5:00]
Running from: C:\Documents and Settings\sgardner\Desktop\ComboFix.exe
* Created a new restore point
.
.
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Documents and Settings\sgardner\Favorites\Online Security Guide.lnk
C:\Program Files\folder.js\
C:\Program Files\ini.ini\
C:\Program Files\Temporary
C:\Program Files\Temporary\wininstall.exe
C:\Program Files\ucleaner_setup.exe
C:\Program Files\Ultimate Cleaner
C:\Program Files\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\xOe
C:\Temp\xOe\tOasF.log
C:\WINDOWS\Casino.ico
C:\WINDOWS\cookies.ini
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\k1
C:\WINDOWS\system32\k1\IKtzudll2.exe
C:\WINDOWS\system32\katzppd.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qfyqlwdg.dllbox
C:\WINDOWS\system32\vMW02a
C:\WINDOWS\system32\z8
C:\WINDOWS\system32\z8\srwv12drll.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 )))))))))))))))))))))))))))))))
.
2007-12-05 16:13 . 2007-12-05 16:13
2007-12-02 22:22 . 2007-12-02 22:22
2007-12-02 22:22 . 2007-12-02 22:22
2007-12-02 22:01 . 2007-12-02 22:01
2007-12-02 21:17 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-12-02 13:59 . 2007-12-02 14:01
2007-12-02 13:59 . 2007-12-02 14:03
2007-12-02 13:51 . 2007-12-02 13:51
2007-12-02 13:37 . 2007-12-02 13:37 6,364 --a------ C:\WINDOWS\artconfd.tmp
2007-12-02 03:03 . 2007-12-02 03:03
2007-12-01 10:54 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-01 10:54 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-01 10:54 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-01 06:44 . 2007-10-15 08:02 118,784 --a------ C:\WINDOWS\system32\artchker.exe
2007-11-30 17:01 . 2007-11-30 17:01 2,764 --a------ C:\WINDOWS\system32\OEMINFO.PNF
2007-11-30 16:46 . 2007-12-02 14:01
2007-11-30 16:46 . 2007-11-30 16:46
2007-11-30 16:45 . 2007-03-29 07:56 409,600 --------- C:\WINDOWS\system32\dllcache\qmgr.dll
2007-11-30 16:45 . 2007-03-29 07:56 18,944 --------- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-11-30 16:45 . 2007-03-29 07:56 8,192 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2007-11-30 16:45 . 2007-03-29 07:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2007-11-30 16:45 . 2007-03-29 07:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2007-11-30 16:45 . 2007-03-29 07:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2007-11-28 20:47 . 2007-11-28 20:47
2007-11-22 14:49 . 2007-11-30 16:33
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-06 20:56 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-12-06 20:55 --------- d-----w C:\Program Files\McAfee
2007-12-06 20:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-05 05:20 --------- d-----w C:\Program Files\Google
2007-12-03 21:19 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-12-03 03:50 --------- d-----w C:\Program Files\Java
2007-12-03 03:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-03 02:18 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-03 02:16 --------- d-----w C:\Program Files\Common Files\McAfee
2007-12-01 13:43 --------- d-----w C:\Program Files\Adsense Helper Object
2007-11-29 03:35 --------- d-----w C:\Documents and Settings\sgardner\Application Data\SiteAdvisor
2007-11-09 11:02 --------- d-----w C:\Program Files\RegCure
2007-10-30 11:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-26 03:36 8,454,656 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-23 23:06 411,437 --sh--w C:\WINDOWS\system32\rtutv.ini2
2007-10-23 21:21 411,704 --sh--w C:\WINDOWS\system32\rtutv.bak2
2007-10-22 21:36 --------- d-----w C:\Program Files\McAfee.com
2007-10-18 01:11 --------- d-----w C:\Program Files\Windows Defender
2007-10-18 00:23 76 ----a-w C:\Program Files\ini.ini
2007-10-17 13:20 --------- d-----w C:\Program Files\Corel
2007-10-17 13:20 --------- d-----w C:\Program Files\Common Files\Corel
2007-10-17 13:09 --------- d-----w C:\Program Files\exPressit S.E. 2.2
2007-10-17 12:34 --------- d-----w C:\Program Files\Norton Internet Security
2007-10-17 12:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-17 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-17 01:23 --------- d-----w C:\Program Files\Symantec
2007-10-17 01:23 --------- d-----w C:\Documents and Settings\sgardner\Application Data\Symantec
2007-10-17 00:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-16 11:38 --------- d-----w C:\Program Files\Coupons
2007-10-15 13:49 --------- d-----w C:\Program Files\MyPublisher
2007-10-15 13:08 6,465 --sh--w C:\WINDOWS\system32\rtutv.bak1
2007-10-15 13:02 45,056 ----a-w C:\WINDOWS\system32\katzpsaci.exe
2007-10-15 13:02 44,922 ----a-w C:\WINDOWS\system32\IKatzuUninstall.exe
2007-10-15 13:02 421,888 ----a-w C:\WINDOWS\system32\bkincmai.dll
2007-10-15 13:02 24,576 ----a-w C:\WINDOWS\system32\msxml3a.dll
2007-10-15 12:37 530,617 ----a-w C:\Documents and Settings\sgardner\mvPCinfo-1.50.exe
2007-06-14 09:22 2,231 ----a-w C:\Program Files\folder.js
2004-08-04 10:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 10:00 50,688 --sh--w C:\WINDOWS\twain_32.dll
2007-07-26 14:24 168 --sh--r C:\WINDOWS\system32\989C192937.sys
2007-07-26 14:24 7,520 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2004-08-04 10:00 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 10:00 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 10:00 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll
2007-05-17 11:28 549,376 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 10:00 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-04 10:00 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe
starrchild07
38 Posts
0
December 6th, 2007 19:00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\GPLink-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\GPO-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\GPLink-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\GPO-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-1005]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-1005\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-1005\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-1005\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-1005\GPLink-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-1005\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-1005\GPO-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-1005\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-1005\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-500]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-500\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-500\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-500\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-500\GPLink-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-500\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-500\GPO-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-500\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-500\Loopback-GPO-List]
@=""
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
\Shell\AutoRun\command - E:\LaunchU3.exe -a
\Shell\AutoRun\command - E:\LaunchU3.exe -a
Contents of the 'Scheduled Tasks' folder
"2007-11-15 07:19:24 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-10-22 21:36:22 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-12-06 20:55:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-11-29 08:00:32 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************
Rootkit scan 2007-12-06 15:55:59
Windows 5.1.2600 Service Pack 2 NTFS
hidden files: 0
.
Completion time: 2007-12-06 15:58:38 - machine was rebooted
.
--- E O F ---
bamajim
10.4K Posts
0
December 7th, 2007 12:00
1. Open NotePad (not wordpad). Copy and paste the following into Notepad
File::
C:\WINDOWS\system32\artchker.exe
C:\WINDOWS\system32\rtutv.ini2
C:\WINDOWS\system32\rtutv.bak2
C:\WINDOWS\system32\rtutv.bak1
Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop
Using the Image as a reference, drag CFScript into ComboFix.exe
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply
2. You have a suspicious file I would like to have a look at
Please go HERE
Put Your Name, and Dell HJT forum
and In the file to submit box, click Browse.Using Windows Explorer
- (Right click on "Start," select "Explore," and you will see the "tree' of file folders in the left side of the window. Click on the "+" next to any folder name to expand its contents)
Locate the fileIn the comments tell them that I asked you to upload the file
Then Select Send File.
Thanks
"The world is what you make of it"
starrchild07
38 Posts
0
December 7th, 2007 17:00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\ 0\ 0]
"Script"=\\jcsd.net\netlogon\DST-update.cmd
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\GPLink-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\GPO-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1830\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPLink-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPLink-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPLink-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPO-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-1901\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPLink-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPLink-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPLink-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPLink-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPLink-List\8]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPO-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPO-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\GPO-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2041\Loopback-GPO-List]
starrchild07
38 Posts
0
December 7th, 2007 17:00
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.492 [GMT -5:00]
Running from: C:\Documents and Settings\sgardner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\sgardner\Desktop\CFScript.txt
* Created a new restore point
C:\WINDOWS\system32\artchker.exe
C:\WINDOWS\system32\rtutv.bak1
C:\WINDOWS\system32\rtutv.bak2
C:\WINDOWS\system32\rtutv.ini2
.
.
C:\Program Files\ini.ini\
C:\WINDOWS\system32\artchker.exe
C:\WINDOWS\system32\rtutv.bak1
C:\WINDOWS\system32\rtutv.bak2
C:\WINDOWS\system32\rtutv.ini2
((((((((((((((((((((((((( Files Created from 2007-11-07 to 2007-12-07 )))))))))))))))))))))))))))))))
.
2007-12-05 16:13 . 2007-12-05 16:13
2007-12-02 22:22 . 2007-12-02 22:22
2007-12-02 22:22 . 2007-12-02 22:22
2007-12-02 22:01 . 2007-12-02 22:01
2007-12-02 21:17 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-12-02 13:59 . 2007-12-02 14:01
2007-12-02 13:59 . 2007-12-02 14:03
2007-12-02 13:51 . 2007-12-02 13:51
2007-12-02 13:37 . 2007-12-02 13:37 6,364 --a------ C:\WINDOWS\artconfd.tmp
2007-12-02 03:03 . 2007-12-02 03:03
2007-12-01 10:54 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-01 10:54 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-01 10:54 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-11-30 17:01 . 2007-11-30 17:01 2,764 --a------ C:\WINDOWS\system32\OEMINFO.PNF
2007-11-30 16:46 . 2007-12-02 14:01
2007-11-30 16:46 . 2007-11-30 16:46
2007-11-30 16:45 . 2007-03-29 07:56 409,600 --------- C:\WINDOWS\system32\dllcache\qmgr.dll
2007-11-30 16:45 . 2007-03-29 07:56 18,944 --------- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-11-30 16:45 . 2007-03-29 07:56 8,192 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2007-11-30 16:45 . 2007-03-29 07:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2007-11-30 16:45 . 2007-03-29 07:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2007-11-30 16:45 . 2007-03-29 07:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2007-11-28 20:47 . 2007-11-28 20:47
2007-11-22 14:49 . 2007-11-30 16:33
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-07 19:13 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-12-07 19:13 --------- d-----w C:\Program Files\McAfee
2007-12-06 20:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-05 05:20 --------- d-----w C:\Program Files\Google
2007-12-03 21:19 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-12-03 03:50 --------- d-----w C:\Program Files\Java
2007-12-03 03:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-03 02:18 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-03 02:16 --------- d-----w C:\Program Files\Common Files\McAfee
2007-12-01 13:43 --------- d-----w C:\Program Files\Adsense Helper Object
2007-11-29 03:35 --------- d-----w C:\Documents and Settings\sgardner\Application Data\SiteAdvisor
2007-11-09 11:02 --------- d-----w C:\Program Files\RegCure
2007-10-30 11:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-26 03:36 8,454,656 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-22 21:36 --------- d-----w C:\Program Files\McAfee.com
2007-10-18 01:11 --------- d-----w C:\Program Files\Windows Defender
2007-10-18 00:23 76 ----a-w C:\Program Files\ini.ini
2007-10-17 13:20 --------- d-----w C:\Program Files\Corel
2007-10-17 13:20 --------- d-----w C:\Program Files\Common Files\Corel
2007-10-17 13:09 --------- d-----w C:\Program Files\exPressit S.E. 2.2
2007-10-17 12:34 --------- d-----w C:\Program Files\Norton Internet Security
2007-10-17 12:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-17 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-17 01:23 --------- d-----w C:\Program Files\Symantec
2007-10-17 01:23 --------- d-----w C:\Documents and Settings\sgardner\Application Data\Symantec
2007-10-17 00:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-16 11:38 --------- d-----w C:\Program Files\Coupons
2007-10-15 13:49 --------- d-----w C:\Program Files\MyPublisher
2007-10-15 13:02 45,056 ----a-w C:\WINDOWS\system32\katzpsaci.exe
2007-10-15 13:02 44,922 ----a-w C:\WINDOWS\system32\IKatzuUninstall.exe
2007-10-15 13:02 421,888 ----a-w C:\WINDOWS\system32\bkincmai.dll
2007-10-15 13:02 24,576 ----a-w C:\WINDOWS\system32\msxml3a.dll
2007-10-15 12:37 530,617 ----a-w C:\Documents and Settings\sgardner\mvPCinfo-1.50.exe
2007-06-14 09:22 2,231 ----a-w C:\Program Files\folder.js
2004-08-04 10:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 10:00 50,688 --sh--w C:\WINDOWS\twain_32.dll
2007-07-26 14:24 168 --sh--r C:\WINDOWS\system32\989C192937.sys
2007-07-26 14:24 7,520 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2004-08-04 10:00 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 10:00 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 10:00 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll
2007-05-17 11:28 549,376 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 10:00 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-04 10:00 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe
.
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
2007-10-18 15:38 23040 --a------ C:\Program Files\Adsense Helper Object\aho.v4.dll
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 10:49]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-17 07:33]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-06 02:22]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-06 02:19]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-06 02:23]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 17:44]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 16:18]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-28 07:49]
"Dell AIO Printer A940"="C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 17:00]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-08 21:39]
"ArtChk"="C:\WINDOWS\system32\artchker.exe" []
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 15:30]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-01-19 17:11]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 01:01]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-17 07:33:43]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\ 0]
starrchild07
38 Posts
0
December 7th, 2007 17:00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\GPLink-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\GPO-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-2166\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\GPLink-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\GPO-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3131\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\GPLink-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\GPO-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1715567821-507921405-682003330-3132\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-1005]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-1005\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-1005\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-1005\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-1005\GPLink-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-1005\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-1005\GPO-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-1005\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-1005\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-500]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-500\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-500\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-500\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-500\GPLink-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-500\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-500\GPO-List\ 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-500\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3093955227-734301566-2714493192-500\Loopback-GPO-List]
@=""
S3 smrtdrv;SMART Technologies Inc. Mirror Driver;C:\WINDOWS\system32\DRIVERS\smrtdrv.sys
\Shell\AutoRun\command - E:\LaunchU3.exe -a
\Shell\AutoRun\command - E:\LaunchU3.exe -a
Contents of the 'Scheduled Tasks' folder
"2007-11-15 07:19:24 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-10-22 21:36:22 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-12-07 19:15:58 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-11-29 08:00:32 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************
Rootkit scan 2007-12-07 14:39:56
Windows 5.1.2600 Service Pack 2 NTFS
hidden files: 0
.
Completion time: 2007-12-07 14:40:29
C:\ComboFix2.txt ... 2007-12-06 15:58
.
--- E O F ---
bamajim
10.4K Posts
0
December 7th, 2007 19:00
Good work.
Got the file, it's bad. But I want to check one other thing
Re Run Hijackthis
Then select " Open uninstall manager"
Then " save list" and save it to your desktop
Copy and paste that list as a reply to this thread
"The world is what you make of it"
starrchild07
38 Posts
0
December 8th, 2007 01:00
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.5
Adobe Shockwave Player
Art Explosion Greeting Card Factory Express
Broadcom Advanced Control Suite
ccCommon
Crick Picture Library
Dell AIO Printer A940
Dell ResourceCD
Digital Photo Navigator 1.5
ExamView Pro
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
HP Memories Disc
HP Photo Printing Software
HP Precisionscan Pro 3.1
HP Share-to-Web
IKatzu
Intel(R) Graphics Media Accelerator Driver
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Kodak DIGITAL GEM Professional Plug-In 2.0.0
LiveReg (Symantec Corporation)
LiveUpdate 2.0 (Symantec Corporation)
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Office Professional Edition 2003
Microsoft Text-to-Speech Engine 4.0 (English)
MSN
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Norton AntiSpam
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Photodex Presenter
Photogize PrintWizard
PowerDVD 5.5
QuickTime
RegCure 1.3.0.2
Roxio PhotoSuite 5
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Symantec AntiVirus
Trellix Web Express Site Building
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB923845)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Yahoo! Install Manager
Yahoo! Toolbar
bamajim
10.4K Posts
0
December 10th, 2007 12:00
Sorry for the delay
Go to Add or Remove Programs (Click Start ->> Control Panel ->> Add or Remove Programs)
And uninstall the following program
Close Add or Remove Programs ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log
"The world is what you make of it"
starrchild07
38 Posts
0
December 10th, 2007 18:00
Scan saved at 15:54, on 2007-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.jcsd.net:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 29.70.2.20;29.70.1.15;jcsd.net;29.70.1;trouble.jcsd.net;dos-tech.jcsd.net;dos-tech;dos-exch;exch.jcsd.net;29.70.1.11;29.70;proxy.jcsd.net;29.70.1.9;spam.jcsd.net;29.70.1.10;29.70.1.0;*.jcsd.net;student.jcsd.net;29.72.8.25;29.72.8.27;29.72.8.*;29.70.*.*;29.71.
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Adsense Helper Object - {18FA53D3-B7A8-4309-8045-D43D6AA2DCE9} - C:\Program Files\Adsense Helper Object\aho.v4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [ArtChk] C:\WINDOWS\system32\artchker.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Aurigma Image Uploader 2.0 - http://www.photogize.com/PhotogizeImageUploader.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jcsd.net
O17 - HKLM\Software\..\Telephony: DomainName = jcsd.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = jcsd.net
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
End of file - 11423 bytes
bamajim
10.4K Posts
0
December 10th, 2007 19:00
Better
1. Rerun Hijackthis (scan only) and place checks beside the following entries
O4 - HKLM\..\Run: [ArtChk] C:\WINDOWS\system32\artchker.exe
Close all other open windows except Hijackthis and Select " Fix checked"
Close Hijackthis
2. Your log does show you are running 2 Antivirus programs: Norton and McAfee.
Running 2 Antivirus programs is never a good idea.
Since they both do the same job, running 2 can cause conflicts, system slowdowns, and may even allow some malware to slip by.
I recommend that you unistall one of them through Add/Remove Programs.
Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log.
And in your reply tell me which Antivirus Program you decided to keep
"The world is what you make of it"
starrchild07
38 Posts
0
December 10th, 2007 20:00
Scan saved at 17:05, on 2007-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.jcsd.net:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 29.70.2.20;29.70.1.15;jcsd.net;29.70.1;trouble.jcsd.net;dos-tech.jcsd.net;dos-tech;dos-exch;exch.jcsd.net;29.70.1.11;29.70;proxy.jcsd.net;29.70.1.9;spam.jcsd.net;29.70.1.10;29.70.1.0;*.jcsd.net;student.jcsd.net;29.72.8.25;29.72.8.27;29.72.8.*;29.70.*.*;29.71.
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Adsense Helper Object - {18FA53D3-B7A8-4309-8045-D43D6AA2DCE9} - C:\Program Files\Adsense Helper Object\aho.v4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Aurigma Image Uploader 2.0 - http://www.photogize.com/PhotogizeImageUploader.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jcsd.net
O17 - HKLM\Software\..\Telephony: DomainName = jcsd.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = jcsd.net
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
End of file - 8170 bytes
bamajim
10.4K Posts
0
December 10th, 2007 20:00
Had a couple of differerent infections.
You may now remove/delete/uninstall the tools we used to clean your PC
Now that your log is clean
There are some final notes:
Disable and Enable System Restore
the instructions are here
Make your Internet Explorer more secure
This can be done by following these simple instructions:
Click Security tab
Click once on the Internet icon so it becomes highlighted.
Click Custom Level.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click OK.
If it prompts you to save the settings, press Yes.
Next press Apply and then OK to exit the Internet Properties page
Update your Anti Virus Software
Use and maintain a Firewall
Download and install SiteHound by Firetrust for protection against malicious websites.
Pick the version that matches your browser
Visit Microsoft's Windows Update Site Frequently for critical updates
Backup your Important Documents and Files on a regular basis
You may want to read this article" So how did I get infected in the first place" by Tony Klein
surf safe
"The world is what you make of it"