Unsolved
This post is more than 5 years old
3 Posts
0
1099
July 4th, 2007 01:00
major popup (?) problems, HJT log include
Starting with the HJT Log to get it out of the way: Logfile of HijackThis v1.99.1 Scan saved at 10:39:11 PM, on 7/3/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\OfficeScan NT\ntrtscan.exe C:\OfficeScan NT\OfcPfwSvc.exe C:\WINDOWS\system32\PRISMSVC.EXE C:\WINDOWS\system32\svchost.exe C:\OfficeScan NT\tmlisten.exe C:\WINDOWS\TEMP\MY367B.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PRISMSVR.EXE C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\System32\igfxpers.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\System32\WgaTray.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Hijackthis\HijackThis.exe O2 - BHO: GOODSEARCH - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146077187203 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183034259234 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: PRISMAPI.DLL - C:\WINDOWS\SYSTEM32\PRISMAPI.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe Symptoms: mostly popups- I put a question mark by it because I'm not sure they're really called pop ups. They occur randomly on any web page, sometimes not at all, or for example while i'm writing this 4 have come up. Make that 5. all are for various offers asking for an email adress to be entered with "rewardamazon.com" or Consumer Promotions Group. So that's the main problem. the other important info is that this is a shared computer and I have no idea who else uses it while I'm not here. Furthermore, it has not been cleaned out or backed up in several years, and countless programs have been downloaded on it. I have used Ad Aware and Super Anti Spyware to scan and they have come up with hundreds of items. I hope I can get some help.
0 events found
No Events found!
bamajim
10.4K Posts
0
July 4th, 2007 12:00
bgourarie
3 Posts
0
July 4th, 2007 13:00
Scan saved at 10:17:35 AM, on 7/4/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\OfficeScan NT\ntrtscan.exe
C:\OfficeScan NT\OfcPfwSvc.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINDOWS\TEMP\MY367B.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\Program Files\TechSmith\Camtasia Studio 4\TSCHelp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: GOODSEARCH - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146077187203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183034259234
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: PRISMAPI.DLL - C:\WINDOWS\SYSTEM32\PRISMAPI.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe
Sorry about that. Does this work better?
bamajim
10.4K Posts
0
July 4th, 2007 13:00
Better. Not much showing up in your log. Let's do this
Please download Combofix and save to your desktop:
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.
bgourarie
3 Posts
0
July 4th, 2007 19:00
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\admin\Desktop.\internet explorer.lnk
C:\DOCUME~1\admin\Desktop\internet.lnk
C:\Program Files\inetget2
C:\Program Files\ymante~1
C:\temp\tn3
C:\WINDOWS\retadpu11.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\wr.txt
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CORE
-------\core
((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 )))))))))))))))))))))))))))))))
2007-07-04 16:41 d-------- C:\Temp\tn3
2007-07-04 16:39 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-04 01:35 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-07-04 01:35 d-------- C:\DOCUME~1\admin\APPLIC~1\acccore
2007-07-04 01:34 d-------- C:\Program Files\Viewpoint
2007-06-30 17:54 d-------- C:\Program Files\Apple Software Update
2007-06-30 02:07 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
2007-06-30 02:07 d-------- C:\DOCUME~1\admin\APPLIC~1\MSN6
2007-06-29 05:01 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-29 00:01 593,408 --a------ C:\WINDOWS\system32\h323msp.dll
2007-06-29 00:01 548,352 --a------ C:\WINDOWS\system32\rtcdll.dll
2007-06-29 00:01 439,808 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-06-29 00:01 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-06-28 23:55 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-28 14:55 991,232 --a------ C:\WINDOWS\system32\esent.dll
2007-06-28 08:45 d-------- C:\WINDOWS\system32\bits
2007-06-28 08:44 d-------- C:\Program Files\AIM6
2007-06-28 08:43 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-06-28 08:43 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-06-28 08:39 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-06-27 22:04 d-------- C:\Program Files\Lavasoft
2007-06-27 22:04 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-27 21:45 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-27 21:43 135,168 -ra------ C:\WINDOWS\system32\igfxres.dll
2007-06-27 21:40 d-------- C:\WINDOWS\Prefetch
2007-06-27 21:32 77,824 --a------ C:\WINDOWS\system32\isign32.dll
2007-06-27 21:32 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2007-06-27 21:32 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-06-27 21:32 47,616 --a------ C:\WINDOWS\system32\INETRES.DLL
2007-06-27 21:32 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
2007-06-27 21:32 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-06-27 21:32 33,280 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-06-27 21:32 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-06-27 21:32 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-06-27 21:32 266,240 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-06-27 21:32 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
2007-06-27 21:31 91,136 --a------ C:\WINDOWS\system32\MSOERT2.DLL
2007-06-27 21:31 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2007-06-27 21:31 73,728 --a------ C:\WINDOWS\system32\ils.dll
2007-06-27 21:31 69,248 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-06-27 21:31 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2007-06-27 21:31 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2007-06-27 21:31 596,480 --a------ C:\WINDOWS\system32\INETCOMM.DLL
2007-06-27 21:31 361,984 --a------ C:\WINDOWS\system32\qmgr.dll
2007-06-27 21:31 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-06-27 21:31 250,368 --a------ C:\WINDOWS\system32\mstask.dll
2007-06-27 21:31 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-06-27 21:31 229,376 --a------ C:\WINDOWS\system32\MSOEACCT.DLL
2007-06-27 21:31 226,816 --a------ C:\WINDOWS\system32\srrstr.dll
2007-06-27 21:31 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-06-27 21:31 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2007-06-27 21:30 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-06-27 21:30 974,336 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-06-27 21:30 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-06-27 21:30 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2007-06-27 21:30 89,600 --a------ C:\WINDOWS\system32\comrepl.dll
2007-06-27 21:30 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-06-27 21:30 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-06-27 21:30 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-06-27 21:30 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
2007-06-27 21:30 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-06-27 21:30 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2007-06-27 21:30 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2007-06-27 21:30 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2007-06-27 21:30 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-06-27 21:30 534,016 --a------ C:\WINDOWS\system32\spider.exe
2007-06-27 21:30 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
2007-06-27 21:30 53,080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-06-27 21:30 499,200 --a------ C:\WINDOWS\system32\comuid.dll
2007-06-27 21:30 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-06-27 21:30 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-06-27 21:30 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2007-06-27 21:30 368,640 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-06-27 21:30 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2007-06-27 21:30 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-06-27 21:30 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2007-06-27 21:30 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-06-27 21:30 18,432 --a------ C:\WINDOWS\system32\qprocess.exe
2007-06-27 21:30 179,200 --a------ C:\WINDOWS\system32\accwiz.exe
2007-06-27 21:30 174,592 --a------ C:\WINDOWS\system32\cmprops.dll
2007-06-27 21:30 16,384 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-06-27 21:30 150,528 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-06-27 21:30 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-06-27 21:30 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2007-06-27 21:30 129,024 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-06-27 21:30 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-06-27 21:30 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-06-27 21:30 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2007-06-27 21:30 116,104 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-06-27 21:30 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-06-27 21:30 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-06-27 21:30 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-06-27 21:30 1,710,936 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-06-27 15:37 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-06-27 15:37 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-06-27 15:36 56,576 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-06-27 15:35 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-06-27 15:34 38,024 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-06-27 15:34 182,400 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-06-27 15:33 71,168 --a------ C:\WINDOWS\system32\storprop.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-03 20:32:06 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\AdobeUM
2007-06-30 16:53:29 -------- d-----w C:\Program Files\MSN Messenger
2007-06-28 12:44:12 335 -c--a-w C:\WINDOWS\nsreg.dat
2007-06-28 05:37:27 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-28 03:17:32 -------- d-----w C:\Program Files\Google
2007-06-28 02:09:20 -------- d-----w C:\Program Files\NCH Swift Sound
2007-06-28 02:08:58 -------- d-----w C:\Program Files\AIM
2007-06-28 02:08:46 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\Aim
2007-06-28 02:08:01 -------- d-----w C:\Program Files\Common Files\AOL
2007-06-28 02:02:55 -------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-06-28 02:02:55 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\Roxio
2007-06-28 01:57:19 -------- d-----w C:\Program Files\Soulseek
2007-06-28 01:47:36 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-28 01:31:57 -------- d-----w C:\Program Files\Movie Maker
2007-06-28 01:31:04 23,348 -c--a-w C:\WINDOWS\system32\emptyregdb.dat
2007-06-28 01:30:42 -------- d-----w C:\Program Files\Windows NT
2007-06-27 15:49:14 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\U3
2007-06-27 13:55:17 4,218 ----a-w C:\WINDOWS\mozver.dat
2007-06-27 12:32:11 -------- d-----w C:\Program Files\QuickTime
2007-06-21 03:55:54 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-21 00:58:06 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\Skype
2007-06-20 20:13:00 -------- d-----w C:\Program Files\Dell Wireless
2007-05-12 16:20:33 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\Google
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 02:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 19:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-95BA-ED6DB186BE32}]
2007-05-15 17:00 1806336 --a------ C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-03-01 15:44]
"OfficeScanNT Monitor"="C:\OfficeScan NT\pccntmon.exe" [2004-07-06 21:11]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 13:33]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2003-03-31 08:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-27 21:44]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2007-06-27 21:44]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
PRISMAPI.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51b38da9-2400-11dc-9620-001372c239f2}]
AutoRun\command- F:\LaunchU3.exe -a
Contents of the 'Scheduled Tasks' folder
2007-06-30 21:54:17 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-04 16:44:35
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-04 16:45:29 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-04 16:45
--- E O F ---
***EDIT***
I don't see any problems anymore, not yet anyways. I think that may have worked. Thank you so much!
Message Edited by bgourarie on 07-04-2007 03:58 PM
bamajim
10.4K Posts
0
July 4th, 2007 20:00
1. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first.
2. Open NotePad (not wordpad). Copy and paste the following into Notepad
File::
C:\Temp\tn3
Save the File as ComboFix-Do.txt ->> Save it to your Desktop
Using the Image as a reference, drag ComboFix-Do.txt into ComboFix.exe
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply