Save it to your Desktop->> Double-Click SmitfraudFix.exe (it will create a Smitfraudfix folder on your Desktop) When another window opens Select 1 and hit Enter to create a report of the infected files. WhenFinished the log will open in Notepad, Ctrl+A to copy Copy and Paste that log as a reply to this thread By default The report can be found at the root of the system drive, usually at C:\rapport.txt
Do Not run option 2 until instructed to do so
Please note that some Antivirus programs flag process.exe as an infection, but it is actually a needed componient of this tool
Logfile of HijackThis v1.99.1
Scan saved at 3:53:05 AM, on 4/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
I went to CastleCops and the person that was assigned to me couldn't fix it. He told me to reformat and reinstall the OS. I've reinstalled the OS two times. Both didn't work. Please help.
Scan done at 3:48:58.10, Mon 04/09/2007
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
Running 2 Antivirus programs is never a good idea. Since they both do the same job, running 2 can cause conflicts, system slowdowns, and may even allow some malware to slip by. I recommend that you unistall one of them through Add/Remove Programs. You are running at least 3 + other programs
So you need to keep
1. And go to Add/Remove Programs and uninstall the other
2.
In your reply tell me which one you have decided to keep
And after you have uninstalled the other 2. Rerun Hijackthis and post a fresh Hijackthis log
I am unable to start Add/Remove Programs because I can't start explorer.exe if you can remember. I have to start everything through CMD and Task Manager.
Dell doesn't have any of my drivers only the updates. I have a Dimension E521. Both of my disk drives are corrupted. I found the manufacturers website and they didn't even have my product. My drive is only 3 months old.
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Fear.job
C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job
bamajim
10.4K Posts
0
April 8th, 2007 23:00
1. Please go HERE
And Download SmitFraudFix by S!ri
Double-Click SmitfraudFix.exe (it will create a Smitfraudfix folder on your Desktop)
When another window opens
Select 1 and hit Enter to create a report of the infected files.
WhenFinished the log will open in Notepad, Ctrl+A to copy
Copy and Paste that log as a reply to this thread
By default The report can be found at the root of the system drive, usually at C:\rapport.txt
Do Not run option 2 until instructed to do so
Please note that some Antivirus programs flag process.exe as an infection, but it is actually a needed componient of this tool
time4swim
29 Posts
0
April 9th, 2007 00:00
Scan saved at 3:53:05 AM, on 4/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\update.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Fear\Desktop\Desktop Junk\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runescape.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: RapidShare-Download - res://C:\Documents and Settings\Fear\Desktop\more-rapid.exe/RsMenExt.html
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.bigfishgames.com/online/ricochetlostworlds/ReflexiveWebGameLoader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.bigfishgames.com/online/chuzzledeluxe/popcaploader_v6.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GEARSecurity - GEAR Software Inc. - (no file)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
I went to CastleCops and the person that was assigned to me couldn't fix it. He told me to reformat and reinstall the OS. I've reinstalled the OS two times. Both didn't work. Please help.
time4swim
29 Posts
0
April 9th, 2007 00:00
Scan done at 3:48:58.10, Mon 04/09/2007
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\update.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Fear
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Fear\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Fear\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» DNS
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
bamajim
10.4K Posts
0
April 9th, 2007 01:00
What we need to address first is:
C:\Program Files\ AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\ Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\ AVG7\avgamsvr.exe
Running 2 Antivirus programs is never a good idea. Since they both do the same job, running 2 can cause conflicts, system slowdowns, and may even allow some malware to slip by. I recommend that you unistall one of them through Add/Remove Programs. You are running at least 3 + other programs
So you need to keep 1. And go to Add/Remove Programs and uninstall the other 2.
In your reply tell me which one you have decided to keep
And after you have uninstalled the other 2. Rerun Hijackthis and post a fresh Hijackthis log
time4swim
29 Posts
0
April 9th, 2007 03:00
bamajim
10.4K Posts
0
April 10th, 2007 23:00
time4swim
29 Posts
0
April 11th, 2007 20:00
I have a question. How do I install my DVD drive when my driver in on my OS CD I believe. I can't run my OS CD if my driver isn't working...
bamajim
10.4K Posts
0
April 11th, 2007 20:00
Message Edited by bamajim on 04-11-2007 04:23 PM
bamajim
10.4K Posts
0
April 11th, 2007 22:00
time4swim
29 Posts
0
April 11th, 2007 22:00
time4swim
29 Posts
0
April 11th, 2007 23:00
"Fear" - 07-04-12 16:56:29 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Documents and Settings\Fear\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2007-03-12 to 2007-04-12 ))))))))))))))))))))))))))))))))))
2007-04-12 16:00 d-------- C:\Program Files\Security Task Manager
2007-04-12 16:00 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
2007-04-12 15:56 d-------- C:\WINDOWS\system32\vmm32
2007-04-11 20:04 d-------- C:\WINDOWS\Prefetch
2007-04-11 18:59 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-10 19:42 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-10 19:20 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-04-10 19:20 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-04-10 19:07 430,592 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-10 19:07 36,864 --a------ C:\WINDOWS\system32\wups.dll
2007-04-10 19:07 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-10 19:07 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-10 19:07 112,640 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-10 19:07 111,104 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-10 19:07 1,134,592 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-09 21:15 d-------- C:\Program Files\a-squared Anti-Malware
2007-04-09 17:33 d-------- C:\DOCUME~1\Fear\DoctorWeb
2007-04-09 17:23 d-------- C:\Explorertest
2007-04-09 17:08 d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot
2007-04-09 06:28 d-------- C:\VundoFix Backups
2007-04-09 04:10 d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-04-09 04:09 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-04-09 04:09 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-04-09 04:09 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-04-09 04:09 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-04-09 04:08 d-------- C:\Program Files\Webroot
2007-04-09 04:08 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-04-09 04:04 d-------- C:\DOCUME~1\Fear\APPLIC~1\Webroot
2007-04-09 02:06 d-------- C:\WINDOWS\NV10121516.TMP
2007-04-08 03:32 d-------- C:\Program Files\Common Files\Panda Software
2007-04-08 02:14 77 --a------ C:\replace.bat
2007-04-08 01:35 d-------- C:\WINDOWS\BDOSCAN8
2007-04-08 01:19 d-------- C:\WINDOWS\system32\ActiveScan
2007-04-08 00:58 d-------- C:\DOCUME~1\Fear\APPLIC~1\Prevx
2007-04-08 00:58 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2007-04-08 00:57 77,312 --a------ C:\WINDOWS\ua2.dll
2007-04-08 00:38 d-------- C:\DOCUME~1\Fear\APPLIC~1\TrojanHunter
2007-04-08 00:15 d-------- C:\Program Files\TrojanHunter 4.6
2007-04-08 00:10 d-------- C:\Program Files\TrojanHunter 4.0
2007-04-07 23:44 d-------- C:\Program Files\SUPERAntiSpyware
2007-04-07 23:44 d-------- C:\DOCUME~1\Fear\APPLIC~1\SUPERAntiSpyware.com
2007-04-07 23:44 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-04-07 20:41 d-------- C:\DOCUME~1\Fear\Desktop_
2007-04-06 20:31 d--h----- C:\Program Files\WindowsUpdate
2007-04-06 17:21 71,168 --a------ C:\WINDOWS\system32\LxrJD31s.exe
2007-04-05 23:57 d-------- C:\Program Files\Vstplugins
2007-04-05 23:57 d-------- C:\Program Files\Sony
2007-04-05 22:02 d-------- C:\Program Files\RegCleaner
2007-04-05 21:58 d-------- C:\Program Files\Windows Installer Clean Up
2007-04-05 21:58 d-------- C:\Program Files\MSECACHE
2007-04-04 17:43 65,536 --a------ C:\WINDOWS\system32\drivers\storprop.dll
2007-04-04 09:27 d-------- C:\DOCUME~1\JASOND~1.000\APPLIC~1\Apple Computer
2007-04-03 16:56 d-------- C:\DOCUME~1\JASOND~1.000\APPLIC~1\Sonic
2007-04-01 20:09 15,664 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2007-04-01 20:02 19,840 --a------ C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-04-01 19:58 9,856 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2007-04-01 07:32 d-------- C:\DOCUME~1\nicole\APPLIC~1\Sonic
2007-03-31 11:31 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-03-31 11:09 d-------- C:\Program Files\Common Files\Sonic
2007-03-29 21:25 671,744 --a------ C:\WINDOWS\system32\DolbyHph.dll
2007-03-29 21:25 60,416 --a------ C:\WINDOWS\system32\DSETUP.dll
2007-03-29 21:25 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA Corporation
2007-03-25 22:13 8,126,464 --a------ C:\DOCUME~1\Fear\ntuser.dat
2007-03-25 19:41 d-------- C:\WINDOWS\system32\LogFiles
2007-03-25 19:41 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-03-22 21:38 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-03-22 21:38 59,472 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-03-22 21:38 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-03-22 21:38 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-03-22 21:38 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-03-22 21:37 d-------- C:\Program Files\Spyware Doctor
2007-03-22 21:37 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
2007-03-22 20:45 d-------- C:\Program Files\Common Files\PC Tools
2007-03-22 20:44 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-03-22 18:10 4,614 --a------ C:\WINDOWS\system32\tmp.reg
2007-03-22 18:09 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-03-22 18:09 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-03-22 18:09 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-03-22 18:09 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-03-22 18:09 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-03-21 21:22 dr-h----- C:\MSOCache
2007-03-21 21:21 86,512 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-03-21 21:16 d--h----- C:\WINDOWS\ShellNew
2007-03-21 21:16 d-------- C:\Program Files\Microsoft ActiveSync
2007-03-21 21:15 d-------- C:\Program Files\Microsoft.NET
2007-03-21 17:52 d-------- C:\WINDOWS\system32\NtmsData
2007-03-16 22:01 1,364 --a------ C:\WINDOWS\mozver.dat
2007-03-15 18:12 1,649,152 --a------ C:\Program Files\n_v14.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-12 15:56 -------- d-------- C:\Program Files\dell
2007-04-12 15:55 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-04-11 19:19 34332 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-09 20:31 -------- d-------- C:\DOCUME~1\Fear\APPLIC~1\iolo
2007-04-08 01:24 -------- d-------- C:\Program Files\windows defender
2007-04-08 01:24 -------- d-------- C:\Program Files\norton internet security
2007-04-08 01:23 -------- d-------- C:\Program Files\ida
2007-04-07 23:43 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-04-07 23:20 -------- d-------- C:\Program Files\msn messenger
2007-04-06 20:30 -------- d-------- C:\Program Files\movie maker
2007-04-06 20:24 -------- d-------- C:\Program Files\windows nt
2007-04-06 17:29 -------- d-------- C:\Program Files\google
2007-04-06 17:21 69824 --a------ C:\WINDOWS\system32\drivers\LxrJD31d.sys
2007-04-06 17:21 61440 --a------ C:\WINDOWS\system32\lxrjd20sat.dll
2007-04-06 17:21 249856 --a------ C:\WINDOWS\system32\lxrjd31.dll
2007-04-06 17:21 163840 --a------ C:\WINDOWS\system32\lxrjd31c.exe
2007-04-06 17:21 146432 --a------ C:\WINDOWS\system32\lxrjd31p.exe
2007-04-06 12:08 0 --a------ C:\DOCUME~1\Fear\APPLIC~1\.googlewebacchosts
2007-04-05 23:53 -------- d--h----- C:\Program Files\installshield installation information
2007-04-05 23:33 -------- d-------- C:\Program Files\swiftswitch
2007-04-05 16:27 -------- d-------- C:\Program Files\daemon tools
2007-04-02 13:34 -------- d-------- C:\Program Files\itunes
2007-04-02 13:34 -------- d-------- C:\Program Files\ipod
2007-03-31 11:09 -------- d-------- C:\DOCUME~1\Fear\APPLIC~1\sonic
2007-03-29 21:55 -------- d-------- C:\Program Files\Common Files\sonic shared
2007-03-29 21:51 -------- d-------- C:\Program Files\roxio
2007-03-29 05:50 34 --a------ C:\WINDOWS\popcinfo.dat
2007-03-21 17:49 786 --a------ C:\DOCUME~1\Fear\APPLIC~1\wklnhst.dat
2007-03-21 17:16 -------- d-------- C:\Program Files\microsoft works
2007-03-19 22:45 -------- d-------- C:\DOCUME~1\Fear\APPLIC~1\utorrent
2007-03-18 14:39 -------- d-------- C:\Program Files\java
2007-03-09 23:23 -------- d-------- C:\Program Files\quicktime
2007-03-09 23:21 -------- d-------- C:\Program Files\apple software update
2007-03-07 19:39 -------- d-------- C:\Program Files\hycam2
2007-03-05 21:34 -------- d-------- C:\Program Files\popcap games
2007-03-05 19:31 80 -rahs---- C:\WINDOWS\system32\99a8dd47af.dll
2007-03-05 19:08 -------- d-------- C:\DOCUME~1\Fear\APPLIC~1\winpatrol
2007-03-04 18:22 1160371 --ahs---- C:\WINDOWS\system32\fhkmp.ini2
2007-03-04 15:57 1166204 --ahs---- C:\WINDOWS\system32\tttss.ini2
2007-03-04 14:03 -------- d-------- C:\Program Files\userdata
2007-03-04 13:03 -------- d-------- C:\Program Files\gamehouse
2007-03-03 02:02 -------- d-------- C:\Program Files\iolo
2007-03-02 20:19 118983338 --a------ C:\BackupRegistry(20070302).reg
2007-03-02 20:03 -------- d-------- C:\Program Files\yamicsoft
2007-03-02 19:16 -------- d-------- C:\Program Files\messenger
2007-02-25 18:36 -------- d-------- C:\DOCUME~1\Fear\APPLIC~1\symantec
2007-02-25 18:33 -------- d-------- C:\Program Files\driver validation
2007-02-25 17:52 646392 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-02-25 17:00 2286208 --a------ C:\WINDOWS\system32\tukernel.exe
2007-02-25 01:09 -------- d-------- C:\Program Files\icolorfolder
2007-02-24 21:02 -------- d-------- C:\Program Files\microsoft frontpage
2007-02-24 20:50 -------- d-------- C:\Program Files\online services
2007-02-24 01:45 -------- d-------- C:\Program Files\Common Files\logitech
2007-02-24 01:30 -------- d-------- C:\Program Files\pcpitstop
2007-02-18 21:21 -------- d-------- C:\DOCUME~1\Fear\APPLIC~1\ie7pro
2007-02-13 18:00 -------- d-------- C:\Program Files\driver-soft
2007-02-07 16:23 40871176 --a------ C:\Program Files\systemmechanic7pro.exe
2007-02-07 16:20 436328 --a------ C:\WINDOWS\system32\incinerator.dll
2007-02-03 01:32 0 -rahs---- C:\MSDOS.SYS
2007-02-03 01:32 0 -rahs---- C:\IO.SYS
2007-02-02 18:00 426872 --a------ C:\WINDOWS\system32\spoonuninstall.exe
2007-01-26 23:06 24 --a------ C:\WINDOWS\system.sys
2007-01-19 22:00 66 --a------ C:\WINDOWS\vmreg32.dll
2007-01-19 21:24 9 --a------ C:\WINDOWS\system32\msnotr32.dll
2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SetDefaultMIDI"="MIDIDef.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier. exe"
"TuneUp MemOptimizer"="\"C:\\Program Files\\TuneUp Utilities 2007\\MemOptimizer.exe\" autostart"
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic Professional 7\\SMSystemAnalyzer.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SUPERAntiSpyware"="\"C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy\\Surround Mixer\\CTSysVol.exe /r"
"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
"PC Pitstop Optimize Scheduler"="C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe -boot"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"System Files Updater"="C:\\WINDOWS\\FlyakiteOSX\\Tools\\System Files Updater.exe /S"
"Logitech Hardware Abstraction Layer"="\"C:\\Program Files\\Common Files\\Logitech\\khalshared\\KHALMNPR.EXE\""
@=""
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"SDTray"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"nwiz"="nwiz.exe /install"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.6\\THGuard.exe\""
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"a-squared"="\"C:\\Program Files\\a-squared Anti-Malware\\a2guard.exe\""
"NetFxUpdate_v1.0.3705"="\"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705 \\netfxupdate.exe\" 1 v1.0.3705 GAC + NI"
"SRFirstRun"="rundll32 srclient.dll,CreateFirstRunRp"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalCo mponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalCo mponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalCo mponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalCo mponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ioloDMV"=dword:00000002
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\share dtaskscheduler]
"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell executehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{9B8E9200-85B9-402A-BD72-C17F41CD7C97}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceob jectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
"carbinyl"="{8d8c2387-7f80-4022-9be6-43630a969558}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75 ,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e, \
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63 ,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system ]
"NoVisualStyleChoice"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system \Shell]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explo rer]
"NoCDBurning"=dword:00000000
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explo rer\Run]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoSecurityTab"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er\Run]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxs ervice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcore service
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Webroo tSpySweeperService
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac 05d-0e0d-11da-9aa9-806d6172696f}]
Shell\AutoRun\command E:\setup.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7645c c08-951d-11db-b68c-00188b74bf1a}]
Shell\AutoRun\command K:\JDSecure\Windows\JDSecure31.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a64f5 06f-9416-11db-b67e-806d6172696f}]
shell\dinstall\command D:\directx\dxsetup.exe
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Fear.job
C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-12 17:00:25
C:\ComboFix-quarantined-files.txt ... 07-04-12 17:00
time4swim
29 Posts
0
April 11th, 2007 23:00
bamajim
10.4K Posts
0
April 11th, 2007 23:00
bamajim
10.4K Posts
0
April 12th, 2007 01:00
time4swim
29 Posts
0
April 13th, 2007 01:00