Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Warning: Spyware Has Been Detected On Your Pc...


  • This topic is locked This topic is locked
10 replies to this topic

#1 Ati

Ati

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 14 May 2008 - 07:35 PM

Hi,

I got a spyware infection, I'm not entirely sure what it's name is. All I know is that my wallpaper was been replaced with a light blue screen on top of which is yellow and white type that reads:
Warning: Spyware threat has been detected on your PC
Your computer has several fatal errors due to spyware activity. It is strongly encouraged recommended to install an anti-spyware software to close all security vulnerabilities. Antispyware software helps protect your PC against spyware and other security threats.

There's a link under that, that advertises spyware. I also know that my Task List has been disabled, and I get occasional messages near my clock, about how my computer is running slow.

I ran a DSS scan, and only got one notepad window afterwards, and here are the results.

Thanks,

Deckard's System Scanner v20071014.68
Run by Ben Nunez on 2008-05-14 19:17:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Ben Nunez.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:45 PM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Gateway USB-G Wireless Monitor\WLService.exe
C:\Program Files\Gateway USB-G Wireless Monitor\WLanG.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\America Online 9.0c\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing Deluxe 15\minimavis.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Ben Nunez\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\BENNUN~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O2 - BHO: (no name) - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Ascb] "C:\WINDOWS\system32\YSTEM3~1\dvdplay.exe" -vt yazb
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0c\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Personal Coach.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: yayyVllI - yayyVllI.dll (file missing)
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Gateway Wireless USB-G 2.0 Service (Gateway Wireless USB-G 2.0) - Unknown owner - C:\Program Files\Gateway USB-G Wireless Monitor\WLService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7749 bytes

-- Files created between 2008-04-14 and 2008-05-14 -----------------------------

2008-05-14 17:00:03 0 d-------- C:\Program Files\Trend Micro
2008-05-12 19:25:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-05-12 19:24:36 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-12 19:24:36 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-12 19:24:36 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-12 19:24:36 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-12 19:24:35 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-12 19:24:35 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-12 19:24:35 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-12 19:24:35 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-12 19:24:35 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-12 19:24:35 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-12 19:24:35 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-12 19:24:34 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-12 19:24:34 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-12 19:24:34 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-12 19:24:34 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-12 18:27:43 9472 --a------ C:\WINDOWS\swin32.dll
2008-05-12 18:27:42 13056 --a------ C:\WINDOWS\2020search2.dll
2008-05-12 18:27:42 13824 --a------ C:\WINDOWS\2020search.dll
2008-05-12 16:17:46 25600 --a------ C:\WINDOWS\cdsm32.dll
2008-05-11 18:53:51 11264 --a------ C:\WINDOWS\bokja.exe
2008-05-11 18:09:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-11 17:49:11 0 d-------- C:\Program Files\SpyMaxx
2008-05-10 23:26:41 0 d-------- C:\Program Files\Lavasoft
2008-05-10 23:26:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-10 23:25:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-10 21:01:36 164 --a------ C:\install.dat
2008-05-10 20:59:44 0 d--hs---- C:\Documents and Settings\Ben Nunez\UserData
2008-05-10 19:48:29 0 d-------- C:\Program Files\Windows Sidebar
2008-05-10 19:48:27 0 d-------- C:\Program Files\Norton AntiVirus
2008-05-10 19:47:33 0 d-------- C:\Program Files\Symantec
2008-05-10 19:47:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-10 19:36:38 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-10 16:15:51 23552 --a------ C:\WINDOWS\voiceip.dll
2008-05-10 16:15:50 14336 --a------ C:\WINDOWS\mssvr.exe
2008-05-10 16:15:49 19968 --a------ C:\WINDOWS\mspphe.dll
2008-05-10 16:15:45 31232 --a------ C:\WINDOWS\saiemod.dll
2008-05-10 16:15:44 17664 --a------ C:\WINDOWS\msapasrc.dll
2008-05-10 16:15:44 25344 --a------ C:\WINDOWS\msa64chk.dll
2008-05-10 16:15:43 8448 --a------ C:\WINDOWS\shdocpl.dll
2008-05-10 16:15:42 30464 --a------ C:\WINDOWS\shdocpe.dll
2008-05-10 16:15:42 27136 --a------ C:\WINDOWS\ntnut.exe
2008-05-10 16:15:41 18176 --a------ C:\WINDOWS\winsb.dll
2008-05-10 16:15:41 16128 --a------ C:\WINDOWS\browserad.dll
2008-05-10 16:15:40 30464 --a------ C:\WINDOWS\aviwrap32.dll
2008-05-10 16:15:40 21760 --a------ C:\WINDOWS\avisynthex32.dll
2008-05-10 16:15:40 15872 --a------ C:\WINDOWS\avifile32.dll
2008-05-10 16:15:40 16384 --a------ C:\WINDOWS\autodisc32.dll
2008-05-10 16:15:39 28672 --a------ C:\WINDOWS\audiosrv32.dll
2008-05-10 16:15:39 15104 --a------ C:\WINDOWS\ati2dvag32.dll
2008-05-10 16:15:39 10240 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-05-10 16:15:39 24320 --a------ C:\WINDOWS\athprxy32.dll
2008-05-10 16:15:38 25344 --a------ C:\WINDOWS\asycfilt32.dll
2008-05-10 16:15:38 13056 --a------ C:\WINDOWS\asferror32.dll
2008-05-10 16:15:38 10752 --a------ C:\WINDOWS\apphelp32.dll
2008-05-10 16:15:37 22784 --a------ C:\WINDOWS\changeurl_30.dll
2008-05-10 15:57:43 6640 --ahs---- C:\WINDOWS\system32\CeMUxyxx.ini2
2008-05-10 15:52:52 0 d-------- C:\Program Files\QdrModule
2008-05-10 15:52:49 0 d-------- C:\WINDOWS\system32\?ystem32
2008-05-10 15:52:26 0 d-------- C:\Program Files\ISM
2008-05-10 15:52:11 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-10 15:52:10 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-10 15:52:07 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-05-10 15:52:07 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-09 17:19:04 0 d-------- C:\Program Files\Valve
2008-05-09 17:07:03 0 d-------- C:\Program Files\Eidos Interactive
2008-05-09 15:56:54 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-05-09 15:56:40 0 d-------- C:\Program Files\Common Files\HP
2008-05-09 15:55:30 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-09 15:54:29 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-09 15:52:49 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll <Not Verified; HP; HP SNMP Windows>
2008-05-09 15:52:49 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll <Not Verified; HP; HP SNMP Windows>
2008-05-09 15:52:49 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll <Not Verified; HP; HP PmlRtl>
2008-05-09 15:52:49 69632 --a------ C:\WINDOWS\system32\HPZipm12.exe <Not Verified; HP; HP PML>
2008-05-09 15:52:49 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe <Not Verified; HP; HP Dot4Net Windows>
2008-05-09 15:52:49 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll <Not Verified; HP; HP Dot4Rtl>
2008-05-09 15:52:48 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-05-09 15:52:00 0 d-------- C:\Program Files\HP
2008-05-09 15:50:30 19696 -----n--- C:\WINDOWS\hpomdl05.dat
2008-05-09 15:50:30 69386 --a------ C:\WINDOWS\hpoins05.dat
2008-05-09 14:43:54 0 d-------- C:\WINDOWS\system32\Lang
2008-05-09 14:40:06 0 d-------- C:\WINDOWS\system32\RTCOM
2008-05-09 14:15:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-09 13:56:49 0 d-------- C:\Documents and Settings\Ben Nunez\Application Data\Macromedia
2008-05-04 18:20:39 0 d--hs---- C:\Documents and Settings\Lissette Nunez\UserData
2008-05-04 10:34:42 0 d-------- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\Application Data\Macromedia
2008-05-04 10:34:42 0 d-------- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\Application Data\Adobe
2008-05-03 22:16:52 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-03 22:16:50 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-03 21:38:45 0 d-------- C:\Documents and Settings\Lissette Nunez\Application Data\Macromedia
2008-05-03 21:18:36 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-25 17:49:45 0 d-------- C:\Documents and Settings\Ben Nunez\Application Data\Help
2008-04-25 17:37:31 0 d-------- C:\Install iTunes
2008-04-25 17:37:30 0 d-------- C:\Install ICQ
2008-04-25 17:37:23 0 d-------- C:\Install AOL Communicator
2008-04-25 17:37:21 0 d-------- C:\AOL Instant Messenger
2008-04-25 17:37:10 0 d-------- C:\Program Files\AOL Companion
2008-04-25 17:36:54 0 d-------- C:\Documents and Settings\Ben Nunez\Application Data\You've Got Pictures Screensaver
2008-04-25 17:35:35 153088 --a------ C:\WINDOWS\system32\jgdwmie.dll <Not Verified; America Online; JG Decoder>
2008-04-25 17:34:58 0 d-------- C:\Program Files\Common Files\aolshare
2008-04-25 17:34:54 0 d-------- C:\Program Files\America Online 9.0c
2008-04-25 17:34:20 0 d-------- C:\Documents and Settings\Ben Nunez\Application Data\Adobe
2008-04-25 17:33:36 0 d-------- C:\Documents and Settings\Ben Nunez\Application Data\AOL
2008-04-25 17:33:35 0 d-------- C:\Documents and Settings\Ben Nunez\Application Data\Webroot
2008-04-25 17:33:35 0 d--h----- C:\Documents and Settings\Ben Nunez\Application Data\Broderbund
2008-04-25 17:33:27 0 d-------- C:\Documents and Settings\Ben Nunez\Application Data\Identities
2008-04-25 17:33:19 0 d--h----- C:\Documents and Settings\Ben Nunez\Templates
2008-04-25 17:33:19 0 dr------- C:\Documents and Settings\Ben Nunez\Start Menu
2008-04-25 17:33:19 0 dr-h----- C:\Documents and Settings\Ben Nunez\SendTo
2008-04-25 17:33:19 0 dr-h----- C:\Documents and Settings\Ben Nunez\Recent
2008-04-25 17:33:19 0 d--h----- C:\Documents and Settings\Ben Nunez\PrintHood
2008-04-25 17:33:19 0 d--h----- C:\Documents and Settings\Ben Nunez\NetHood
2008-04-25 17:33:19 0 dr------- C:\Documents and Settings\Ben Nunez\My Documents
2008-04-25 17:33:19 0 d--h----- C:\Documents and Settings\Ben Nunez\Local Settings
2008-04-25 17:33:19 0 dr------- C:\Documents and Settings\Ben Nunez\Favorites
2008-04-25 17:33:19 0 d-------- C:\Documents and Settings\Ben Nunez\Desktop
2008-04-25 17:33:19 0 d--hs---- C:\Documents and Settings\Ben Nunez\Cookies
2008-04-25 17:33:19 0 dr-h----- C:\Documents and Settings\Ben Nunez\Application Data
2008-04-25 17:33:18 3145728 --ah----- C:\Documents and Settings\Ben Nunez\NTUSER.DAT
2008-04-25 17:26:43 0 d-------- C:\Documents and Settings\user\Application Data\Help
2008-04-25 16:38:53 0 d-------- C:\Documents and Settings\Ben Nunez\Application Data\ATI
2008-04-25 16:30:41 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-04-25 16:25:15 0 d-------- C:\Diamond
2008-04-19 18:10:39 0 d-------- C:\WINDOWS\system32\appmgmt
2008-04-19 17:55:44 0 d-------- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\Application Data\AOL
2008-04-19 17:55:43 0 d-------- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\Application Data\Webroot
2008-04-19 17:55:42 0 d--h----- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\Application Data\Broderbund
2008-04-19 17:55:38 0 d-------- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\Application Data\Identities
2008-04-19 17:55:33 0 d--h----- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\Templates
2008-04-19 17:55:33 0 dr------- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\Start Menu
2008-04-19 17:55:33 0 dr-h----- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\SendTo
2008-04-19 17:55:33 0 dr-h----- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\Recent
2008-04-19 17:55:33 0 d--h----- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\PrintHood
2008-04-19 17:55:33 3145728 --a------ C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\NTUser.dat
2008-04-19 17:55:33 0 d--h----- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\NetHood
2008-04-19 17:55:33 0 dr------- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\My Documents
2008-04-19 17:55:33 0 d--h----- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\Local Settings
2008-04-19 17:55:33 0 dr------- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\Favorites
2008-04-19 17:55:33 0 d-------- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\Desktop
2008-04-19 17:55:33 0 d--hs---- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\Cookies
2008-04-19 17:55:33 0 dr-h----- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\Application Data
2008-04-19 17:55:33 0 d---s---- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\Application Data\Microsoft
2008-04-19 17:43:51 0 d-------- C:\Documents and Settings\user\Application Data\AOL
2008-04-19 17:43:49 0 d-------- C:\Documents and Settings\user\Application Data\Webroot
2008-04-19 15:25:11 0 d-------- C:\aolextras
2008-04-18 21:14:32 0 d-------- C:\Program Files\America Online 9.0b
2008-04-18 20:05:24 0 d-------- C:\Program Files\America Online 9.0a
2008-04-18 19:57:17 0 d-------- C:\Documents and Settings\Lissette Nunez\Application Data\Help
2008-04-18 19:56:37 0 d-------- C:\Documents and Settings\Lissette Nunez\Application Data\AOL
2008-04-18 19:56:23 0 d-------- C:\Program Files\Common Files\aolback
2008-04-18 19:55:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-04-18 19:55:41 102400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll <Not Verified; 4Developers LLC; SimpleRegistry Control>
2008-04-18 19:55:41 10752 --a------ C:\WINDOWS\system32\aamd532.dll <Not Verified; Almeida & Andrade Ltda; MD5 Maker DLL>
2008-04-18 19:55:36 0 d-------- C:\Program Files\Pure Networks
2008-04-18 19:55:35 0 d-------- C:\WINDOWS\occache
2008-04-18 19:55:35 0 d-------- C:\Program Files\Learn2.com
2008-04-18 19:55:35 0 d-------- C:\Documents and Settings\Lissette Nunez\Application Data\You've Got Pictures Screensaver
2008-04-18 19:55:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-18 19:55:31 0 d-------- C:\Program Files\Viewpoint
2008-04-18 19:54:41 0 d-------- C:\Program Files\AOL Toolbar
2008-04-18 19:54:37 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2008-04-18 19:54:29 0 d-------- C:\WINDOWS\system32\QuickTime
2008-04-18 19:54:29 0 d-------- C:\Program Files\QuickTime
2008-04-18 19:54:29 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-04-18 19:54:22 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-04-18 19:54:08 0 d-------- C:\My Music
2008-04-18 19:54:07 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2008-04-18 19:53:42 0 d-------- C:\Program Files\Real
2008-04-18 19:53:41 0 d-------- C:\Program Files\Common Files\Real
2008-04-18 19:52:54 1044480 --a------ C:\WINDOWS\system32\roboex32.dll <Not Verified; eHelp Corporation.; RoboHELP for WinHelp 9>
2008-04-18 19:52:54 54784 --a------ C:\WINDOWS\system32\Inetwh32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2008-04-18 19:52:31 225280 --a------ C:\WINDOWS\system32\AOLDial.dll <Not Verified; America Online, Inc; AOL Connectivity Service>
2008-04-18 19:52:22 0 d-------- C:\Program Files\America Online 9.0
2008-04-18 19:52:22 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-04-18 19:51:50 0 d-------- C:\Program Files\Common Files\AOL
2008-04-18 19:51:49 335 --a------ C:\WINDOWS\nsreg.dat
2008-04-18 19:51:45 0 d-------- C:\Documents and Settings\Lissette Nunez\Application Data\Adobe
2008-04-18 19:51:41 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-04-18 19:46:22 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-18 19:46:10 0 d-------- C:\Program Files\Webroot
2008-04-18 19:46:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-18 19:43:54 0 d-------- C:\Documents and Settings\Lissette Nunez\Application Data\Webroot
2008-04-17 19:37:06 0 d--h----- C:\Documents and Settings\Lissette Nunez\Application Data\Broderbund
2008-04-17 19:36:58 0 d-------- C:\Documents and Settings\Lissette Nunez\Application Data\Identities
2008-04-17 19:36:51 0 d--h----- C:\Documents and Settings\Lissette Nunez\Templates
2008-04-17 19:36:51 0 dr------- C:\Documents and Settings\Lissette Nunez\Start Menu
2008-04-17 19:36:51 0 dr-h----- C:\Documents and Settings\Lissette Nunez\SendTo
2008-04-17 19:36:51 0 dr-h----- C:\Documents and Settings\Lissette Nunez\Recent
2008-04-17 19:36:51 0 d--h----- C:\Documents and Settings\Lissette Nunez\PrintHood
2008-04-17 19:36:51 3145728 --ah----- C:\Documents and Settings\Lissette Nunez\NTUSER.DAT
2008-04-17 19:36:51 0 d--h----- C:\Documents and Settings\Lissette Nunez\NetHood
2008-04-17 19:36:51 0 dr------- C:\Documents and Settings\Lissette Nunez\My Documents
2008-04-17 19:36:51 0 d--h----- C:\Documents and Settings\Lissette Nunez\Local Settings
2008-04-17 19:36:51 0 dr------- C:\Documents and Settings\Lissette Nunez\Favorites
2008-04-17 19:36:51 0 d-------- C:\Documents and Settings\Lissette Nunez\Desktop
2008-04-17 19:36:51 0 d--hs---- C:\Documents and Settings\Lissette Nunez\Cookies
2008-04-17 19:36:51 0 dr-h----- C:\Documents and Settings\Lissette Nunez\Application Data
2008-04-17 19:36:51 0 d---s---- C:\Documents and Settings\Lissette Nunez\Application Data\Microsoft
2008-04-17 12:52:04 0 d--h----- C:\Documents and Settings\Juan Nunez\Application Data\Broderbund
2008-04-17 12:52:00 0 d-------- C:\Documents and Settings\Juan Nunez\Application Data\Identities
2008-04-17 12:51:54 0 d--h----- C:\Documents and Settings\Juan Nunez\Templates
2008-04-17 12:51:54 0 dr------- C:\Documents and Settings\Juan Nunez\Start Menu
2008-04-17 12:51:54 0 dr-h----- C:\Documents and Settings\Juan Nunez\SendTo
2008-04-17 12:51:54 0 dr-h----- C:\Documents and Settings\Juan Nunez\Recent
2008-04-17 12:51:54 0 d--h----- C:\Documents and Settings\Juan Nunez\PrintHood
2008-04-17 12:51:54 2097152 --ah----- C:\Documents and Settings\Juan Nunez\NTUSER.DAT
2008-04-17 12:51:54 0 d--h----- C:\Documents and Settings\Juan Nunez\NetHood
2008-04-17 12:51:54 0 dr------- C:\Documents and Settings\Juan Nunez\My Documents
2008-04-17 12:51:54 0 d--h----- C:\Documents and Settings\Juan Nunez\Local Settings
2008-04-17 12:51:54 0 dr------- C:\Documents and Settings\Juan Nunez\Favorites
2008-04-17 12:51:54 0 d-------- C:\Documents and Settings\Juan Nunez\Desktop
2008-04-17 12:51:54 0 d---s---- C:\Documents and Settings\Juan Nunez\Cookies
2008-04-17 12:51:54 0 dr-h----- C:\Documents and Settings\Juan Nunez\Application Data
2008-04-17 12:51:54 0 d---s---- C:\Documents and Settings\Juan Nunez\Application Data\Microsoft
2008-04-17 09:12:40 0 d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2008-04-16 12:27:50 0 d-------- C:\Program Files\Intel
2008-04-16 12:02:43 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-16 12:01:43 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-04-16 12:01:22 0 d-------- C:\ATI
2008-04-16 11:51:30 81920 --a------ C:\WINDOWS\W32N50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-04-16 11:51:30 40960 --a------ C:\WINDOWS\system32\USB2_IsUser.dll
2008-04-16 11:51:30 32768 --a------ C:\WINDOWS\PCARmDrv.exe <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-04-16 11:51:30 17134 --a------ C:\WINDOWS\PCANDIS5.SYS <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-04-16 11:51:30 16848 --a------ C:\WINDOWS\PCANDIS4.SYS <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-04-16 11:51:30 18189 --a------ C:\WINDOWS\PCAMPR5.SYS <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-04-16 11:51:30 17936 --a------ C:\WINDOWS\PCAMPR4.SYS <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-04-16 11:51:30 0 d-------- C:\Program Files\Gateway USB-G Wireless Monitor
2008-04-16 11:37:11 0 d-------- C:\cabs
2008-04-16 11:14:57 0 d-------- C:\Documents and Settings\user\Application Data\Macromedia
2008-04-16 11:14:57 0 d-------- C:\Documents and Settings\user\Application Data\Adobe
2008-04-16 10:50:36 24424 -ra------ C:\WINDOWS\system32\drivers\NET8511.SYS <Not Verified; ADMtek; ADM8511 USB 10/100 Fast Ethernet Adapter>
2008-04-16 10:45:05 0 d-------- C:\Program Files\Microsoft.NET
2008-04-16 10:45:02 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-16 10:44:31 0 d-------- C:\WINDOWS\SHELLNEW
2008-04-16 10:40:18 0 dr-h----- C:\MSOCache
2008-04-16 10:34:46 212480 --a------ C:\WINDOWS\system32\Pcdlib32.dll <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-04-16 10:34:46 94208 --a------ C:\WINDOWS\system32\msstkprp.dll <Not Verified; Microsoft Corporation; msprop32>
2008-04-16 10:34:45 1136128 --a------ C:\WINDOWS\system32\stmpcdtx.dll <Not Verified; Smart Projects - Stomp Inc; CDText.dll>
2008-04-16 10:34:45 61440 --a------ C:\WINDOWS\system32\cdTextCtl.dll <Not Verified; ; cdTextCtl Module>
2008-04-16 10:34:42 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-04-16 10:34:42 1040384 --a------ C:\WINDOWS\system32\Ter32.dll <Not Verified; Sub Systems, Inc.; TE Edit Control>
2008-04-16 10:34:41 0 d-------- C:\Program Files\Click'N Design 3D (V5)
2008-04-16 10:33:36 89184 -----n--- C:\WINDOWS\system32\drivers\imagedrv.sys <Not Verified; Ahead Software AG and its licensors; NERO IMAGEDRIVE>
2008-04-16 10:33:12 38912 -ra------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-04-16 10:33:08 544768 -ra------ C:\WINDOWS\system32\imagx5.dll <Not Verified; Pegasus Software, LLC; ImagXpress>
2008-04-16 10:33:08 569344 -ra------ C:\WINDOWS\system32\imagr5.dll <Not Verified; Pegasus Software,LLC; ImagXpress>
2008-04-16 10:33:06 155648 -ra------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-04-16 10:33:06 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-16 10:33:03 0 d-------- C:\Program Files\Ahead
2008-04-16 10:30:56 0 d--h----- C:\Documents and Settings\user\Application Data\Broderbund
2008-04-16 10:30:54 0 d-------- C:\Program Files\directx
2008-04-16 10:30:52 0 d-------- C:\Program Files\Common Files\Broderbund
2008-04-16 10:30:25 0 d-------- C:\Program Files\Broderbund
2008-04-16 10:30:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-16 10:30:14 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-15 21:04:55 0 d-------- C:\Documents and Settings\user\Application Data\Identities
2008-04-15 21:04:46 0 d--h----- C:\Documents and Settings\user\Templates
2008-04-15 21:04:46 0 dr------- C:\Documents and Settings\user\Start Menu
2008-04-15 21:04:46 0 dr-h----- C:\Documents and Settings\user\SendTo
2008-04-15 21:04:46 0 dr-h----- C:\Documents and Settings\user\Recent
2008-04-15 21:04:46 0 d--h----- C:\Documents and Settings\user\PrintHood
2008-04-15 21:04:46 2621440 --ah----- C:\Documents and Settings\user\NTUSER.DAT
2008-04-15 21:04:46 0 d--h----- C:\Documents and Settings\user\NetHood
2008-04-15 21:04:46 0 dr------- C:\Documents and Settings\user\My Documents
2008-04-15 21:04:46 0 d--h----- C:\Documents and Settings\user\Local Settings
2008-04-15 21:04:46 0 dr------- C:\Documents and Settings\user\Favorites
2008-04-15 21:04:46 0 d-------- C:\Documents and Settings\user\Desktop
2008-04-15 21:04:46 0 d--hs---- C:\Documents and Settings\user\Cookies
2008-04-15 21:04:46 0 dr-h----- C:\Documents and Settings\user\Application Data
2008-04-15 21:04:46 0 d---s---- C:\Documents and Settings\user\Application Data\Microsoft
2008-04-15 20:41:32 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-04-15 20:41:31 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-15 20:41:31 0 d-------- C:\WINDOWS\Prefetch
2008-04-15 20:41:30 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-15 20:41:30 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-04-15 20:41:30 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-04-15 20:41:30 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-04-15 20:41:30 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-15 20:17:00 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-04-15 20:17:00 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-04-15 20:17:00 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-04-15 20:17:00 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-15 20:16:59 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-15 20:14:14 0 d-------- C:\WINDOWS\system32\xircom
2008-04-15 20:14:14 0 d-------- C:\Program Files\microsoft frontpage
2008-04-15 20:14:05 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-15 20:13:59 0 -rahs---- C:\MSDOS.SYS
2008-04-15 20:13:59 0 -rahs---- C:\IO.SYS
2008-04-15 20:13:59 0 --a------ C:\CONFIG.SYS
2008-04-15 20:13:59 0 --a------ C:\AUTOEXEC.BAT
2008-04-15 20:13:09 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-15 20:13:01 0 dr------- C:\WINDOWS\Offline Web Pages
2008-04-15 20:13:01 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-15 20:12:52 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-15 20:12:36 0 d-------- C:\WINDOWS\system32\DirectX
2008-04-15 20:12:12 0 d---s---- C:\WINDOWS\Tasks
2008-04-15 20:12:11 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-15 20:12:08 0 d-------- C:\WINDOWS\system32\Macromed
2008-04-15 20:12:08 0 d-------- C:\WINDOWS\srchasst
2008-04-15 20:12:02 0 d-------- C:\Program Files\Movie Maker
2008-04-15 20:11:56 0 d-------- C:\WINDOWS\system32\Restore
2008-04-15 20:11:25 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-15 20:11:11 0 d-------- C:\WINDOWS\Registration
2008-04-15 20:11:05 0 d-------- C:\Program Files\Online Services
2008-04-15 20:11:00 0 d-------- C:\Program Files\Messenger
2008-04-15 20:10:58 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-15 20:10:28 0 d-------- C:\Program Files\Windows NT
2008-04-15 20:10:26 0 d-------- C:\WINDOWS\system32\MsDtc
2008-04-15 20:10:25 0 d-------- C:\WINDOWS\system32\Com
2008-04-15 13:05:30 0 d--hs---- C:\WINDOWS\Installer
2008-04-15 13:05:29 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-15 13:05:26 0 dr------- C:\Program Files
2008-04-15 13:05:26 0 d-------- C:\Program Files\Common Files
2008-04-15 13:05:26 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-15 13:05:04 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-04-15 13:05:04 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-04-15 13:05:04 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-04-15 13:05:04 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-04-15 13:05:04 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-04-15 13:05:04 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-04-15 13:05:04 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-04-15 13:05:04 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-04-15 13:05:04 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-04-15 13:05:04 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-04-15 13:05:04 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-04-15 13:05:04 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-04-15 13:05:04 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-04-15 13:05:04 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-04-15 13:05:04 0 dr------- C:\Documents and Settings\All Users\Documents
2008-04-15 13:05:04 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-04-15 13:04:52 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-15 13:04:52 0 d-------- C:\WINDOWS\system32\CatRoot
2008-04-15 13:04:46 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-04-15 13:04:46 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-15 13:04:46 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-04-15 13:04:46 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-15 13:04:30 0 d-------- C:\Documents and Settings
2008-04-15 13:04:29 0 d--hs---- C:\System Volume Information
2008-04-15 12:58:37 0 d-------- C:\WINDOWS
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\WinSxS
2008-04-15 12:58:37 0 dr------- C:\WINDOWS\Web
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\twain_32
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\wins
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\wbem
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\usmt
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\spool
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\ShellExt
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\Setup
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\ras
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\oobe
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\npp
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\mui
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\inetsrv
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\IME
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\icsxml
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\ias
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\export
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\drivers
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-04-15 12:58:37 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\dhcp
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\config
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\3076
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\2052
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\1054
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\1042
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\1041
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\1037
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\1033
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\1031
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\1028
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system32\1025
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\system
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\security
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\Resources
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\repair
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\Provisioning
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\PeerNet
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\pchealth
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\mui
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\msapps
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\msagent
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\Media
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\java
2008-04-15 12:58:37 0 d--h----- C:\WINDOWS\inf
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\ime
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\Help
2008-04-15 12:58:37 0 dr--s---- C:\WINDOWS\Fonts
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\ehome
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\Driver Cache
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\Debug
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\Cursors
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\Connection Wizard
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\Config
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\AppPatch
2008-04-15 12:58:37 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-04-15 13:05:04 62 --ahs---- C:\Documents and Settings\Ben Nunez\Application Data\desktop.ini
2008-03-12 11:09:50 180224 --a------ C:\WINDOWS\system32\Ncs2Setp.dll <Not Verified; Intel® Corporation; Intel® Network Configuration Services>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
05/10/2008 07:50 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [03/21/2007 10:56 AM]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [08/12/2004 07:45 PM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [04/07/2004 02:07 PM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [04/18/2008 07:53 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/18/2008 07:54 PM]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [03/19/2004 04:17 PM]
"SoundMan"="SOUNDMAN.EXE" [09/21/2005 10:24 AM C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [09/21/2005 03:32 PM C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\ALCMTR.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/13/2004 03:49 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/25/2008 08:47 PM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [02/07/2008 01:49 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [05/09/2008 06:00 PM]
"Ascb"="C:\WINDOWS\system32\YSTEM3~1\dvdplay.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0c\aoltray.exe [4/25/2008 5:35:28 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 7:28:24 PM]
Personal Coach.lnk - C:\Program Files\Broderbund\Mavis Beacon Teaches Typing Deluxe 15\minimavis.exe [4/16/2008 10:30:36 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayyVllI]
yayyVllI.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
rundll32 sockins32.dll,InitModule



-- End of Deckard's System Scanner: finished at 2008-05-14 19:18:47 ------------

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:23 PM

Posted 15 May 2008 - 10:57 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Ati

Ati
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 15 May 2008 - 05:27 PM

Hi,

Here's the ComboFix log

ComboFix 08-05-15.2 - Ben Nunez 2008-05-15 16:52:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511 [GMT -5:00]
Running from: C:\Documents and Settings\Ben Nunez\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Ben Nunez\My Documents\RACLE~1
C:\Program Files\ISM
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\QdrModule
C:\WINDOWS\123messenger.per
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\browserad.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\default.htm
C:\WINDOWS\didduid.ini
C:\WINDOWS\licencia.txt
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\muotr.so
C:\WINDOWS\ntnut.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\adult.txt
C:\WINDOWS\system32\CeMUxyxx.ini
C:\WINDOWS\system32\CeMUxyxx.ini2
C:\WINDOWS\system32\finance.txt
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\other.txt
C:\WINDOWS\system32\pharma.txt
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\ystem3~1
C:\WINDOWS\system32\ystem3~1\?ystem32\
C:\WINDOWS\telefonos.txt
C:\WINDOWS\textos.txt
C:\WINDOWS\voiceip.dll
C:\WINDOWS\winsb.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))
.

2008-05-14 17:00 . 2008-05-14 17:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-14 16:44 . 2008-05-14 16:44 <DIR> d-------- C:\Deckard
2008-05-12 19:25 . 2008-05-12 19:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-05-12 19:24 . 2008-05-12 19:24 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-12 19:24 . 2008-05-12 19:24 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-12 19:24 . 2008-05-15 16:51 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-05-11 18:09 . 2008-05-11 18:09 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-11 18:09 . 2008-05-11 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-11 17:49 . 2008-05-11 17:53 <DIR> d-------- C:\Program Files\SpyMaxx
2008-05-11 12:29 . 2008-03-01 08:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-11 12:29 . 2007-04-17 04:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-11 12:29 . 2007-03-08 00:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-11 12:29 . 2008-03-01 08:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-11 12:29 . 2008-03-01 08:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-11 12:29 . 2008-03-01 08:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-11 12:29 . 2008-03-01 08:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-11 12:29 . 2008-03-01 08:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-11 12:29 . 2008-02-22 05:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-10 23:26 . 2008-05-10 23:26 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-10 23:26 . 2008-05-10 23:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-10 23:25 . 2008-05-10 23:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-10 21:02 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-05-10 21:02 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-05-10 21:01 . 2008-05-10 21:01 164 --a------ C:\install.dat
2008-05-10 20:59 . 2008-05-10 20:59 <DIR> d--hs---- C:\Documents and Settings\Ben Nunez\UserData
2008-05-10 19:48 . 2008-05-10 19:48 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-05-10 19:48 . 2008-05-10 19:53 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-05-10 19:47 . 2008-05-10 19:49 <DIR> d-------- C:\Program Files\Symantec
2008-05-10 19:47 . 2008-05-10 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-10 19:47 . 2008-05-10 19:49 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-10 19:47 . 2008-05-10 19:49 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-10 19:47 . 2008-05-10 19:49 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-10 19:47 . 2008-05-10 19:49 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-10 19:36 . 2008-05-11 00:32 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-10 15:54 . 2008-05-10 15:54 57,546 --a------ C:\WINDOWS\promogif3.gif
2008-05-10 15:54 . 2008-05-10 15:54 24,351 --a------ C:\WINDOWS\promogif1.gif
2008-05-10 15:54 . 2008-05-10 15:54 24,066 --a------ C:\WINDOWS\promogif2.gif
2008-05-10 15:54 . 2008-05-10 15:54 1,294 --a------ C:\WINDOWS\homepage.html
2008-05-10 15:54 . 2008-05-10 15:54 507 --a------ C:\WINDOWS\promo6.html
2008-05-10 15:54 . 2008-05-10 15:54 500 --a------ C:\WINDOWS\promo4.html
2008-05-10 15:54 . 2008-05-10 15:54 478 --a------ C:\WINDOWS\promo5.html
2008-05-10 15:54 . 2008-05-10 15:54 283 --a------ C:\WINDOWS\promo3.html
2008-05-10 15:54 . 2008-05-10 15:54 283 --a------ C:\WINDOWS\promo2.html
2008-05-10 15:54 . 2008-05-10 15:54 283 --a------ C:\WINDOWS\promo1.html
2008-05-10 15:52 . 2008-05-10 15:54 1,906 --a------ C:\WINDOWS\index.html
2008-05-09 17:19 . 2008-05-09 17:19 <DIR> d-------- C:\Program Files\Valve
2008-05-09 17:07 . 2008-05-09 17:07 <DIR> d-------- C:\Program Files\Eidos Interactive
2008-05-09 15:56 . 2008-05-09 15:56 <DIR> d-------- C:\Program Files\Common Files\HP
2008-05-09 15:56 . 2008-05-09 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-05-09 15:55 . 2008-05-09 15:56 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-05-09 15:54 . 2008-05-09 15:54 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-09 15:53 . 2004-12-14 11:07 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-05-09 15:53 . 2004-12-14 11:07 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-05-09 15:53 . 2004-12-14 11:07 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-05-09 15:52 . 2008-05-09 15:56 <DIR> d-------- C:\Program Files\HP
2008-05-09 15:52 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-09 15:52 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-05-09 15:52 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-05-09 15:52 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-05-09 15:52 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-05-09 15:52 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-05-09 15:52 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-05-09 15:50 . 2008-05-09 15:59 69,386 --a------ C:\WINDOWS\hpoins05.dat
2008-05-09 15:50 . 2004-12-14 11:07 19,696 --------- C:\WINDOWS\hpomdl05.dat
2008-05-09 14:43 . 2008-05-09 14:43 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-05-09 14:40 . 2008-05-09 14:40 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2008-05-04 18:20 . 2008-05-04 18:20 <DIR> d--hs---- C:\Documents and Settings\Lissette Nunez\UserData
2008-05-03 22:16 . 2008-05-14 14:18 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-03 22:16 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-25 17:37 . 2008-04-25 17:37 <DIR> d-------- C:\Program Files\AOL Companion
2008-04-25 17:37 . 2008-04-25 17:37 <DIR> d-------- C:\Install iTunes
2008-04-25 17:37 . 2008-05-10 23:53 <DIR> d-------- C:\Install ICQ
2008-04-25 17:37 . 2008-04-25 17:37 <DIR> d-------- C:\Install AOL Communicator
2008-04-25 17:37 . 2008-04-25 17:37 <DIR> d-------- C:\AOL Instant Messenger
2008-04-25 17:36 . 2008-04-25 17:36 <DIR> d-------- C:\Documents and Settings\Ben Nunez\Application Data\You've Got Pictures Screensaver
2008-04-25 17:35 . 2004-05-07 18:54 153,088 --a------ C:\WINDOWS\system32\jgdwmie.dll
2008-04-25 17:34 . 2008-04-25 17:36 <DIR> d-------- C:\Program Files\Common Files\aolshare
2008-04-25 17:34 . 2008-04-26 18:49 <DIR> d-------- C:\Program Files\America Online 9.0c
2008-04-25 17:33 . 2008-04-25 17:33 <DIR> d-------- C:\Documents and Settings\Ben Nunez\Application Data\Webroot
2008-04-25 17:33 . 2008-04-25 17:33 <DIR> d--h----- C:\Documents and Settings\Ben Nunez\Application Data\Broderbund
2008-04-25 17:33 . 2008-04-25 17:33 <DIR> d-------- C:\Documents and Settings\Ben Nunez\Application Data\AOL
2008-04-25 17:33 . 2008-05-10 20:59 <DIR> d-------- C:\Documents and Settings\Ben Nunez
2008-04-25 17:33 . 2008-05-15 16:55 151,552 --ah----- C:\Documents and Settings\Ben Nunez\ntuser.dat.LOG
2008-04-25 17:29 . 2008-04-25 17:29 2 --a------ C:\WINDOWS\msoffice.ini
2008-04-25 16:45 . 2008-05-11 18:53 95 --a------ C:\WINDOWS\WININIT.INI
2008-04-25 16:38 . 2008-05-09 16:24 <DIR> d-------- C:\Documents and Settings\Ben Nunez\Application Data\ATI
2008-04-25 16:30 . 2008-04-25 16:30 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2008-04-25 16:26 . 2007-04-18 12:19 1,311,202 --a------ C:\WINDOWS\system32\drivers\ativcaxx.cpa
2008-04-25 16:26 . 2007-09-29 05:46 47,376 --a------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2008-04-25 16:26 . 2007-04-18 12:19 2,096 --a------ C:\WINDOWS\system32\drivers\ativdkxx.vp
2008-04-25 16:26 . 2007-05-30 16:43 2,096 --a------ C:\WINDOWS\system32\drivers\ativckxx.vp
2008-04-25 16:26 . 2007-04-18 12:19 929 --a------ C:\WINDOWS\system32\drivers\ativcaxx.vp
2008-04-25 16:25 . 2008-04-25 16:25 <DIR> d-------- C:\Diamond
2008-04-19 17:55 . 2008-04-19 17:55 <DIR> d-------- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\Application Data\Webroot
2008-04-19 17:55 . 2008-04-19 17:55 <DIR> d--h----- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\Application Data\Broderbund
2008-04-19 17:55 . 2008-04-19 17:55 <DIR> d-------- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\Application Data\AOL
2008-04-19 17:55 . 2008-05-15 16:44 <DIR> d-------- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61
2008-04-19 17:55 . 2008-05-15 16:44 1,024 --ah----- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\ntuser.dat.LOG
2008-04-19 17:43 . 2008-04-19 17:43 <DIR> d-------- C:\Documents and Settings\user\Application Data\Webroot
2008-04-19 17:43 . 2008-04-19 17:43 <DIR> d-------- C:\Documents and Settings\user\Application Data\AOL
2008-04-19 15:25 . 2008-04-25 17:37 <DIR> d-------- C:\aolextras
2008-04-18 21:19 . 2004-08-04 02:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-04-18 21:19 . 2004-08-04 00:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-18 21:19 . 2004-08-04 00:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-18 21:19 . 2001-08-18 00:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-04-18 21:14 . 2008-04-19 15:22 <DIR> d-------- C:\Program Files\America Online 9.0b
2008-04-18 20:05 . 2008-04-18 21:13 <DIR> d-------- C:\Program Files\America Online 9.0a
2008-04-18 19:56 . 2008-04-18 19:56 <DIR> d-------- C:\Program Files\Common Files\aolback
2008-04-18 19:56 . 2008-04-18 19:56 <DIR> d-------- C:\Documents and Settings\Lissette Nunez\Application Data\AOL
2008-04-18 19:56 . 2008-04-25 17:37 715 --a------ C:\WINDOWS\aolback.exe.lnk
2008-04-18 19:55 . 2008-04-25 17:36 <DIR> d-------- C:\WINDOWS\occache
2008-04-18 19:55 . 2008-04-18 19:55 <DIR> d-------- C:\Program Files\Viewpoint
2008-04-18 19:55 . 2008-04-25 17:36 <DIR> d-------- C:\Program Files\Pure Networks
2008-04-18 19:55 . 2008-04-18 19:55 <DIR> d-------- C:\Program Files\Learn2.com
2008-04-18 19:55 . 2008-04-18 19:55 <DIR> d-------- C:\Documents and Settings\Lissette Nunez\Application Data\You've Got Pictures Screensaver
2008-04-18 19:55 . 2008-04-18 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-18 19:55 . 2008-04-18 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-04-18 19:55 . 2004-08-04 07:00 1,483,264 --a------ C:\WINDOWS\system32\shdocvw.bak
2008-04-18 19:55 . 1998-06-26 02:00 644,400 --a------ C:\WINDOWS\system32\MSComCt2.ocx
2008-04-18 19:55 . 2000-05-22 02:00 203,976 --a------ C:\WINDOWS\system32\RichTx32.ocx
2008-04-18 19:55 . 2004-05-07 18:54 173,184 --a------ C:\WINDOWS\system32\ygpss.scr
2008-04-18 19:55 . 1998-06-24 02:00 115,016 --a------ C:\WINDOWS\system32\MSInet.ocx
2008-04-18 19:55 . 2001-11-21 12:15 102,400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll
2008-04-18 19:55 . 1999-04-17 03:06 10,752 --a------ C:\WINDOWS\system32\aamd532.dll
2008-04-18 19:54 . 2008-04-18 19:54 <DIR> d-------- C:\WINDOWS\system32\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 01:14 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-29 08:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 18:33 588,336 ----a-w C:\WINDOWS\system32\ncs2dmix.dll
2008-03-17 18:33 473,648 ----a-w C:\WINDOWS\system32\accesor.dll
2008-03-12 16:09 180,224 ----a-w C:\WINDOWS\system32\Ncs2Setp.dll
2008-03-12 16:01 1,301,040 ----a-w C:\WINDOWS\system32\ncscolib.dll
2008-03-03 17:36 145,968 ----a-w C:\WINDOWS\system32\ncs2instutility.dll
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-05-10 19:50 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2008-05-09 18:00 1271032]
"Ascb"="C:\WINDOWS\system32\YSTEM3~1\dvdplay.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2007-03-21 10:56 155648]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 19:45 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 14:07 496752]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-04-18 19:53 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-18 19:54 98304]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 16:17 78960]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 10:24 86016 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 15:32 2807808 C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 69632 C:\WINDOWS\ALCMTR.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 20:47 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-02-07 01:49 718704]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0c\aoltray.exe [2008-04-25 17:35:28 156784]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
Personal Coach.lnk - C:\Program Files\Broderbund\Mavis Beacon Teaches Typing Deluxe 15\minimavis.exe [2008-04-16 10:30:36 2392064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayyVllI]
yayyVllI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0c\\waol.exe"=
"C:\\Program Files\\America Online 9.0c\\aol.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\throatgasher\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\throatgasher\\counter-strike source\\hl2.exe"=

R2 Gateway Wireless USB-G 2.0;Gateway Wireless USB-G 2.0 Service;C:\Program Files\Gateway USB-G Wireless Monitor\WLService.exe [2003-06-09 13:24]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S3 ADM8511;Belkin USB Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\NET8511.SYS [2000-12-11 23:06]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2008-02-20 23:19]

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
rundll32 sockins32.dll,InitModule
.
Contents of the 'Scheduled Tasks' folder
"2008-05-11 00:51:59 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Ben Nunez.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 16:55:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-15 16:56:18
ComboFix-quarantined-files.txt 2008-05-15 21:56:12

Pre-Run: 180,478,390,272 bytes free
Post-Run: 181,654,863,872 bytes free

292 --- E O F --- 2008-05-14 22:32:43

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:23 PM

Posted 16 May 2008 - 01:48 AM

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new combofix log

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Ati

Ati
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 16 May 2008 - 05:14 PM

Ok, here's the contents of Report.txt:


SDFix: Version 1.182
Run by Ben Nunez on Fri 05/16/2008 at 04:54 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting


Checking Files :

Trojan Files Found:

C:\Program Files\SpyMaxx\SpyMaxx.exe.MANIFEST - Deleted
C:\Program Files\SpyMaxx\stat.bin - Deleted
C:\Program Files\SpyMaxx\uninstall.exe - Deleted
C:\Program Files\SpyMaxx\uninstall.log - Deleted
C:\WINDOWS\index.html - Deleted



Folder C:\Program Files\SpyMaxx - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 16:59:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000064
"TracesSuccessful"=dword:0000000d

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0c\\waol.exe"="C:\\Program Files\\America Online 9.0c\\waol.exe:*:Enabled:America Online 9.0c"
"C:\\Program Files\\America Online 9.0c\\aol.exe"="C:\\Program Files\\America Online 9.0c\\aol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\throatgasher\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\throatgasher\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\throatgasher\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\throatgasher\\counter-strike source\\hl2.exe:*:Enabled:hl2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:America Online 9.0a"
"C:\\Program Files\\America Online 9.0b\\waol.exe"="C:\\Program Files\\America Online 9.0b\\waol.exe:*:Enabled:America Online 9.0b"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0c\\waol.exe"="C:\\Program Files\\America Online 9.0c\\waol.exe:*:Enabled:America Online 9.0c"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 7 May 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
Fri 7 May 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0a\aoltray.exe"
Fri 7 May 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0b\aoltray.exe"
Fri 7 May 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0c\aolphx.exe"
Fri 7 May 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0c\aoltray.exe"
Fri 7 May 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0c\RBM.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 15 Aug 2002 266,240 A..H. --- "C:\Program Files\Broderbund\Mavis Beacon Teaches Typing Deluxe 15\Mavis Beacon Teaches Typing.exe"
Fri 18 Jan 2008 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg"
Fri 18 Jan 2008 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg"
Tue 6 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT82.tmp"

Finished!








And the ComboFix Log:


ComboFix 08-05-15.2 - Ben Nunez 2008-05-16 17:05:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.541 [GMT -5:00]
Running from: C:\Documents and Settings\Ben Nunez\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-16 16:51 . 2008-05-16 16:51 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-16 16:42 . 2008-05-16 17:00 <DIR> d-------- C:\SDFix
2008-05-15 18:40 . 2008-05-15 18:40 <DIR> d-------- C:\WINDOWS\Sun
2008-05-15 18:39 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-15 18:37 . 2008-05-15 18:39 <DIR> d-------- C:\Program Files\Java
2008-05-15 18:37 . 2008-05-15 18:37 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-14 17:00 . 2008-05-14 17:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-14 16:44 . 2008-05-14 16:44 <DIR> d-------- C:\Deckard
2008-05-12 19:25 . 2008-05-12 19:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-05-12 19:24 . 2008-05-12 19:24 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-12 19:24 . 2008-05-12 19:24 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-12 19:24 . 2008-05-16 16:48 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-05-11 18:09 . 2008-05-11 18:09 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-11 18:09 . 2008-05-11 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-11 12:29 . 2008-03-01 08:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-11 12:29 . 2007-04-17 04:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-11 12:29 . 2007-03-08 00:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-11 12:29 . 2008-03-01 08:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-11 12:29 . 2008-03-01 08:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-11 12:29 . 2008-03-01 08:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-11 12:29 . 2008-03-01 08:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-11 12:29 . 2008-03-01 08:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-11 12:29 . 2008-02-22 05:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-10 23:26 . 2008-05-10 23:26 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-10 23:26 . 2008-05-10 23:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-10 23:25 . 2008-05-10 23:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-10 21:02 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-05-10 21:02 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-05-10 21:01 . 2008-05-10 21:01 164 --a------ C:\install.dat
2008-05-10 20:59 . 2008-05-10 20:59 <DIR> d--hs---- C:\Documents and Settings\Ben Nunez\UserData
2008-05-10 19:48 . 2008-05-10 19:48 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-05-10 19:48 . 2008-05-10 19:53 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-05-10 19:47 . 2008-05-10 19:49 <DIR> d-------- C:\Program Files\Symantec
2008-05-10 19:47 . 2008-05-10 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-10 19:47 . 2008-05-10 19:49 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-10 19:47 . 2008-05-10 19:49 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-10 19:47 . 2008-05-10 19:49 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-10 19:47 . 2008-05-10 19:49 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-10 19:36 . 2008-05-11 00:32 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-10 15:54 . 2008-05-10 15:54 57,546 --a------ C:\WINDOWS\promogif3.gif
2008-05-10 15:54 . 2008-05-10 15:54 24,351 --a------ C:\WINDOWS\promogif1.gif
2008-05-10 15:54 . 2008-05-10 15:54 24,066 --a------ C:\WINDOWS\promogif2.gif
2008-05-10 15:54 . 2008-05-10 15:54 1,294 --a------ C:\WINDOWS\homepage.html
2008-05-10 15:54 . 2008-05-10 15:54 507 --a------ C:\WINDOWS\promo6.html
2008-05-10 15:54 . 2008-05-10 15:54 500 --a------ C:\WINDOWS\promo4.html
2008-05-10 15:54 . 2008-05-10 15:54 478 --a------ C:\WINDOWS\promo5.html
2008-05-10 15:54 . 2008-05-10 15:54 283 --a------ C:\WINDOWS\promo3.html
2008-05-10 15:54 . 2008-05-10 15:54 283 --a------ C:\WINDOWS\promo2.html
2008-05-10 15:54 . 2008-05-10 15:54 283 --a------ C:\WINDOWS\promo1.html
2008-05-09 17:19 . 2008-05-09 17:19 <DIR> d-------- C:\Program Files\Valve
2008-05-09 17:07 . 2008-05-09 17:07 <DIR> d-------- C:\Program Files\Eidos Interactive
2008-05-09 15:56 . 2008-05-09 15:56 <DIR> d-------- C:\Program Files\Common Files\HP
2008-05-09 15:56 . 2008-05-09 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-05-09 15:55 . 2008-05-09 15:56 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-05-09 15:54 . 2008-05-09 15:54 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-09 15:53 . 2004-12-14 11:07 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-05-09 15:53 . 2004-12-14 11:07 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-05-09 15:53 . 2004-12-14 11:07 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-05-09 15:52 . 2008-05-09 15:56 <DIR> d-------- C:\Program Files\HP
2008-05-09 15:52 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-09 15:52 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-05-09 15:52 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-05-09 15:52 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-05-09 15:52 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-05-09 15:52 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-05-09 15:52 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-05-09 15:50 . 2008-05-09 15:59 69,386 --a------ C:\WINDOWS\hpoins05.dat
2008-05-09 15:50 . 2004-12-14 11:07 19,696 --------- C:\WINDOWS\hpomdl05.dat
2008-05-09 14:43 . 2008-05-09 14:43 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-05-09 14:40 . 2008-05-09 14:40 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2008-05-04 18:20 . 2008-05-04 18:20 <DIR> d--hs---- C:\Documents and Settings\Lissette Nunez\UserData
2008-05-03 22:16 . 2008-05-14 14:18 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-03 22:16 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-25 17:37 . 2008-04-25 17:37 <DIR> d-------- C:\Program Files\AOL Companion
2008-04-25 17:37 . 2008-04-25 17:37 <DIR> d-------- C:\Install iTunes
2008-04-25 17:37 . 2008-05-10 23:53 <DIR> d-------- C:\Install ICQ
2008-04-25 17:37 . 2008-04-25 17:37 <DIR> d-------- C:\Install AOL Communicator
2008-04-25 17:37 . 2008-04-25 17:37 <DIR> d-------- C:\AOL Instant Messenger
2008-04-25 17:36 . 2008-04-25 17:36 <DIR> d-------- C:\Documents and Settings\Ben Nunez\Application Data\You've Got Pictures Screensaver
2008-04-25 17:35 . 2004-05-07 18:54 153,088 --a------ C:\WINDOWS\system32\jgdwmie.dll
2008-04-25 17:34 . 2008-04-25 17:36 <DIR> d-------- C:\Program Files\Common Files\aolshare
2008-04-25 17:34 . 2008-04-26 18:49 <DIR> d-------- C:\Program Files\America Online 9.0c
2008-04-25 17:33 . 2008-04-25 17:33 <DIR> d-------- C:\Documents and Settings\Ben Nunez\Application Data\Webroot
2008-04-25 17:33 . 2008-04-25 17:33 <DIR> d--h----- C:\Documents and Settings\Ben Nunez\Application Data\Broderbund
2008-04-25 17:33 . 2008-04-25 17:33 <DIR> d-------- C:\Documents and Settings\Ben Nunez\Application Data\AOL
2008-04-25 17:33 . 2008-05-10 20:59 <DIR> d-------- C:\Documents and Settings\Ben Nunez
2008-04-25 17:33 . 2008-05-16 17:08 8,192 --ah----- C:\Documents and Settings\Ben Nunez\ntuser.dat.LOG
2008-04-25 17:29 . 2008-04-25 17:29 2 --a------ C:\WINDOWS\msoffice.ini
2008-04-25 16:45 . 2008-05-11 18:53 95 --a------ C:\WINDOWS\WININIT.INI
2008-04-25 16:38 . 2008-05-09 16:24 <DIR> d-------- C:\Documents and Settings\Ben Nunez\Application Data\ATI
2008-04-25 16:30 . 2008-04-25 16:30 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2008-04-25 16:26 . 2007-04-18 12:19 1,311,202 --a------ C:\WINDOWS\system32\drivers\ativcaxx.cpa
2008-04-25 16:26 . 2007-09-29 05:46 47,376 --a------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2008-04-25 16:26 . 2007-04-18 12:19 2,096 --a------ C:\WINDOWS\system32\drivers\ativdkxx.vp
2008-04-25 16:26 . 2007-05-30 16:43 2,096 --a------ C:\WINDOWS\system32\drivers\ativckxx.vp
2008-04-25 16:26 . 2007-04-18 12:19 929 --a------ C:\WINDOWS\system32\drivers\ativcaxx.vp
2008-04-25 16:25 . 2008-04-25 16:25 <DIR> d-------- C:\Diamond
2008-04-19 17:55 . 2008-04-19 17:55 <DIR> d-------- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\Application Data\Webroot
2008-04-19 17:55 . 2008-04-19 17:55 <DIR> d--h----- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\Application Data\Broderbund
2008-04-19 17:55 . 2008-04-19 17:55 <DIR> d-------- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\Application Data\AOL
2008-04-19 17:55 . 2008-05-15 16:44 <DIR> d-------- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61
2008-04-19 17:55 . 2008-05-16 16:57 1,024 --ah----- C:\Documents and Settings\Juan Nunez.USER-5379B0CC61\ntuser.dat.LOG
2008-04-19 17:43 . 2008-04-19 17:43 <DIR> d-------- C:\Documents and Settings\user\Application Data\Webroot
2008-04-19 17:43 . 2008-04-19 17:43 <DIR> d-------- C:\Documents and Settings\user\Application Data\AOL
2008-04-19 15:25 . 2008-04-25 17:37 <DIR> d-------- C:\aolextras
2008-04-18 21:19 . 2004-08-04 02:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-04-18 21:19 . 2004-08-04 00:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-18 21:19 . 2004-08-04 00:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-18 21:19 . 2001-08-18 00:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-04-18 21:14 . 2008-04-19 15:22 <DIR> d-------- C:\Program Files\America Online 9.0b
2008-04-18 20:05 . 2008-04-18 21:13 <DIR> d-------- C:\Program Files\America Online 9.0a
2008-04-18 19:56 . 2008-04-18 19:56 <DIR> d-------- C:\Program Files\Common Files\aolback
2008-04-18 19:56 . 2008-04-18 19:56 <DIR> d-------- C:\Documents and Settings\Lissette Nunez\Application Data\AOL
2008-04-18 19:56 . 2008-04-25 17:37 715 --a------ C:\WINDOWS\aolback.exe.lnk
2008-04-18 19:55 . 2008-04-25 17:36 <DIR> d-------- C:\WINDOWS\occache
2008-04-18 19:55 . 2008-04-18 19:55 <DIR> d-------- C:\Program Files\Viewpoint
2008-04-18 19:55 . 2008-04-25 17:36 <DIR> d-------- C:\Program Files\Pure Networks
2008-04-18 19:55 . 2008-04-18 19:55 <DIR> d-------- C:\Program Files\Learn2.com
2008-04-18 19:55 . 2008-04-18 19:55 <DIR> d-------- C:\Documents and Settings\Lissette Nunez\Application Data\You've Got Pictures Screensaver
2008-04-18 19:55 . 2008-04-18 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-18 19:55 . 2008-04-18 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-04-18 19:55 . 2004-08-04 07:00 1,483,264 --a------ C:\WINDOWS\system32\shdocvw.bak
2008-04-18 19:55 . 1998-06-26 02:00 644,400 --a------ C:\WINDOWS\system32\MSComCt2.ocx
2008-04-18 19:55 . 2000-05-22 02:00 203,976 --a------ C:\WINDOWS\system32\RichTx32.ocx
2008-04-18 19:55 . 2004-05-07 18:54 173,184 --a------ C:\WINDOWS\system32\ygpss.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 01:14 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-29 08:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 18:33 588,336 ----a-w C:\WINDOWS\system32\ncs2dmix.dll
2008-03-17 18:33 473,648 ----a-w C:\WINDOWS\system32\accesor.dll
2008-03-12 16:09 180,224 ----a-w C:\WINDOWS\system32\Ncs2Setp.dll
2008-03-12 16:01 1,301,040 ----a-w C:\WINDOWS\system32\ncscolib.dll
2008-03-03 17:36 145,968 ----a-w C:\WINDOWS\system32\ncs2instutility.dll
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-15_16.55.55.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-15 20:29:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-16 21:57:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-25 00:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2008-05-13 07:55:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-05-16 21:52:00 3,067,904 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-05-16 21:52:01 147,456 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-05-13 07:55:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-05-16 21:51:50 3,067,904 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-05-16 21:51:51 147,456 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-02-22 06:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-22 06:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 07:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2008-04-06 03:56:22 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-05-10 19:50 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2008-05-09 18:00 1271032]
"Ascb"="C:\WINDOWS\system32\YSTEM3~1\dvdplay.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2007-03-21 10:56 155648]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 19:45 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 14:07 496752]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-04-18 19:53 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-18 19:54 98304]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 16:17 78960]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 10:24 86016 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 15:32 2807808 C:\WINDOWS\ALCWZRD.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 20:47 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-02-07 01:49 718704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0c\aoltray.exe [2008-04-25 17:35:28 156784]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
Personal Coach.lnk - C:\Program Files\Broderbund\Mavis Beacon Teaches Typing Deluxe 15\minimavis.exe [2008-04-16 10:30:36 2392064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayyVllI]
yayyVllI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0c\\waol.exe"=
"C:\\Program Files\\America Online 9.0c\\aol.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\throatgasher\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\throatgasher\\counter-strike source\\hl2.exe"=

R2 Gateway Wireless USB-G 2.0;Gateway Wireless USB-G 2.0 Service;C:\Program Files\Gateway USB-G Wireless Monitor\WLService.exe [2003-06-09 13:24]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S3 ADM8511;Belkin USB Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\NET8511.SYS [2000-12-11 23:06]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2008-02-20 23:19]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-11 00:51:59 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Ben Nunez.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 17:08:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-16 17:08:59
ComboFix-quarantined-files.txt 2008-05-16 22:08:51
ComboFix2.txt 2008-05-15 21:56:19

Pre-Run: 181,246,263,296 bytes free
Post-Run: 181,356,429,312 bytes free

237 --- E O F --- 2008-05-16 20:02:51

Edited by Ati, 16 May 2008 - 05:16 PM.


#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:23 PM

Posted 17 May 2008 - 08:42 AM

These files are suspicious to me. Can you investigate these?

C:\WINDOWS\promogif3.gif
C:\WINDOWS\promogif1.gif
C:\WINDOWS\promogif2.gif
C:\WINDOWS\homepage.html
C:\WINDOWS\promo6.html
C:\WINDOWS\promo4.html
C:\WINDOWS\promo5.html
C:\WINDOWS\promo3.html
C:\WINDOWS\promo2.html
C:\WINDOWS\promo1.html


They are standard html and image files, so you can open them without concern and see what they are.


================



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Ati

Ati
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 19 May 2008 - 06:34 PM

Sorry about a late post, I've been busy. I checked those files and they are images of the "anti-spyware" the infection was advertising me, the websites made attempts to access ActiveX. Here are the results of the scan.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/17/2008 at 01:13 PM

Application Version : 4.0.1154

Core Rules Database Version : 3463
Trace Rules Database Version: 1454

Scan type : Complete Scan
Total Scan Time : 00:47:06

Memory items scanned : 501
Memory threats detected : 0
Registry items scanned : 5008
Registry threats detected : 0
File items scanned : 56341
File threats detected : 56

Adware.Tracking Cookie
C:\Documents and Settings\User1\Cookies\User1@msnportal.112.2o7[1].txt
C:\Documents and Settings\User1\Cookies\User1@digg.112.2o7[1].txt
C:\Documents and Settings\User1\Cookies\User1@ads.sun[2].txt
C:\Documents and Settings\User1\Cookies\User1@doubleclick[1].txt
C:\Documents and Settings\User1\Cookies\User1@ads.bleepingcomputer[2].txt
C:\Documents and Settings\User1\Cookies\User1@richmedia.yahoo[1].txt
C:\Documents and Settings\User1\Cookies\User1@www.levelclick[2].txt
C:\Documents and Settings\User1\Cookies\User1@zango[1].txt
C:\Documents and Settings\User1\Cookies\User1@adbrite[1].txt
C:\Documents and Settings\User1\Cookies\User1@ads.adgoto[1].txt
C:\Documents and Settings\User1\Cookies\User1@optimize.indieclick[2].txt
C:\Documents and Settings\User1\Cookies\User1@glb.adtechus[2].txt
C:\Documents and Settings\User1\Cookies\User1@warnerbros.112.2o7[1].txt
C:\Documents and Settings\User1\Cookies\User1@image.masterstats[1].txt
C:\Documents and Settings\User1\Cookies\User1@4.adbrite[2].txt
C:\Documents and Settings\User1\Cookies\User1@ads.revsci[1].txt
C:\Documents and Settings\User1\Cookies\User1@clicksor[1].txt
C:\Documents and Settings\User1\Cookies\User1@ad2.doublepimp[1].txt
C:\Documents and Settings\User1\Cookies\User1@nba.112.2o7[1].txt
C:\Documents and Settings\User1\Cookies\User1@interclick[2].txt
C:\Documents and Settings\User1\Cookies\User1@revsci[1].txt
C:\Documents and Settings\User1\Cookies\User1@ero-advertising[2].txt
C:\Documents and Settings\User1\Cookies\User1@www8.addfreestats[1].txt
C:\Documents and Settings\User1\Cookies\User1@www4.addfreestats[1].txt
C:\Deckard\System Scanner\20080514165949\backup\WINDOWS\temp\Cookies\User1@antispyspider[1].txt
C:\Deckard\System Scanner\20080514165949\backup\WINDOWS\temp\Cookies\User1@statcounter[2].txt
C:\Documents and Settings\User1\Cookies\User1@glb.adtechus[1].txt
C:\Documents and Settings\User3.USER-5379B0CC61\Cookies\User3@ads.cartoonnetwork[2].txt
C:\Documents and Settings\User3.USER-5379B0CC61\Cookies\User3@ads.freearcade[1].txt
C:\Documents and Settings\User3.USER-5379B0CC61\Cookies\User3@ads.heias[2].txt
C:\Documents and Settings\User3.USER-5379B0CC61\Cookies\User3@hitbox[2].txt
C:\Documents and Settings\User3.USER-5379B0CC61\Cookies\User3@112.2o7[1].txt
C:\Documents and Settings\User3.USER-5379B0CC61\Cookies\User3@adbrite[1].txt
C:\Documents and Settings\User3USER-5379B0CC61\Cookies\User3@ads.vidsense[1].txt
C:\Documents and Settings\User3.USER-5379B0CC61\Cookies\User3@citi.bridgetrack[2].txt
C:\Documents and Settings\User3.USER-5379B0CC61\Cookies\User3@doubleclick[1].txt
C:\Documents and Settings\User3.USER-5379B0CC61\Cookies\User3@eas.apm.emediate[1].txt
C:\Documents and Settings\User3.USER-5379B0CC61\Cookies\User3@interclick[2].txt
C:\Documents and Settings\User3.USER-5379B0CC61\Cookies\User3@linksynergy[1].txt
C:\Documents and Settings\User3USER-5379B0CC61\Cookies\User3@msnportal.112.2o7[1].txt
C:\Documents and Settings\User3.USER-5379B0CC61\Cookies\User3@warnerbros.112.2o7[2].txt
C:\Documents and Settings\User2\Cookies\User2@ads.freearcade[1].txt
C:\Documents and Settings\User2\Cookies\User2@collective-media[2].txt
C:\Documents and Settings\User2\Cookies\User2@glb.adtechus[1].txt
C:\Documents and Settings\User2\Cookies\User2@guptamedia[1].txt
C:\Documents and Settings\User2\Cookies\User2@interclick[2].txt
C:\Documents and Settings\User2\Cookies\User2@partner2profit[2].txt
C:\Documents and Settings\User2\Cookies\User2@amazonbebe.122.2o7[1].txt
C:\Documents and Settings\User2\Cookies\User2@glb.adtechus[1].txt
C:\Documents and Settings\User2\Cookies\User2@paypal.112.2o7[1].txt
C:\Documents and Settings\User2\Cookies\User2@revsci[2].txt

Adware.ClickSpring/Outerinfo
C:\SYSTEM VOLUME INFORMATION\_RESTORE{48DA6CD8-F5F0-4A9B-B764-E9EE59D22323}\RP35\A0011505.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{48DA6CD8-F5F0-4A9B-B764-E9EE59D22323}\RP35\A0011513.EXE

Adware.Vundo Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{48DA6CD8-F5F0-4A9B-B764-E9EE59D22323}\RP35\A0011535.DLL

Rogue.Multi-Dropper/Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{48DA6CD8-F5F0-4A9B-B764-E9EE59D22323}\RP39\A0016118.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{48DA6CD8-F5F0-4A9B-B764-E9EE59D22323}\RP39\A0016123.EXE

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:23 PM

Posted 20 May 2008 - 10:22 AM

I checked those files and they are images of the "anti-spyware" the infection was advertising me, the websites made attempts to access ActiveX.

I suspected that was the case. Please delete those files if you haven't already.

Your scan came up pretty clean. How is your computer behaving now?

Please post a new log from DSS.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Ati

Ati
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 21 May 2008 - 10:22 PM

The infections wallpaper is gone, so are the fake Windows' messages, and the self launching webpages. I dont know if this is a direct or indirect result of the infection, but my Steam games can't be launched anymore and my CD games dont automatically launch either. I'm not sure what that is a sign of anything.

If not, then thanks, I appreciate your help.


Deckard's System Scanner v20071014.68
Run by User1 on 2008-05-21 14:12:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as User1.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:12:50 PM, on 5/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Gateway USB-G Wireless Monitor\WLService.exe
C:\Program Files\America Online 9.0c\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Gateway USB-G Wireless Monitor\WLanG.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing Deluxe 15\minimavis.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User1\Desktop\dss.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\TRENDM~1\HIJACK~1\User~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Ascb] "C:\WINDOWS\system32\YSTEM3~1\dvdplay.exe" -vt yazb
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0c\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Personal Coach.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: yayyVllI - yayyVllI.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Gateway Wireless USB-G 2.0 Service (Gateway Wireless USB-G 2.0) - Unknown owner - C:\Program Files\Gateway USB-G Wireless Monitor\WLService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7715 bytes

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:23 PM

Posted 22 May 2008 - 09:42 AM

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O20 - Winlogon Notify: yayyVllI - yayyVllI.dll (file missing)


Otherwise your log looks clean to me! :)

I don't see anything that would have affected your games as a result of the steps that we took.



Just a few last things and you should be good to go! :thumbsup:


First, your log shows that you don't have the recovery console installed.
Check this link for more info on the recovery console and how to get it installed.

How to install and use the Windows XP Recovery Console



===================



Next, let's remove Combofix now that we're done with it and clean up a few other things.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

    • Posted Image
  • When shown the disclaimer, Select "2"



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :thumbsup:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:23 PM

Posted 14 June 2008 - 11:32 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users