Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Trojan


  • Please log in to reply
1 reply to this topic

#1 angiedenise

angiedenise

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 18 May 2008 - 06:17 PM

Hi.
My computer is infected with a trojan of sorts. I don't know how I got it -- was using Avg, ZoneAlarm, Spybot, and Ad-aware. Uninstalled those programs and reinstalled Norton Protection Center. Norton did not detect anything in the initial scan. I was having pop-ups that told me that my computer is infected with spyware. Those have stopped, but I continue to have a background that states the same thing. Here is my DSS log:

Deckard's System Scanner v20071014.68
Run by Angie Amos on 2008-05-18 16:04:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Angie Amos.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:05:08 PM, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\Angie Amos\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ANGIEA~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\xwusuhzh.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Action Script - Unknown owner - C:\WINDOWS\system32\scvhost.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11295 bytes

-- Files created between 2008-04-18 and 2008-05-18 -----------------------------

2008-05-18 10:31:54 86016 --a------ C:\WINDOWS\system32\YPcservice.exe <Not Verified; Yahoo! Inc.; YPCService Module>
2008-05-18 10:31:54 131072 --a------ C:\WINDOWS\system32\ypclsp.dll <Not Verified; Yahoo! Inc.; Yahoo! YPCLSP>
2008-05-18 10:21:06 0 d-------- C:\Program Files\Symantec
2008-05-18 10:07:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-18 09:02:24 23040 --a------ C:\WINDOWS\mssys.exe
2008-05-18 08:15:06 18176 --a------ C:\WINDOWS\x.exe
2008-05-18 08:15:06 9728 --a------ C:\WINDOWS\notepad32.exe
2008-05-18 08:15:05 11776 --a------ C:\WINDOWS\msupdate.exe
2008-05-18 08:15:05 29184 --a------ C:\WINDOWS\loader.exe
2008-05-18 08:15:05 17920 --a------ C:\WINDOWS\iedll.exe
2008-05-18 00:50:52 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-17 14:00:40 12544 --a------ C:\WINDOWS\y.exe
2008-05-17 14:00:40 25600 --a------ C:\WINDOWS\xplugin.dll
2008-05-17 14:00:40 12800 --a------ C:\WINDOWS\winmgnt.exe
2008-05-17 14:00:40 13568 --a------ C:\WINDOWS\window.exe
2008-05-17 14:00:40 26112 --a------ C:\WINDOWS\winajbm.dll
2008-05-17 14:00:39 32000 --a------ C:\WINDOWS\win64.exe
2008-05-17 14:00:39 26368 --a------ C:\WINDOWS\win32e.exe
2008-05-17 14:00:39 15872 --a------ C:\WINDOWS\waol.exe
2008-05-17 14:00:39 9472 --a------ C:\WINDOWS\users32.exe
2008-05-17 14:00:38 12032 --a------ C:\WINDOWS\time.exe
2008-05-17 14:00:38 19968 --a------ C:\WINDOWS\systemcritical.exe
2008-05-17 14:00:38 18432 --a------ C:\WINDOWS\systeem.exe
2008-05-17 14:00:38 9216 --a------ C:\WINDOWS\svcinit.exe
2008-05-17 14:00:38 13056 --a------ C:\WINDOWS\svchost32.exe
2008-05-17 14:00:38 18688 --a------ C:\WINDOWS\sistem.exe
2008-05-17 14:00:38 10752 --a------ C:\WINDOWS\searchword.dll
2008-05-17 14:00:38 19712 --a------ C:\WINDOWS\rundll16.exe
2008-05-17 14:00:38 15360 --a------ C:\WINDOWS\quicken.exe
2008-05-17 14:00:37 25600 --a------ C:\WINDOWS\qttasks.exe
2008-05-17 14:00:37 26368 --a------ C:\WINDOWS\olehelp.exe
2008-05-17 14:00:37 14080 --a------ C:\WINDOWS\mtwirl32.dll
2008-05-17 14:00:37 8448 --a------ C:\WINDOWS\mswsc20.dll
2008-05-17 14:00:37 23040 --a------ C:\WINDOWS\mswsc10.dll
2008-05-17 14:00:36 27648 --a------ C:\WINDOWS\msspi.dll
2008-05-17 14:00:36 19456 --a------ C:\WINDOWS\msconfd.dll
2008-05-17 14:00:35 18176 --a------ C:\WINDOWS\internet.exe
2008-05-17 14:00:35 19456 --a------ C:\WINDOWS\inetinf.exe
2008-05-17 14:00:35 27904 --a------ C:\WINDOWS\iexplorer.exe
2008-05-17 14:00:34 17664 --a------ C:\WINDOWS\helpcvs.exe
2008-05-17 14:00:34 11008 --a------ C:\WINDOWS\gfmnaaa.dll
2008-05-17 14:00:34 27136 --a------ C:\WINDOWS\funny.exe
2008-05-17 14:00:34 30976 --a------ C:\WINDOWS\funniest.exe
2008-05-17 14:00:33 29696 --a------ C:\WINDOWS\explorer32.exe
2008-05-17 14:00:33 15360 --a------ C:\WINDOWS\explore.exe
2008-05-17 14:00:33 12288 --a------ C:\WINDOWS\editpad.exe
2008-05-17 14:00:33 8960 --a------ C:\WINDOWS\dnsrelay.dll
2008-05-17 14:00:33 19200 --a------ C:\WINDOWS\directx32.exe
2008-05-17 14:00:33 24064 --a------ C:\WINDOWS\ctrlpan.dll
2008-05-17 14:00:33 23552 --a------ C:\WINDOWS\ctfmon32.exe
2008-05-17 14:00:32 30464 --a------ C:\WINDOWS\cpan.dll
2008-05-17 14:00:32 11520 --a------ C:\WINDOWS\clrssn.exe
2008-05-17 14:00:32 17408 --a------ C:\WINDOWS\avpcc.dll
2008-05-17 14:00:31 23552 --a------ C:\WINDOWS\accesss.exe
2008-05-17 12:48:13 0 d-------- C:\WINDOWS\system32\dFrnx06
2008-05-17 12:48:12 0 d-------- C:\Temp
2008-05-17 12:47:33 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-04-30 09:19:30 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-30 09:19:19 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-04-30 09:12:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-30 09:04:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-30 08:47:47 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-30 08:47:20 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-30 08:46:49 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-04-30 08:44:28 0 d-------- C:\WINDOWS\Internet Logs
2008-04-30 08:32:15 0 d-------- C:\Documents and Settings\Angie Amos\Application Data\AVGTOOLBAR
2008-04-30 08:31:52 0 d-------- C:\Program Files\AVG
2008-04-26 14:58:52 0 dr-h----- C:\Documents and Settings\Angie Amos\Recent
2008-04-26 02:05:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-04-26 02:05:28 0 d-------- C:\Documents and Settings\Angie Amos\Application Data\Roxio
2008-04-26 01:53:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-04-26 01:50:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-04-26 01:14:00 256 --a------ C:\Documents and Settings\Angie Amos\pool.bin
2008-04-26 01:07:51 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-04-25 13:39:10 0 d--hs---- C:\WINDOWS\ftpcache
2008-04-23 06:24:48 0 d-------- C:\WINDOWS\SxsCaPendDel


-- Find3M Report ---------------------------------------------------------------

2008-05-18 16:04:38 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-18 10:38:56 0 d-------- C:\Program Files\Common Files
2008-05-18 10:31:54 0 d-------- C:\Program Files\Yahoo!
2008-05-11 09:06:15 5018 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-11 09:06:15 104 -r-hs---- C:\WINDOWS\system32\AEB55C9F59.sys
2008-04-27 16:58:46 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-04-27 14:58:03 697 --a------ C:\Documents and Settings\Angie Amos\Application Data\AdobeDLM.log
2008-04-23 06:03:27 0 d-------- C:\Documents and Settings\Angie Amos\Application Data\Adobe
2008-04-20 07:56:07 0 d-------- C:\Program Files\QuickTime
2008-04-20 07:56:07 0 d-------- C:\Program Files\Messenger
2008-04-20 07:56:06 0 d-------- C:\Program Files\iTunes
2008-04-20 07:56:06 0 d-------- C:\Program Files\DellSupport
2008-04-20 07:56:06 0 d-------- C:\Program Files\2Wire
2008-04-11 06:29:24 0 d-------- C:\Program Files\Trend Micro
2008-04-09 13:27:18 0 d-------- C:\Program Files\iPod
2008-04-09 05:49:59 0 d-------- C:\Program Files\LimeWire
2008-04-09 05:36:28 0 d-------- C:\Program Files\Common Files\Scanner
2008-04-07 23:35:43 1172 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-07 05:56:36 0 d-------- C:\Program Files\Common Files\iS3
2008-04-07 05:50:05 0 d-------- C:\Documents and Settings\Angie Amos\Application Data\SUPERAntiSpyware.com
2008-04-07 05:49:39 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-04 23:49:13 0 d-------- C:\Documents and Settings\Angie Amos\Application Data\LimeWire
2008-03-28 23:19:34 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-26 08:50:45 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-20 02:26:29 0 d-------- C:\Program Files\Bonjour
2008-03-20 02:19:48 0 d-------- C:\Program Files\Apple Software Update
2008-03-20 02:17:55 0 d-------- C:\Program Files\Common Files\Apple
2008-03-19 02:47:00 1845248 --a------ C:\WINDOWS\system32\win32k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [10/26/2007 03:42 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 10:59 PM]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 12:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 06:43 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [12/27/2005 5:22:03 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [12/27/2005 5:18:19 PM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [6/2/2006 5:29:26 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\xwusuhzh.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

*Newly Created Service* - AUTOMATIC_LIVEUPDATE_SCHEDULER
*Newly Created Service* - COMHOST
*Newly Created Service* - ERASERUTILREBOOTDRV
*Newly Created Service* - LIVEUPDATE



-- End of Deckard's System Scanner: finished at 2008-05-18 16:06:02 ------------

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:47 PM

Posted 13 June 2008 - 07:54 PM

Hello angiedenise

Welcome to BleepingComputer :thumbsup:
========================
If you are still in need of assistance please post a new dss log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users