Vincent - THANK YOU for all your help thus far! Removed SpyHunter since it was causing problems before I ran SDFix; ran SDFix then rebooted; ran ComboFix the rebooted before I generated the HijackThis app. Shut down went very smooth but start up was a little on the slow side. Also this is the second time I posted since IE locked the first time. Attached are all the logs....so how are we doing? George
SDFix: Version 1.220
Run by georgez on Sun 08/31/2008 at 08:57 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Name :
macidwe
tdxdowkc
Path :
C:\WINDOWS\system32\macidwe.exe
C:\WINDOWS\system32\tdxdowkc.exe
macidwe - Deleted
tdxdowkc - Deleted
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\atsxyzd.sys - Deleted
C:\WINDOWS\system32\comsa32.sys - Deleted
C:\WINDOWS\system32\macidwe.exe - Deleted
C:\WINDOWS\system32\tdxdowkc.exe - Deleted
Folder C:\Documents and Settings\georgez\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w .redtube.com - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-08-31 09:09:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="alockout.dll"
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"LoadAppInit_DLLs"=dword:00000001
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.EXE"="C:\\Pro gram Files\\Symantec\\pcAnywhere\\WINAW32.EXE:*:Enabled
cAnywhere Main Program"
"C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"="C:\\
Pr ogram Files\\Symantec\\pcAnywhere\\AWHOST32.EXE:*:Enable d
cAnywhere Host Service"
"C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"="C:\\Pro gram Files\\Symantec\\pcAnywhere\\awrem32.exe:*:Enabled
cAnywhere Remote Service"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\ \Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Ena bled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Progra m Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Ya hoo! FT Server"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.EXE"="C:\\Pro gram Files\\Symantec\\pcAnywhere\\WINAW32.EXE:*:Enabled
cAnywhere Main Program"
"C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"="C:\\
Pr ogram Files\\Symantec\\pcAnywhere\\AWHOST32.EXE:*:Enable d
cAnywhere Host Service"
"C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"="C:\\Pro gram Files\\Symantec\\pcAnywhere\\awrem32.exe:*:Enabled
cAnywhere Remote Service"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Intelore\\Word Password Recovery\\WordPasswordRecovery.exe"="C:\\Program Files\\Intelore\\Word Password Recovery\\WordPasswordRecovery.exe:*:Enabled:Word Password Recovery"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Tue 23 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 2 Nov 2007 58,368 A..H. --- "C:\Huff\A - Me (2)\Future\Now\~WRL1026.tmp"
Fri 2 Nov 2007 58,368 A..H. --- "C:\Huff\Light (Feb 11)\Future\Now\~WRL1026.tmp"
Fri 2 Nov 2007 58,368 A..H. --- "C:\Huff\Light (Feb 13)\Future\Now\~WRL1026.tmp"
Wed 27 Feb 2002 129,536 A..H. --- "C:\IT Support\Tech Support\Documentation\Reports\~WRL0003.tmp"
Fri 18 Jan 2008 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg"
Fri 18 Jan 2008 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg"
Sat 26 Jul 2008 170,496 ...H. --- "C:\Documents and Settings\zalepa\Application Data\Microsoft\Templates\~WRL0046.tmp"
Thu 8 May 2008 55,296 ...H. --- "C:\Documents and Settings\zalepa\Application Data\Microsoft\Word\~WRL3751.tmp"
Sun 9 Sep 2007 72,740 A..H. --- "C:\Huff\A - Me (2)\Future\Personal\Older\~WRL1472.tmp"
Sun 9 Sep 2007 72,740 A..H. --- "C:\Huff\Light (Feb 13)\Future\Personal\Older\~WRL1472.tmp"
Sun 9 Sep 2007 72,740 A..H. --- "C:\Huff\A - Me (2)\Look\Copy (Oct 23)\Personal\Older\~WRL1472.tmp"
Finished!
ComboFix 08-08-30.03 - georgez 2008-08-31 9
30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.547 [GMT -4:00]
Running from: C:\Documents and Settings\georgez\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\zalepa\Application Data\macromedia\Flash Player\#SharedObjects\67S3YXRC\bin.clearspring.com
C:\Documents and Settings\zalepa\Application Data\macromedia\Flash Player\#SharedObjects\67S3YXRC\bin.clearspring.com \clearspring.sol
C:\Documents and Settings\zalepa\Application Data\macromedia\Flash Player\#SharedObjects\67S3YXRC\interclick.com
C:\Documents and Settings\zalepa\Application Data\macromedia\Flash Player\#SharedObjects\67S3YXRC\interclick.com\ud.s ol
C:\Documents and Settings\zalepa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin .clearspring.com
C:\Documents and Settings\zalepa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin .clearspring.com\settings.sol
C:\Documents and Settings\zalepa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#int erclick.com
C:\Documents and Settings\zalepa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#int erclick.com\settings.sol
C:\Documents and Settings\zalepa\Cookies\zalepa@personals.yahoo[2].txt
C:\Documents and Settings\zalepa\Cookies\zalepa@sts.blr[2].txt
C:\Documents and Settings\zalepa\Cookies\zalepa@vendorweb.citibank[2].txt
C:\Documents and Settings\zalepa\Cookies\zalepa@webr.harley-davidson[1].txt
C:\Documents and Settings\zalepa\Cookies\zalepa@www-t.homescape[1].txt
C:\Documents and Settings\zalepa\Cookies\zalepa@www.sandals[1].txt
C:\test.txt
C:\WINDOWS\Install.txt
C:\WINDOWS\system32\afisicx.exe
C:\WINDOWS\system32\atsxyzd.sys
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\drivers\secdrv.sys
C:\WINDOWS\system32\Install.txt
C:\WINDOWS\system32\macidwe.exe
C:\WINDOWS\system32\mywfhit.ini
C:\WINDOWS\system32\mywfhit.ini.tmp
C:\WINDOWS\system32\noxtcyr.exe
C:\WINDOWS\system32\roxtctm.exe
C:\WINDOWS\system32\rtl60.bpl
C:\WINDOWS\system32\sotpeca.exe
C:\WINDOWS\system32\tdxdowkc.exe
C:\WINDOWS\system32\wsldoekd.exe
C:\WINDOWS\tawisys.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AFISICX
-------\Legacy_INTERNET_SERVICE
-------\Legacy_MACIDWE
-------\Legacy_MSSERVICE
-------\Legacy_NOXTCYR
-------\Legacy_PANDRV
-------\Legacy_ROXTCTM
-------\Legacy_SOTPECA
-------\Legacy_TDXDOWKC
-------\Legacy_WSLDOEKD
-------\Service_afisicx
-------\Service_macidwe
-------\Service_noxtcyr
-------\Service_roxtctm
-------\Service_sotpeca
-------\Service_tdxdowkc
-------\Service_wsldoekd
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-31 )))))))))))))))))))))))))))))))
.
2008-08-31 09:56 . 2008-08-31 09:56 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-08-31 08:52 . 2008-08-31 08:53 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-31 08:51 . 2008-08-31 09:12 <DIR> d-------- C:\SDFix
2008-08-31 07:23 . 2008-08-31 07:23 2,560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-08-30 13:00 . 2008-08-30 13:30 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-30 13:00 . 2008-08-30 13:00 <DIR> d-------- C:\Documents and Settings\georgez\Application Data\Malwarebytes
2008-08-30 13:00 . 2008-08-30 13:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-30 13:00 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-30 13:00 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-30 06:31 . 2008-08-31 09:14 62,464 --a------ C:\WINDOWS\system32\msgdsr.exe
2008-08-29 19:48 . 2008-08-29 19:49 <DIR> d-------- C:\TEMP\SpyHunter
2008-08-29 12:25 . 2008-08-29 12:25 <DIR> d-------- C:\Program Files\Garmin GPS Plugin
2008-08-29 11:30 . 2008-08-29 11:54 <DIR> d-------- C:\Documents and Settings\georgez\Application Data\Yahoo!
2008-08-29 10:49 . 2008-08-29 10:49 <DIR> d-------- C:\Documents and Settings\zalepa\Application Data\Yahoo!
2008-08-29 10:49 . 2008-08-29 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-29 10:17 . 2008-08-29 10:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-29 10:11 . 2008-08-29 10:16 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-29 10:04 . 2008-08-29 10:03 5,029,888 --a------ C:\WINDOWS\system32\BCMWLCPL.CPL
2008-08-29 10:04 . 2008-08-29 10:03 2,682,880 --a------ C:\WINDOWS\system32\vcredist_x86.exe
2008-08-29 10:04 . 2008-06-02 11:42 2,220,032 --a------ C:\WINDOWS\system32\WLTRAY.EXE
2008-08-29 10:04 . 2008-06-02 11:42 286,720 --a------ C:\WINDOWS\system32\bcmwlu00.exe
2008-08-29 10:04 . 2008-06-02 11:42 143,360 --a------ C:\WINDOWS\system32\preflib.dll
2008-08-29 10:04 . 2008-06-02 11:42 143,360 --a------ C:\WINDOWS\system32\bcmwlapi.dll
2008-08-29 10:04 . 2008-06-02 11:42 69,632 --a------ C:\WINDOWS\system32\bcmwlpkt.dll
2008-08-29 10:04 . 2008-06-02 11:42 65,536 --a------ C:\WINDOWS\system32\wltrynt.dll
2008-08-29 10:04 . 2008-06-02 11:42 33,664 --a------ C:\WINDOWS\system32\drivers\BCMWLNPF.SYS
2008-08-29 10:04 . 2008-06-02 11:42 416 --a------ C:\WINDOWS\system32\vcredist_x86.bat
2008-08-29 09:40 . 2008-08-29 09:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-28 20:08 . 2008-08-28 20:08 <DIR> d-------- C:\Documents and Settings\georgez\Application Data\GARMIN
2008-08-28 16:59 . 2008-08-28 16:59 <DIR> d-------- C:\Documents and Settings\georgez\Application Data\Symantec
2008-08-28 16:04 . 2008-05-01 10:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-28 15:53 . 2008-07-18 22:10 53,448 --a------ C:\WINDOWS\system32\wuauclt.exe
2008-08-28 15:53 . 2008-07-18 22:10 53,448 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-08-28 15:36 . 2008-08-28 15:36 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-08-28 15:34 . 2008-08-28 15:37 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-08-28 14:18 . 2008-08-28 14:18 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Symantec
2008-08-28 14:14 . 2008-08-28 14:14 51 --a------ C:\WINDOWS\WFXDEL.BAT
2008-08-28 14:13 . 2006-08-25 11:45 617,472 --a------ C:\WINDOWS\system32\COMCTL32.NU6
2008-08-28 14:12 . 1998-04-24 20:08 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-08-28 14:09 . 2008-08-28 14:43 <DIR> d-------- C:\Program Files\Norton SystemWorks
2008-08-28 14:09 . 2008-08-28 15:42 <DIR> d-------- C:\Documents and Settings\zalepa\Application Data\Symantec
2008-08-28 13:50 . 2008-08-28 13:50 <DIR> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-08-28 12:25 . 2004-08-04 06:00 388,608 --a------ C:\WINDOWS\system32\tmpacj1.exe
2008-08-28 12:24 . 2008-08-28 15:37 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-28 12:24 . 2008-08-28 15:37 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-28 08:43 . 2008-08-28 08:43 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-08-27 08:22 . 2008-08-27 08:22 <DIR> d-------- C:\WINDOWS\system32\vmm32
2008-08-26 19:11 . 2004-08-04 03:56 46,080 --a------ C:\WINDOWS\system32\dllcache\wab.exe
2008-08-26 11:50 . 2008-08-26 11:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-08-25 19:18 . 2008-08-25 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-08-25 11:05 . 2008-08-30 13:30 <DIR> d-------- C:\WINDOWS\system32\inf
2008-08-19 21:14 . 2008-08-19 21:14 557,056 --a------ C:\Documents and Settings\zalepa\GoToAssist_phone__317_en.exe
2008-08-15 11:55 . 2008-08-15 11:58 <DIR> d-------- C:\TEMP\Toshiba Drivers
2008-08-14 10:00 . 2008-08-14 10:00 <DIR> d-------- C:\Documents and Settings\georgez\Application Data\Webshots
2008-08-14 08:40 . 2008-08-14 08:57 <DIR> d-------- C:\TEMP\Dell 380 Drivers
2008-08-14 08:01 . 2008-08-14 08:19 <DIR> d-------- C:\TEMP\Dell 620 Drivers
2008-08-12 11:59 . 2008-08-12 12:07 <DIR> d-------- C:\TEMP\iTunes
2008-08-12 11:33 . 2008-08-12 11:33 <DIR> d-------- C:\TEMP\M4A to MP3
2008-08-11 11:19 . 2008-08-11 11:20 159,447 --a------ C:\contacts.CSV
2008-08-06 08:52 . 2008-08-06 08:53 <DIR> d-------- C:\IT Support
2008-07-27 21:06 . 2008-07-27 21:06 <DIR> d-------- C:\Program Files\AWS
2008-07-27 21:06 . 2008-07-27 21:06 <DIR> d-------- C:\Documents and Settings\zalepa\Application Data\WeatherBug
2008-07-25 22:36 . 2008-07-25 22:37 <DIR> d-------- C:\TEMP\PM
2008-07-21 18:36 . 2008-07-21 18:36 <DIR> d-------- C:\Program Files\Belarc
2008-07-21 18:36 . 2008-02-27 13:49 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-07-21 18:33 . 2008-07-21 18:34 <DIR> d-------- C:\TEMP\Belarc Advisor System Management Tool
2008-07-17 15:30 . 2008-07-17 15:30 <DIR> d-------- C:\Documents and Settings\georgez\Application Data\Search Settings
2008-07-17 15:21 . 2008-07-17 15:21 <DIR> d-------- C:\Documents and Settings\georgez\Application Data\Dealio
2008-07-15 10:46 . 2008-07-15 10:46 <DIR> d-------- C:\Program Files\Search Settings
2008-07-15 10:46 . 2008-07-15 10:46 <DIR> d-------- C:\Documents and Settings\zalepa\Application Data\Search Settings
2008-07-15 10:44 . 2008-07-15 10:45 <DIR> d-------- C:\Program Files\Dealio
2008-07-15 10:44 . 2008-07-15 10:45 <DIR> d-------- C:\Documents and Settings\zalepa\Application Data\Dealio
2008-07-15 10:44 . 2006-11-18 11:38 200,704 --a------ C:\WINDOWS\system32\vbalExpBar6.ocx
2008-07-15 10:44 . 1998-07-13 17:53 44,544 --a------ C:\WINDOWS\system32\GIF89.DLL
2008-07-15 10:43 . 2008-07-25 17:35 <DIR> d-------- C:\Program Files\Free Easy Burner
2008-07-07 16:32 . 2008-07-07 16:32 253,952 --------- C:\WINDOWS\system32\dllcache\es.dll
2008-07-07 10:38 . 2008-07-07 10:38 <DIR> dr------- C:\TEMP\Favorites
2008-07-01 09:43 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-01 09:43 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-01 09:24 . 2008-07-01 09:24 <DIR> d-------- C:\Documents and Settings\georgez\Application Data\Webroot
2008-07-01 09:23 . 2008-08-28 07:50 <DIR> d-------- C:\Documents and Settings\georgez\Application Data\Wave Systems Corp
2008-07-01 09:23 . 2007-09-27 03:05 <DIR> d-------- C:\Documents and Settings\georgez\Application Data\InstallShield
2008-07-01 09:23 . 2008-07-01 09:23 <DIR> d-------- C:\Documents and Settings\georgez\Application Data\Dell
2008-07-01 09:23 . 2008-08-28 19:02 <DIR> d-------- C:\Documents and Settings\georgez
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-08-31 14:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-30 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-29 18:24 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-29 14:46 --------- d-----w C:\Program Files\Webshots
2008-08-29 14:20 --------- d-----w C:\Program Files\EasyGPS
2008-08-28 20:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-28 19:37 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-28 19:37 --------- d-----w C:\Program Files\Symantec
2008-08-28 16:08 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-08-25 15:34 --------- d-----w C:\Documents and Settings\zalepa\Application Data\Wave Systems Corp
2008-08-12 15:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-03 02:54 --------- d-----w C:\Program Files\Google
2008-07-30 21:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 21:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 21:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-17 19:45 --------- d-----w C:\Program Files\Java
2008-03-25 17:19 1,024 ----a-w C:\Documents and Settings\All Users\Application Data\sowdp88.dat
2007-10-12 22:06 60,968 ----a-w C:\Documents and Settings\admin\GoToAssistDownloadHelper.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-10-05 11:49 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-04-15 22:49 159744]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-31 16:50 8429568]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2007-05-31 16:50 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-05-14 15:23 1191936]
"Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2007-01-30 16:32 102400]
"SecureUpgrade"="C:\Program Files\Wave Systems Corp\SecureUpgrade.exe" [2007-01-22 12:53 212992]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2008-06-02 11:42 2220032]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 15:05 282624]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 18:23 118784]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 06:00 143360]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 09:00 1116920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"Venturi Configurator"="C:\Program Files\Venturi Client\Configurator\ventcfg.exe" [2006-01-20 13:26 933997]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2007-08-31 11:48 262144]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2007-08-07 14:49 348160]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 02:08 483328]
"au"="C:\Program Files\Dealio\DealioAU.exe" [2008-05-26 19:50 595296]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2008-06-12 16:57 991584]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 21:47 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-02-07 02:49 718704]
"nwiz"="nwiz.exe" [2007-05-31 16:50 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-05-31 16:50 67584 C:\WINDOWS\system32\nvhotkey.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 00:26 303104 C:\WINDOWS\stsystra.exe]
C:\Documents and Settings\zalepa\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-10-14 08:55:34 157000]
C:\Documents and Settings\georgez\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-10-14 08:55:34 157000]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe [2008-01-03 12:22:31 25214]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-09-27 03:06:52 50688]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-04 18:49:12 124400]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-10-12 13:28:05 122880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=alockout.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2008-01-04 20:56 5367664 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.EXE"=
"C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"=
"C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 PBADRV;PBADRV;C:\WINDOWS\system32\DRIVERS\PBADRV.s ys [2006-08-28 16:00]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLAR TL_M.SYS [2006-08-11 10:35]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 15:21]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 21:47]
R2 MSSQL$ADPDB;MSSQL$ADPDB;C:\Adp\MSDE\MSSQL$ADPDB\Bi nn\sqlservr.exe [2002-12-17 17:26]
R2 VenturiClient;Venturi Client;C:\Program Files\Venturi Client\Client\ventc.exe [2006-01-20 13:24]
R2 Wave UCSPlus;Wave UCSPlus;C:\WINDOWS\system32\dllhost.exe [2004-08-04 06:00]
R3 DXEC01;DXEC01;C:\WINDOWS\system32\drivers\dxec01.s ys [2006-11-02 13:32]
S2 msdspsd;Windows Video Device Management Service;C:\WINDOWS\system32\msdsp.exe [2004-08-04 06:00]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mo n.sys [2008-07-30 17:42]
S3 PTDCBus;PANTECH PC Card Composite Device Driver (UDP);C:\WINDOWS\system32\DRIVERS\PTDCBus.sys [2007-04-01 06:45]
S3 PTDCMdm;PANTECH PC Card Drivers (UDP);C:\WINDOWS\system32\DRIVERS\PTDCMdm.sys [2007-04-01 06:45]
S3 PTDCVsp;PANTECH PC Card Diagnostic Serial Port (UDP);C:\WINDOWS\system32\DRIVERS\PTDCVsp.sys [2007-04-01 06:45]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;C:\WINDOWS\system32\DRIVERS\PTDCWWAN.sys [2007-04-30 20:30]
S3 SecureStorageService;SecureStorageService;C:\Progr am Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2007-01-29 22:59]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-09-05 14:48]
S3 SQLAgent$ADPDB;SQLAgent$ADPDB;C:\Adp\MSDE\MSSQL$AD PDB\Binn\sqlagent.EXE [2002-12-17 17:23]
S4 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe []
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2008-08-28 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Zalepa.job
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 10:05]
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
Notify-NavLogon - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
O8 -: Compare Prices with &Dealio - C:\Documents and Settings\georgez\Application Data\Dealio\kb127\res\DealioSearch.html
O8 -: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{2157FE05-FAAC-4371-BF29-5257A7ACC1B3}: NameServer = 192.168.0.2,192.168.0.1
O16 -: {06D59DC6-5304-432D-A1CE-67E531410F9F} - hxxp://appserver1/BusinessPortal/UI/ResultViewer/Scripts/MBFWebBehaviors.cab
C:\WINDOWS\Downloaded Program Files\MBFWebBehaviors.inf
C:\WINDOWS\system32\MSVCR71.DLL
C:\WINDOWS\Downloaded Program Files\MBFWebBehaviors.dll
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-08-31 10:08:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\stacsv.exe
C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Venturi Client\squid\squid.exe
C:\Program Files\Venturi Client\squid\dnsserver.exe
C:\Program Files\Venturi Client\squid\dnsserver.exe
C:\Program Files\Venturi Client\squid\dnsserver.exe
C:\Program Files\Venturi Client\squid\dnsserver.exe
C:\Program Files\Venturi Client\squid\dnsserver.exe
C:\Program Files\Venturi Client\squid\unlinkd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\hidfind.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrodist.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
.
************************************************** ************************
.
Completion time: 2008-08-31 10:15:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-31 14:14:59
Pre-Run: 62,387,486,720 bytes free
Post-Run: 63,372,771,328 bytes free
342 --- E O F --- 2008-08-30 07:00:42
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10
03 AM, on 8/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\afisicx.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\macidwe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Adp\MSDE\MSSQL$ADPDB\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\noxtcyr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\roxtctm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\sotpeca.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\tdxdowkc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Venturi Client\Client\ventc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Venturi Client\squid\squid.exe
C:\Program Files\Venturi Client\squid\dnsserver.exe
C:\Program Files\Venturi Client\squid\dnsserver.exe
C:\Program Files\Venturi Client\squid\dnsserver.exe
C:\Program Files\Venturi Client\squid\dnsserver.exe
C:\Program Files\Venturi Client\squid\dnsserver.exe
C:\Program Files\Venturi Client\squid\unlinkd.exe
C:\WINDOWS\system32\wsldoekd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Venturi Client\Configurator\ventcfg.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
Dell Start Page
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [NVHotkey] "rundll32.exe" nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] "C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe"
O4 - HKLM\..\Run: [SecureUpgrade] "C:\Program Files\Wave Systems Corp\SecureUpgrade.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Synchronization Manager] "C:\WINDOWS\system32\mobsync.exe" /logon
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe " -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Venturi Configurator] "C:\Program Files\Venturi Client\Configurator\ventcfg.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [au] "C:\Program Files\Dealio\DealioAU.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - S-1-5-18 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\georgez\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O10 - Unknown file in Winsock LSP: vwlsp.dll
O16 - DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} (CHListFactory Object) -
http://appserver1/BusinessPortal/UI/...bBehaviors.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) -
http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/wind...?1191599400108
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) -
https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
https://solium.webex.com/client/T25L/webex/ieatgpc.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) -
https://wc.wachovia.com/common/cab/ikcntrls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2157FE05-FAAC-4371-BF29-5257A7ACC1B3}: NameServer = 192.168.0.2,192.168.0.1
O20 - AppInit_DLLs: alockout.dll
O23 - Service: afisicx Co. Ltd. (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: macidwe Settings storage service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe
O23 - Service: Windows Video Device Management Service (msdspsd) - Unknown owner - C:\WINDOWS\system32\msdsp.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: noxtcyr Co. Ltd. (noxtcyr) - Unknown owner - C:\WINDOWS\system32\noxtcyr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: roxtctm Manages messages (roxtctm) - Unknown owner - C:\WINDOWS\system32\roxtctm.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: sotpeca Event propagation service (sotpeca) - Unknown owner - C:\WINDOWS\system32\sotpeca.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: tdxdowkc Manages messages (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe
O23 - Service: Venturi Client (VenturiClient) - Venturi Wireless - C:\Program Files\Venturi Client\Client\ventc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: wsldoekd Settings storage service (wsldoekd) - Unknown owner - C:\WINDOWS\system32\wsldoekd.exe
--
End of file - 17703 bytes
George
