Trying to regain full control

Bo. · November 13, 2007

I was recently infected by AVSystemCare, with a combination of TrojanRemover, Spybot and Norton, I was able to get most of the issues solved, but I am still locked out of all functions my control panel, when I try to do anything it tells me that my action has been restricted and speak to my Admin. But this is a personal laptop. And if I do reboot in Safe Mode, and login in as Admin, it tell me the same, any help would be greatly appreciated, here is the HiJack Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:31:53 PM, on 11/13/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\basfipm.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1191782494\ee\AOLSoftware.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {007BA776-0156-45B4-9F0D-F9F956E9C81F} (stmpartners_pcl.stmpartners_pcl_ctl) - https://old.stmpartners.com/webdocs/stmpartners_PCL.CAB

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/oneclickfix/tgctlsr.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab

O16 - DPF: {504ECB49-969A-4F10-B5E8-881191072413} (Image Uploader 3.0 Control) - http://heritagemakers.com/publisher/ImageUploader.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--

End of file - 10008 bytes

JeanInMontana · November 14, 2007

Hi Bo. and welcome to Malwarebytes.

1. Download this file :

http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:

Do not mouseclick combofix's window while its running. That may cause it to stall

Bo. · November 15, 2007

Thanks for the help, Jean!

Here is the Combo Fix Log:

ComboFix 07-11-08.1 - Bo Baber 2007-11-14 18:33:22.1 - NTFSx86

Running from: C:\Documents and Settings\Bo Baber\Local Settings\Temporary Internet Files\Content.IE5\3FHURE8G\ComboFix[1].exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\mraerea.exe

C:\WINDOWS\system32\drivers\fad.sys

C:\WINDOWS\system32\printer.exe

.

((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 )))))))))))))))))))))))))))))))

.

2007-11-14 18:32 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-11-05 19:43 <DIR> d-------- C:\Documents and Settings\Bo Baber\Application Data\vlc

2007-11-05 19:41 <DIR> d-------- C:\Program Files\VideoLAN

2007-11-04 12:03 <DIR> d-------- C:\Program Files\Brighter Minds Media

2007-10-29 17:57 <DIR> d-------- C:\family tree 2008

2007-10-29 09:54 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL

2007-10-29 09:52 <DIR> d-------- C:\Program Files\Print Workshop 2006 LE

2007-10-25 06:01 286,720 --a------ C:\WINDOWS\iun506.exe

2007-10-25 05:58 <DIR> d-------- C:\Program Files\eGames

2007-10-23 09:17 <DIR> d-------- C:\Program Files\LEGO Media

2007-10-18 09:23 <DIR> d-------- C:\hegames

2007-10-15 13:41 <DIR> d-------- C:\Program Files\ROBO Master

2007-10-15 13:37 <DIR> d-------- C:\WINDOWS\QK2007

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-15 00:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2007-11-14 14:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-11-13 18:31 --------- d-----w C:\Program Files\Trend Micro

2007-11-13 18:17 --------- d-----w C:\Documents and Settings\Bo Baber\Application Data\AdobeUM

2007-11-13 18:15 --------- d-----w C:\Program Files\Trojan Remover

2007-11-06 02:05 --------- d-----w C:\Program Files\DivX

2007-10-29 15:54 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-10-23 17:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2007-10-20 14:08 --------- d-----w C:\Documents and Settings\Bo Baber\Application Data\Smilebox

2007-10-20 14:06 --------- d-----w C:\Program Files\Common Files\Real

2007-10-09 21:07 --------- d-----w C:\Program Files\Netscape

2007-10-09 19:57 --------- d-----w C:\Program Files\Common Files\aol

2007-10-09 19:45 --------- d-----w C:\Program Files\Add-Remove Master 6.0

2007-10-07 20:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Simply Super Software

2007-10-07 20:14 --------- d-----w C:\Program Files\RogueRemover PRO

2007-10-07 19:01 --------- d-----w C:\Documents and Settings\Bo Baber\Application Data\Netscape

2007-10-07 18:45 --------- d-----w C:\Documents and Settings\Bo Baber\Application Data\AOL

2007-10-07 18:44 --------- d-----w C:\Program Files\Common Files\Nullsoft

2007-10-07 18:44 --------- d-----w C:\Program Files\Common Files\aolshare

2007-10-07 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL

2007-10-07 18:43 --------- d-----w C:\Program Files\Viewpoint

2007-10-07 18:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint

2007-10-07 18:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads

2007-10-07 17:42 --------- d-----w C:\Documents and Settings\Bo Baber\Application Data\MSNInstaller

2007-10-07 16:52 --------- d-----w C:\Program Files\Java

2007-10-07 14:51 --------- d-----w C:\Documents and Settings\Bo Baber\Application Data\DivX

2007-10-06 01:26 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2007-10-06 01:26 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2007-10-06 01:26 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-10-06 01:26 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2007-10-06 01:26 --------- d-----w C:\Program Files\Symantec

2007-10-06 01:25 --------- d-----w C:\Program Files\Norton Internet Security

2007-10-05 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-10-05 21:27 --------- d-----w C:\Program Files\Enigma Software Group

2007-10-05 21:14 --------- d-----w C:\Program Files\STOPzilla!

2007-10-05 21:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!

2007-10-05 20:59 1,024 ----a-w C:\WINDOWS\system32\drivers\103706A3-0E01-4D1C-B49A-9B4435C20826.cxv

2007-10-05 20:54 --------- d-----w C:\Program Files\Common Files\iS3

2007-10-05 20:29 2,014 ---h--r C:\WINDOWS\system32\drivers\hosts

2007-10-05 17:04 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Grisoft

2007-10-05 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft

2007-10-04 22:55 28,672 ----a-w C:\WINDOWS\system32\drivers\CO_Mon.sys

2007-09-29 21:32 --------- d-----w C:\Program Files\brighter child

2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2007-09-24 21:20 --------- d-----w C:\Program Files\Microsoft Digital Image 10

2007-09-23 21:36 7,680 ----a-w C:\WINDOWS\system32\printer.exe.ren

2007-09-22 22:17 --------- d-----w C:\Program Files\QuickTime

2007-09-22 22:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

2007-09-20 17:21 --------- d-----w C:\Program Files\Kodak

2007-09-19 18:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak

2007-09-19 18:03 --------- d-----w C:\Program Files\Common Files\Kodak

2007-09-18 19:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat

2007-09-18 19:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat

2007-09-18 19:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat

2007-09-18 19:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf

2007-09-18 19:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf

2007-09-18 19:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf

2007-09-18 19:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys

2007-09-18 19:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys

2007-09-18 19:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys

2007-09-16 22:28 --------- d-----w C:\Documents and Settings\Bo Baber\Application Data\HP

2007-09-16 22:14 --------- d-----w C:\Program Files\HP

2007-09-15 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft

2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll

2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll

2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll

2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll

2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll

2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-08-20 10:04 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll

2007-08-20 10:04 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll

2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll

2007-08-20 10:04 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll

2007-08-20 10:04 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll

2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll

2007-08-20 10:04 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll

2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll

2007-08-20 10:04 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll

2007-08-20 10:04 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll

2007-08-20 10:04 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll

2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll

2007-08-17 10:21 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe

2007-08-17 10:20 63,488 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll

2005-05-12 05:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 15:33]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 20:00]

"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []

"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 00:01]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 00:05]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-14 21:10]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 01:11]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]

"HostManager"="C:\Program Files\Common Files\AOL\1191782494\ee\AOLSoftware.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 00:19:50]

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-09-23 14:25:10]

HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]

Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 21:56:14]

R2 BASFND;BASFND;\??\C:\WINDOWS\system32\Drivers\BASFND.sys

R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f676f8c-74e4-11dc-9084-0014a53950cf}]

\Shell\AutoRun\command - E:\system\viewer\Viewer.exe

\Shell\View your videos\command - E:\system\viewer\Viewer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74022637-c602-11db-9020-0014a53950cf}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL amberstick.exe

*Newly Created Service* - CATCHME

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2007-09-19 17:59:47 C:\WINDOWS\Tasks\EasyShare Registration Task.job"

"2007-10-17 22:26:05 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1189981547.job"

- C:\Program Files\HP\Digital Imaging\Bin\hpqfrucl.exe

"2007-11-06 02:01:26 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Bo Baber.job"

- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe

.

**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-14 18:38:57

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-14 18:40:03

.

--- E O F ---

Here is the Updated Hijack Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:46:16 PM, on 11/14/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\WINDOWS\system32\basfipm.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe