Latest posts of: dingofix
My PC Hell Forum
November 23, 2008, 06:47:34 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Moving to New Location Soon! Watch out for notification. 14th Dec 2007.
 
  Home Help Search Calendar Login Register  
  Show Posts
Pages: [1]
1  Windows XP Assistance / Security-Virus/Spyware / Re: lsasddr.dll on: August 24, 2007, 10:48:39 AM

[Files/Folders - Created Within 30 days]
boot.ini.cf -> %SystemDrive%\boot.ini.cf ->  [Ver =  | Size = 211 bytes | Created Date = 8/21/2007 10:30:00 AM | Attr =  HS]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 8/21/2007 10:27:14 AM | Attr =    ]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 8/17/2007 5:41:12 AM | Attr =  HS]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 8/21/2007 10:29:38 AM | Attr =    ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Created Date = 8/22/2007 11:05:01 AM | Attr =    ]
catchme.exe -> %SystemRoot%\catchme.exe ->  [Ver =  | Size = 109056 bytes | Created Date = 8/21/2007 10:27:18 AM | Attr =    ]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 8/21/2007 10:28:06 AM | Attr =    ]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 8/21/2007 10:27:18 AM | Attr =    ]
pss -> %SystemRoot%\pss ->  [Folder | Created Date = 8/17/2007 10:20:58 PM | Attr =    ]
temp -> %SystemRoot%\temp ->  [Folder | Created Date = 8/21/2007 10:49:01 AM | Attr =    ]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 166 bytes | Created Date = 8/14/2007 10:50:05 PM | Attr =    ]
At100.job -> %SystemRoot%\tasks\At100.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/21/2007 12:04:01 PM | Attr =    ]
At101.job -> %SystemRoot%\tasks\At101.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/21/2007 12:04:01 PM | Attr =    ]
At102.job -> %SystemRoot%\tasks\At102.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/21/2007 12:04:01 PM | Attr =    ]
At103.job -> %SystemRoot%\tasks\At103.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/21/2007 12:04:01 PM | Attr =    ]
At104.job -> %SystemRoot%\tasks\At104.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/21/2007 12:04:01 PM | Attr =    ]
At105.job -> %SystemRoot%\tasks\At105.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/21/2007 12:04:01 PM | Attr =    ]
At106.job -> %SystemRoot%\tasks\At106.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/21/2007 12:04:01 PM | Attr =    ]
At107.job -> %SystemRoot%\tasks\At107.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/21/2007 12:04:01 PM | Attr =    ]
At108.job -> %SystemRoot%\tasks\At108.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/21/2007 12:04:01 PM | Attr =    ]
At109.job -> %SystemRoot%\tasks\At109.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/21/2007 12:04:01 PM | Attr =    ]
At110.job -> %SystemRoot%\tasks\At110.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/21/2007 12:04:01 PM | Attr =    ]
At111.job -> %SystemRoot%\tasks\At111.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/21/2007 12:04:01 PM | Attr =    ]
At112.job -> %SystemRoot%\tasks\At112.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/21/2007 12:04:01 PM | Attr =    ]
At113.job -> %SystemRoot%\tasks\At113.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/21/2007 12:04:01 PM | Attr =    ]
At114.job -> %SystemRoot%\tasks\At114.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/21/2007 12:04:01 PM | Attr =    ]
At115.job -> %SystemRoot%\tasks\At115.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/21/2007 12:04:01 PM | Attr =    ]
At116.job -> %SystemRoot%\tasks\At116.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/21/2007 12:04:01 PM | Attr =    ]
At117.job -> %SystemRoot%\tasks\At117.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/21/2007 12:04:01 PM | Attr =    ]
At118.job -> %SystemRoot%\tasks\At118.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/21/2007 12:04:01 PM | Attr =    ]
At119.job -> %SystemRoot%\tasks\At119.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/21/2007 12:04:01 PM | Attr =    ]
At120.job -> %SystemRoot%\tasks\At120.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/21/2007 12:04:01 PM | Attr =    ]
At97.job -> %SystemRoot%\tasks\At97.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/21/2007 12:04:01 PM | Attr =    ]
At98.job -> %SystemRoot%\tasks\At98.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/21/2007 12:04:01 PM | Attr =    ]
At99.job -> %SystemRoot%\tasks\At99.job ->  [Ver =  | Size = 350 bytes | Created Date = 8/21/2007 12:04:01 PM | Attr =    ]
2XHEIsXv.exe -> %System32%\2XHEIsXv.exe ->  [Ver =  | Size = 26176 bytes | Created Date = 8/21/2007 12:03:59 PM | Attr =    ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 8/21/2007 10:27:18 AM | Attr =    ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 8/21/2007 10:27:18 AM | Attr =    ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 8/21/2007 10:27:18 AM | Attr =    ]
vfind.exe -> %System32%\vfind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 8/21/2007 10:27:18 AM | Attr =    ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 8/20/2007 4:14:58 PM | Attr =  HS]
boot.ini.cf -> %SystemDrive%\boot.ini.cf ->  [Ver =  | Size = 211 bytes | Modified Date = 8/20/2007 4:14:58 PM | Attr =  HS]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Modified Date = 8/21/2007 10:49:18 AM | Attr =    ]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 8/17/2007 5:49:46 AM | Attr =  HS]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 8/20/2007 11:01:24 AM | Attr =    ]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 8/22/2007 11:06:40 AM | Attr = R  ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 8/21/2007 10:29:40 AM | Attr =    ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 8/14/2007 6:36:12 PM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 8/21/2007 10:49:02 AM | Attr =    ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Modified Date = 8/22/2007 11:05:02 AM | Attr =    ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 8/22/2007 11:06:34 AM | Attr =   S]
entpack.ini -> %SystemRoot%\entpack.ini ->  [Ver =  | Size = 2026 bytes | Modified Date = 8/6/2007 5:10:32 PM | Attr =    ]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 8/21/2007 10:30:02 AM | Attr =    ]
FUJIGOLF.INI -> %SystemRoot%\FUJIGOLF.INI ->  [Ver =  | Size = 213 bytes | Modified Date = 8/6/2007 5:18:18 PM | Attr =    ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 8/17/2007 5:41:36 AM | Attr =  HS]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 8/11/2007 5:04:02 AM | Attr =    ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 116 bytes | Modified Date = 8/3/2007 8:27:28 AM | Attr =    ]
popcinfo.dat -> %SystemRoot%\popcinfo.dat ->  [Ver =  | Size = 10 bytes | Modified Date = 8/22/2007 10:41:24 AM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 8/22/2007 11:16:02 AM | Attr =    ]
pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 8/17/2007 10:23:16 PM | Attr =    ]
SORW.bkm -> %SystemRoot%\SORW.bkm ->  [Ver =  | Size = 10 bytes | Modified Date = 8/10/2007 3:44:38 PM | Attr =    ]
SPTH.bkm -> %SystemRoot%\SPTH.bkm ->  [Ver =  | Size = 10 bytes | Modified Date = 8/15/2007 6:25:36 PM | Attr =    ]
SYMGAMES.INI -> %SystemRoot%\SYMGAMES.INI ->  [Ver =  | Size = 44 bytes | Modified Date = 8/6/2007 5:26:50 PM | Attr =    ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 8/20/2007 4:14:58 PM | Attr =    ]
system32 -> %System32% ->  [Folder | Modified Date = 8/22/2007 11:06:32 AM | Attr =    ]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 8/22/2007 11:12:20 AM | Attr =   S]
temp -> %SystemRoot%\temp ->  [Folder | Modified Date = 8/22/2007 11:12:08 AM | Attr =    ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 624 bytes | Modified Date = 8/20/2007 4:14:58 PM | Attr =    ]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 166 bytes | Modified Date = 8/18/2007 8:09:52 AM | Attr =    ]
At100.job -> %SystemRoot%\tasks\At100.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/22/2007 3:03:02 AM | Attr =    ]
At101.job -> %SystemRoot%\tasks\At101.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/22/2007 4:03:02 AM | Attr =    ]
At102.job -> %SystemRoot%\tasks\At102.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/22/2007 5:03:02 AM | Attr =    ]
At103.job -> %SystemRoot%\tasks\At103.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/22/2007 6:03:02 AM | Attr =    ]
At104.job -> %SystemRoot%\tasks\At104.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/22/2007 7:03:02 AM | Attr =    ]
At105.job -> %SystemRoot%\tasks\At105.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/22/2007 8:03:02 AM | Attr =    ]
At106.job -> %SystemRoot%\tasks\At106.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/22/2007 9:03:16 AM | Attr =    ]
At107.job -> %SystemRoot%\tasks\At107.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/22/2007 10:03:06 AM | Attr =    ]
At108.job -> %SystemRoot%\tasks\At108.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/22/2007 11:03:02 AM | Attr =    ]
At109.job -> %SystemRoot%\tasks\At109.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/21/2007 12:04:02 PM | Attr =    ]
At110.job -> %SystemRoot%\tasks\At110.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/21/2007 1:01:02 PM | Attr =    ]
At111.job -> %SystemRoot%\tasks\At111.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/21/2007 2:01:02 PM | Attr =    ]
At112.job -> %SystemRoot%\tasks\At112.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/21/2007 3:01:02 PM | Attr =    ]
At113.job -> %SystemRoot%\tasks\At113.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/21/2007 4:01:02 PM | Attr =    ]
At114.job -> %SystemRoot%\tasks\At114.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/21/2007 5:01:02 PM | Attr =    ]
At115.job -> %SystemRoot%\tasks\At115.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/21/2007 6:01:02 PM | Attr =    ]
At116.job -> %SystemRoot%\tasks\At116.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/21/2007 7:01:02 PM | Attr =    ]
At117.job -> %SystemRoot%\tasks\At117.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/21/2007 8:01:06 PM | Attr =    ]
At118.job -> %SystemRoot%\tasks\At118.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/21/2007 9:01:02 PM | Attr =    ]
At119.job -> %SystemRoot%\tasks\At119.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/21/2007 10:03:02 PM | Attr =    ]
At120.job -> %SystemRoot%\tasks\At120.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/21/2007 11:03:02 PM | Attr =    ]
At97.job -> %SystemRoot%\tasks\At97.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/22/2007 12:03:02 AM | Attr =    ]
At98.job -> %SystemRoot%\tasks\At98.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/22/2007 1:03:02 AM | Attr =    ]
At99.job -> %SystemRoot%\tasks\At99.job ->  [Ver =  | Size = 350 bytes | Modified Date = 8/22/2007 2:03:02 AM | Attr =    ]
Norton AntiVirus - Scan my computer - Sastre.job -> %SystemRoot%\tasks\Norton AntiVirus - Scan my computer - Sastre.job ->  [Ver =  | Size = 532 bytes | Modified Date = 8/19/2007 8:00:02 PM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 8/22/2007 11:06:38 AM | Attr =  H ]
2XHEIsXv.exe -> %System32%\2XHEIsXv.exe ->  [Ver =  | Size = 26176 bytes | Modified Date = 8/21/2007 12:03:28 PM | Attr =    ]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 8/21/2007 7:55:52 PM | Attr =    ]
config -> %System32%\config ->  [Folder | Modified Date = 8/21/2007 10:30:08 AM | Attr =    ]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 8/21/2007 10:28:14 AM | Attr =    ]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 8/17/2007 10:21:46 PM | Attr =    ]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 8/22/2007 11:06:34 AM | Attr =    ]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 8/21/2007 10:46:20 AM | Attr =    ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 ,  -> %System32%\2XHEIsXv.exe ->  [Ver =  | Size = 26176 bytes | Modified Date = 8/21/2007 12:03:28 PM | Attr =    ]
PEC2 ,  -> %System32%\dfrg.msc ->  [Ver =  | Size = 41397 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\MACDec.dll -> Matthew T. Ashland [Ver = 3.99 | Size = 75264 bytes | Modified Date = 5/15/2004 4:10:42 PM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\MonkeySource.ax ->  [Ver =  | Size = 177152 bytes | Modified Date = 6/19/2004 6:28:44 PM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\NeroCheck.exe ->  [Ver =  | Size = 53267 bytes | Modified Date = 4/13/2007 12:49:48 PM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\NeroCheck.ex_ ->  [Ver =  | Size = 45075 bytes | Modified Date = 4/13/2007 12:49:48 PM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 7/22/2007 6:39:28 PM | Attr =    ]
winsync ,  -> %System32%\wbdbase.deu ->  [Ver =  | Size = 1309184 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr =    ]
WSUD , UPX0 ,  -> %System32%\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr =    ]

< End of report >
2  Windows XP Assistance / Security-Virus/Spyware / Re: lsasddr.dll on: August 24, 2007, 10:44:11 AM
Thanks to the moderate for the help lsasddr.dll is no longer annoying, might still be there and dangerous but not annoying

WinPFind3 logfile created on: 8/22/2007 11:18:44 AM
WinPFind3U by OldTimer - Version 1.0.39   Folder = C:\Documents and Settings\Sastre\Desktop\clean up\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
 
447.48 Mb Total Physical Memory | 185.13 Mb Available Physical Memory | 41.37% Memory free
1.03 Gb Paging File | 0.84 Gb Available in Paging File | 81.19% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 8.30 Gb Free Space | 10.37% Space Free
D: Drive not present or media not loaded
Drive E: | 106.30 Gb Total Space | 64.42 Gb Free Space | 60.60% Space Free
F: Drive not present or media not loaded

Computer Name: BUCK1
Current User Name: Sastre
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.171 | Size = 100032 bytes | Modified Date = 7/25/2006 6:03:44 PM | Attr =    ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.0.9.2 | Size = 58984 bytes | Modified Date = 1/9/2007 5:32:02 PM | Attr =    ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.0.9.2 | Size = 198248 bytes | Modified Date = 1/9/2007 5:32:02 PM | Attr =    ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.0.9.2 | Size = 181864 bytes | Modified Date = 1/9/2007 5:32:04 PM | Attr =    ]
navapsvc.exe -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 11.0.9.16 | Size = 177264 bytes | Modified Date = 1/10/2005 12:20:22 PM | Attr =    ]
nerocheck.exe -> %System32%\NeroCheck.exe ->  [Ver =  | Size = 53267 bytes | Modified Date = 4/13/2007 12:49:48 PM | Attr =    ]
npfmntor.exe -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 11.0.9.16 | Size = 46704 bytes | Modified Date = 1/10/2005 12:20:42 PM | Attr =    ]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.6.604 | Size = 206552 bytes | Modified Date = 3/28/2007 6:41:56 PM | Attr =    ]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,0,1,47 | Size = 173160 bytes | Modified Date = 7/21/2004 5:24:04 PM | Attr =    ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1, 8, 54, 419 | Size = 817304 bytes | Modified Date = 7/8/2007 1:13:00 AM | Attr =    ]
winpfind3u.exe -> %UserDesktop%\clean up\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 6/23/2007 3:15:54 PM | Attr =    ]
yahoomessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,402 | Size = 4670968 bytes | Modified Date = 6/11/2007 6:16:12 PM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(AresChatServer) Ares Chatroom server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Ares\chatServer.exe -> Ares Development Group [Ver = 2.0.5.3027 | Size = 263168 bytes | Modified Date = 2/6/2007 9:39:26 PM | Attr =    ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.171 | Size = 100032 bytes | Modified Date = 7/25/2006 6:03:44 PM | Attr =    ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.0.9.2 | Size = 198248 bytes | Modified Date = 1/9/2007 5:32:02 PM | Attr =    ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPWDSVC.EXE -> Symantec Corporation [Ver = 103.0.9.2 | Size = 79464 bytes | Modified Date = 1/9/2007 5:32:04 PM | Attr =    ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.0.9.2 | Size = 181864 bytes | Modified Date = 1/9/2007 5:32:04 PM | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr =    ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.171 | Size = 2119360 bytes | Modified Date = 7/25/2006 6:03:44 PM | Attr =    ]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 11.0.9.16 | Size = 177264 bytes | Modified Date = 1/10/2005 12:20:22 PM | Attr =    ]
(NPFMntor) Norton AntiVirus Firewall Monitor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 11.0.9.16 | Size = 46704 bytes | Modified Date = 1/10/2005 12:20:42 PM | Attr =    ]
(SAVScan) SAVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\SAVSCAN.EXE -> Symantec Corporation [Ver = 9.4.1.10 | Size = 198368 bytes | Modified Date = 12/10/2004 1:00:50 PM | Attr =    ]
(SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Script Blocking\SBSERV.EXE -> Symantec Corporation [Ver = 11.0.9.16 | Size = 67184 bytes | Modified Date = 1/10/2005 12:20:48 PM | Attr =    ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.6.604 | Size = 206552 bytes | Modified Date = 3/28/2007 6:41:56 PM | Attr =    ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,0,1,47 | Size = 173160 bytes | Modified Date = 7/21/2004 5:24:04 PM | Attr =    ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1, 8, 54, 419 | Size = 817304 bytes | Modified Date = 7/8/2007 1:13:00 AM | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AudioDeck -> %ProgramFiles%\VIAudioi\SBADeck\ADeck.exe -> File not found
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.0.9.2 | Size = 58984 bytes | Modified Date = 1/9/2007 5:32:02 PM | Attr =    ]
NeroFilterCheck -> %System32%\NeroCheck.exe ->  [Ver =  | Size = 53267 bytes | Modified Date = 4/13/2007 12:49:48 PM | Attr =    ]
RaidTool -> %ProgramFiles%\VIA\RAID\raid_tool.exe ->  [Ver =  | Size = 53267 bytes | Modified Date = 4/13/2007 12:49:48 PM | Attr =    ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> File not found
Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe -> Symantec Corporation [Ver = 5.5.6.604 | Size = 100056 bytes | Modified Date = 8/17/2007 5:41:36 AM | Attr =    ]
VTTimer -> %System32%\VTTimer.exe -> S3 Graphics, Inc. [Ver = 2.00.01-0307 | Size = 53248 bytes | Modified Date = 3/7/2005 3:33:28 PM | Attr = R  ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,402 | Size = 4670968 bytes | Modified Date = 6/11/2007 6:16:12 PM | Attr =    ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
lsasddr -> lsasddr.dll -> File not found
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ ->  ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ ->  ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1       localhost ->  ->
< Internet Explorer Settings > ->  ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://www.google.tt/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] ->  ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.9.0.2004090100 | Size = 58528 bytes | Modified Date = 9/1/2004 1:43:30 AM | Attr =    ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 11/9/2006 3:21:52 PM | Attr =    ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 11.0.9.16 | Size = 218736 bytes | Modified Date = 1/10/2005 12:20:36 PM | Attr =    ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.0.9.16 | Size = 218736 bytes | Modified Date = 1/10/2005 12:20:36 PM | Attr =    ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.0.9.16 | Size = 218736 bytes | Modified Date = 1/10/2005 12:20:36 PM | Attr =    ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.0.9.16 | Size = 218736 bytes | Modified Date = 1/10/2005 12:20:36 PM | Attr =    ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{9455301C-CF6B-11D3-A266-00C04F689C50} -> Reg Data - Value does not exist [ButtonText: Researcher] -> File not found
{B205A35E-1FC4-4CE3-818B-899DBBB3388C} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
{d9288080-1baa-4bc4-9cf8-a92d743db949} -> %SystemDrive%\Documents and Settings\Sastre\Start Menu\Programs\IMVU\Run IMVU.lnk [ButtonText: Run IMVU] ->  [Ver =  | Size = 1540 bytes | Modified Date = 8/5/2007 3:53:26 AM | Attr =    ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel ->  -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 ->  ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{AF533E7F-AF15-4EC1-B6CF-36492627C37F} ->    (VIA Rhine II Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> %System32%\lsasddr.dll -> File not found
msdaipp -> %System32%\lsasddr.dll -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab ->
{9CDDD774-0E1E-49E3-91C6-F2D49949CF5D} -> DictAideOE.ctlDictaideOE - CodeBase = https://hcp.dictaide.com/OE3202.CAB ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
{D7107300-E42A-4C1C-84EB-4D783E58B88D} -> DNInstallerOCX Class - CodeBase = https://mq1webc2.speechmachines.org/Installer/InstallerOCX.cab ->
{D9E4E21E-60E0-11DA-91EB-00123F33E209} -> DNInstallerOCX Class - CodeBase = https://mq1webc2.speechmachines.org/Installer/DNInstaller2.cab ->

3  Windows XP Assistance / Security-Virus/Spyware / Re: lsasddr.dll on: August 24, 2007, 10:38:12 AM
Work can be so bothersome at times.  Anyways, my logs

LoadLibrary failed for C:\WINDOWS\system32\lsasddr.dll
C:\WINDOWS\system32\lsasddr.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\lsasddr.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\Xi3EouL1.exe not found.
File/Folder C:\WINDOWS\system32\Uf8tJN4K.exe not found.
C:\WINDOWS\Tasks\At10.job moved successfully.
C:\WINDOWS\Tasks\At11.job moved successfully.
C:\WINDOWS\Tasks\At12.job moved successfully.
C:\WINDOWS\Tasks\At13.job moved successfully.
C:\WINDOWS\Tasks\At14.job moved successfully.
C:\WINDOWS\Tasks\At15.job moved successfully.
C:\WINDOWS\Tasks\At16.job moved successfully.
C:\WINDOWS\Tasks\At17.job moved successfully.
C:\WINDOWS\Tasks\At18.job moved successfully.
C:\WINDOWS\Tasks\At19.job moved successfully.
C:\WINDOWS\Tasks\At20.job moved successfully.
C:\WINDOWS\Tasks\At21.job moved successfully.
C:\WINDOWS\Tasks\At22.job moved successfully.
C:\WINDOWS\Tasks\At23.job moved successfully.
C:\WINDOWS\Tasks\At24.job moved successfully.
C:\WINDOWS\Tasks\At3.job moved successfully.
C:\WINDOWS\Tasks\At4.job moved successfully.
C:\WINDOWS\Tasks\At49.job moved successfully.
C:\WINDOWS\Tasks\At5.job moved successfully.
C:\WINDOWS\Tasks\At50.job moved successfully.
C:\WINDOWS\Tasks\At51.job moved successfully.
C:\WINDOWS\Tasks\At52.job moved successfully.
C:\WINDOWS\Tasks\At53.job moved successfully.
C:\WINDOWS\Tasks\At54.job moved successfully.
C:\WINDOWS\Tasks\At55.job moved successfully.
C:\WINDOWS\Tasks\At56.job moved successfully.
C:\WINDOWS\Tasks\At57.job moved successfully.
C:\WINDOWS\Tasks\At58.job moved successfully.
C:\WINDOWS\Tasks\At59.job moved successfully.
C:\WINDOWS\Tasks\At6.job moved successfully.
C:\WINDOWS\Tasks\At60.job moved successfully.
C:\WINDOWS\Tasks\At61.job moved successfully.
C:\WINDOWS\Tasks\At62.job moved successfully.
C:\WINDOWS\Tasks\At63.job moved successfully.
C:\WINDOWS\Tasks\At64.job moved successfully.
C:\WINDOWS\Tasks\At65.job moved successfully.
C:\WINDOWS\Tasks\At66.job moved successfully.
C:\WINDOWS\Tasks\At67.job moved successfully.
C:\WINDOWS\Tasks\At68.job moved successfully.
C:\WINDOWS\Tasks\At69.job moved successfully.
C:\WINDOWS\Tasks\At7.job moved successfully.
C:\WINDOWS\Tasks\At70.job moved successfully.
C:\WINDOWS\Tasks\At71.job moved successfully.
C:\WINDOWS\Tasks\At72.job moved successfully.
C:\WINDOWS\Tasks\At8.job moved successfully.
C:\WINDOWS\Tasks\At9.job moved successfully.
 
Created on 08/22/2007 11:05:02
4  Windows XP Assistance / Security-Virus/Spyware / Re: lsasddr.dll on: August 21, 2007, 11:08:47 AM
Well Damn @ lenght of logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:13 AM, on 8/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.tt/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {293f4892-53bb-4961-9857-598936625276} - C:\WINDOWS\system32\lsasddr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\lsasddr.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\lsasddr.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sastre\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9CDDD774-0E1E-49E3-91C6-F2D49949CF5D} (DictAideOE.ctlDictaideOE) - https://hcp.dictaide.com/OE3202.CAB
O16 - DPF: {D7107300-E42A-4C1C-84EB-4D783E58B88D} (DNInstallerOCX Class) - https://mq1webc2.speechmachines.org/Installer/InstallerOCX.cab
O16 - DPF: {D9E4E21E-60E0-11DA-91EB-00123F33E209} (DNInstallerOCX Class) - https://mq1webc2.speechmachines.org/Installer/DNInstaller2.cab
O20 - Winlogon Notify: lsasddr - C:\WINDOWS\SYSTEM32\lsasddr.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6518 bytes

____________________________________________________________________________________________

ComboFix 07-08-17.2 - "Sastre" 2007-08-21 10:28:10.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.148 [GMT -4:00]


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Sastre\APPLIC~1\tmp109.tmp.exe
C:\DOCUME~1\Sastre\APPLIC~1\tmp10C.tmp.exe
C:\DOCUME~1\Sastre\APPLIC~1\tmp12.tmp.exe
C:\WINDOWS\system32\dn9c906e88.dat
C:\WINDOWS\system32\eNd6GsmI.exe
C:\WINDOWS\system32\gebcayy.dll
C:\WINDOWS\system32\X616Tj58.exe
C:\WINDOWS\Tasks.\At25.job
C:\WINDOWS\Tasks.\At26.job
C:\WINDOWS\Tasks.\At27.job
C:\WINDOWS\Tasks.\At28.job
C:\WINDOWS\Tasks.\At29.job
C:\WINDOWS\Tasks.\At30.job
C:\WINDOWS\Tasks.\At31.job
C:\WINDOWS\Tasks.\At32.job
C:\WINDOWS\Tasks.\At33.job
C:\WINDOWS\Tasks.\At34.job
C:\WINDOWS\Tasks.\At35.job
C:\WINDOWS\Tasks.\At36.job
C:\WINDOWS\Tasks.\At37.job
C:\WINDOWS\Tasks.\At38.job
C:\WINDOWS\Tasks.\At39.job
C:\WINDOWS\Tasks.\At40.job
C:\WINDOWS\Tasks.\At41.job
C:\WINDOWS\Tasks.\At42.job
C:\WINDOWS\Tasks.\At43.job
C:\WINDOWS\Tasks.\At44.job
C:\WINDOWS\Tasks.\At45.job
C:\WINDOWS\Tasks.\At46.job
C:\WINDOWS\Tasks.\At47.job
C:\WINDOWS\Tasks.\At48.job
C:\WINDOWS\Tasks.\At73.job
C:\WINDOWS\Tasks.\At74.job
C:\WINDOWS\Tasks.\At75.job
C:\WINDOWS\Tasks.\At76.job
C:\WINDOWS\Tasks.\At77.job
C:\WINDOWS\Tasks.\At78.job
C:\WINDOWS\Tasks.\At79.job
C:\WINDOWS\Tasks.\At80.job
C:\WINDOWS\Tasks.\At81.job
C:\WINDOWS\Tasks.\At82.job
C:\WINDOWS\Tasks.\At83.job
C:\WINDOWS\Tasks.\At84.job
C:\WINDOWS\Tasks.\At85.job
C:\WINDOWS\Tasks.\At86.job
C:\WINDOWS\Tasks.\At87.job
C:\WINDOWS\Tasks.\At88.job
C:\WINDOWS\Tasks.\At89.job
C:\WINDOWS\Tasks.\At90.job
C:\WINDOWS\Tasks.\At91.job
C:\WINDOWS\Tasks.\At92.job
C:\WINDOWS\Tasks.\At93.job
C:\WINDOWS\Tasks.\At94.job
C:\WINDOWS\Tasks.\At95.job
C:\WINDOWS\Tasks.\At96.job


(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE


(((((((((((((((((((((((((   Files Created from 2007-07-21 to 2007-08-21  )))))))))))))))))))))))))))))))


2007-08-21 10:27   51,200   --a------   C:\WINDOWS\nircmd.exe
2007-08-20 11:01   225,280   --ah-----   C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-17 22:20   <DIR>   d--------   C:\WINDOWS\pss
2007-08-15 08:22   <DIR>   d--------   C:\Program Files\ScanSpyware v3.8.0.4
2007-08-14 21:21   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-04 19:08   92,730   ---------   C:\WINDOWS\system32\lsasddr.dll


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-20 19:48   ---------   d--------   C:\DOCUME~1\Sastre\APPLIC~1\IMVU
2007-08-20 19:10   ---------   d--------   C:\Program Files\DocQscribe
2007-08-20 19:08   ---------   d--------   C:\Program Files\QLEDR05
2007-08-20 10:57   ---------   d--------   C:\Program Files\Norton AntiVirus
2007-08-20 09:48   ---------   d--------   C:\Program Files\Warcraft III
2007-08-19 13:33   ---------   d--------   C:\DOCUME~1\Sastre\APPLIC~1\BitTorrent
2007-08-17 05:49   ---------   d--------   C:\Program Files\Common Files\Symantec Shared
2007-08-17 05:42   ---------   d--------   C:\Program Files\Symantec
2007-08-16 23:46   ---------   d--------   C:\Program Files\IMVU
2007-08-03 18:19   ---------   d--------   C:\Program Files\SymNetDrv
2007-07-23 18:37   ---------   d--------   C:\DOCUME~1\Sastre\APPLIC~1\LimeWire
2007-07-12 10:00   ---------   d--------   C:\Program Files\Ares
2007-07-10 17:32   ---------   d--------   C:\Program Files\eMule
2007-07-08 01:12   4608   --a------   C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-07-08 01:10   ---------   d--------   C:\Program Files\K-Lite Codec Pack
2007-06-28 11:26   ---------   d--------   C:\Program Files\Yahoo!
2007-06-27 19:50   ---------   d--------   C:\Program Files\GAMES


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{293f4892-53bb-4961-9857-598936625276}]
2007-08-04 19:08   92730   ---------   C:\WINDOWS\system32\lsasddr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2007-04-13 12:49]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-08-17 05:41]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"VTTimer"="VTTimer.exe" [2005-03-07 15:33 C:\WINDOWS\system32\VTTimer.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" []
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2007-04-13 12:49]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2005-06-30 01:16 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-11 18:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lsasddr]
lsasddr.dll 2007-08-04 19:08 92730 C:\WINDOWS\system32\lsasddr.dll

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
S3 GMSIPCI;GMSIPCI;\??\D:\INSTALL\GMSIPCI.SYS


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2dd4e72-9f9a-11db-8909-0016179b061b}]
Auto\command- sxs.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe


Contents of the 'Scheduled Tasks' folder
2007-08-21 13:00:00 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\system32\Xi3EouL1.exe
2007-08-21 14:00:00 C:\WINDOWS\Tasks\At11.job
2007-08-20 15:00:00 C:\WINDOWS\Tasks\At12.job
2007-08-19 16:00:00 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\system32\Xi3EouL1.exe
2007-08-19 17:00:00 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\system32\Xi3EouL1.exe
2007-08-19 18:00:02 C:\WINDOWS\Tasks\At15.job
2007-08-19 19:00:00 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\system32\Xi3EouL1.exe
2007-08-19 20:00:00 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\system32\Xi3EouL1.exe
2007-08-20 21:00:00 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\Xi3EouL1.exe
2007-08-20 22:00:00 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\system32\Xi3EouL1.exe
2007-08-20 23:00:00 C:\WINDOWS\Tasks\At20.job - C:\WINDOWS\system32\Xi3EouL1.exe
2007-08-21 00:00:00 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\system32\Xi3EouL1.exe
2007-08-21 01:00:00 C:\WINDOWS\Tasks\At22.job
2007-08-21 02:00:00 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\system32\Xi3EouL1.exe
2007-08-21 03:00:00 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\system32\Xi3EouL1.exe
2007-08-21 06:00:00 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\system32\Xi3EouL1.exe
2007-08-21 07:00:00 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\system32\Xi3EouL1.exe
2007-08-21 04:00:00 C:\WINDOWS\Tasks\At49.job - C:\WINDOWS\system32\Uf8tJN4K.exe
2007-08-21 08:00:00 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\system32\Xi3EouL1.exe
2007-08-21 05:00:00 C:\WINDOWS\Tasks\At50.job - C:\WINDOWS\system32\Uf8tJN4K.exe
2007-08-21 06:00:00 C:\WINDOWS\Tasks\At51.job - C:\WINDOWS\system32\Uf8tJN4K.exe
2007-08-21 07:00:00 C:\WINDOWS\Tasks\At52.job - C:\WINDOWS\system32\Uf8tJN4K.exe
2007-08-21 08:00:01 C:\WINDOWS\Tasks\At53.job - C:\WINDOWS\system32\Uf8tJN4K.exe
2007-08-21 09:00:00 C:\WINDOWS\Tasks\At54.job - C:\WINDOWS\system32\Uf8tJN4K.exe
2007-08-21 10:00:00 C:\WINDOWS\Tasks\At55.job
2007-08-21 11:00:00 C:\WINDOWS\Tasks\At56.job - C:\WINDOWS\system32\Uf8tJN4K.exe
2007-08-21 12:00:01 C:\WINDOWS\Tasks\At57.job - C:\WINDOWS\system32\Uf8tJN4K.exe
2007-08-21 13:00:00 C:\WINDOWS\Tasks\At58.job - C:\WINDOWS\system32\Uf8tJN4K.exe
2007-08-21 14:00:00 C:\WINDOWS\Tasks\At59.job
2007-08-21 09:00:00 C:\WINDOWS\Tasks\At6.job
2007-08-20 15:00:00 C:\WINDOWS\Tasks\At60.job - C:\WINDOWS\system32\Uf8tJN4K.exe
2007-08-19 16:00:00 C:\WINDOWS\Tasks\At61.job - C:\WINDOWS\system32\Uf8tJN4K.exe
2007-08-19 17:00:00 C:\WINDOWS\Tasks\At62.job - C:\WINDOWS\system32\Uf8tJN4K.exe
2007-08-19 18:00:03 C:\WINDOWS\Tasks\At63.job - C:\WINDOWS\system32\Uf8tJN4K.exe
2007-08-19 19:00:00 C:\WINDOWS\Tasks\At64.job
2007-08-19 20:00:00 C:\WINDOWS\Tasks\At65.job - C:\WINDOWS\system32\Uf8tJN4K.exe
2007-08-20 21:00:00 C:\WINDOWS\Tasks\At66.job - C:\WINDOWS\system32\Uf8tJN4K.exe
2007-08-20 22:00:00 C:\WINDOWS\Tasks\At67.job - C:\WINDOWS\system32\Uf8tJN4K.exe
2007-08-20 23:00:00 C:\WINDOWS\Tasks\At68.job - C:\WINDOWS\system32\Uf8tJN4K.exe
2007-08-21 00:00:00 C:\WINDOWS\Tasks\At69.job - C:\WINDOWS\system32\Uf8tJN4K.exe
2007-08-21 10:00:00 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\system32\Xi3EouL1.exe
2007-08-21 01:00:00 C:\WINDOWS\Tasks\At70.job
2007-08-21 02:00:00 C:\WINDOWS\Tasks\At71.job
2007-08-21 03:00:00 C:\WINDOWS\Tasks\At72.job - C:\WINDOWS\system32\Uf8tJN4K.exe
2007-08-21 11:00:00 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\Xi3EouL1.exe
2007-08-21 12:00:01 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\Xi3EouL1.exe
2007-08-20 00:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Sastre.job - C:\PROGRA~1\NORTON~1\Navw32.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-21 10:46:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-21 10:48:33 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-21 10:48

   --- E O F ---
5  Windows XP Assistance / Security-Virus/Spyware / lsasddr.dll on: August 20, 2007, 04:02:02 PM
My norton is coming up with lsasddr.dll as a trojan adclicker (annoying as hell); however when i attempt to remove it, it says its being used by another program, user yada yada.  how can i get rid of this file and how can i track which program is using it.
Pages: [1]
Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC Valid XHTML 1.0! Valid CSS!