Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help with friends computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help with friends computer

Unread postby lystell » September 21st, 2007, 5:45 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:37:00 PM, on 7/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\aeohhege.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\SystemDoctor\main.exe
C:\Program Files\USS\USS.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Words\Words.exe
C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\??pPatch\?serinit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [SystemDoctor] C:\Program Files\SystemDoctor\main.exe
O4 - HKLM\..\Run: [USS] "C:\Program Files\USS\USS.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ndnibfyj.dll",sitypnow
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [Lisf] "C:\Documents and Settings\ELITENE JOSEPH\Application Data\?asks\j?vaw.exe"
O4 - HKCU\..\Run: [DDC] C:\WINDOWS\system32\aeohhege.exe
O4 - HKCU\..\Run: [iifu] C:\PROGRA~1\COMMON~1\iifu\iifum.exe
O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
O4 - HKCU\..\Run: [Teecumgo] C:\WINDOWS\system32\??pPatch\?serinit.exe
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\SCURIT~1\rundll32.exe" -vt ndrv
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\lldsrngo.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\swinmmdt.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZJ
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Grace joseph\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RUxJVEVORSBKT1NFUEg\command.exe (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\aeohhege.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 11585 bytes
lystell
Regular Member
 
Posts: 30
Joined: August 12th, 2007, 6:26 pm
Advertisement
Register to Remove

Unread postby SNOWHITE » September 21st, 2007, 7:25 pm

Hello lystell,

I will be helping you with the malware problem.

PLEASE READ THIS POST COMPLETELY, IT MAY MAKE IT EASIER FOR YOU IF YOU COPY AND PASTE THIS POST INTO A NEW TEXT DOCUMENT OR PRINT IT FOR REFERENCE LATER


Please follow the steps below exactly in the order they are written:

Step #1

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Step #2

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Step #3

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

In your next post please include the following reports:
  • VundoFix report
  • SDFix report
  • dss scan reports main.txt and extra.txt
Let me know how the things went.

Regards,
User avatar
SNOWHITE
Regular Member
 
Posts: 94
Joined: February 12th, 2007, 2:06 pm

Unread postby lystell » September 22nd, 2007, 8:47 am

System is still a little slow but this is one of my hubbies friends and I have no idea if that is normal for it or not.

SDFix did not work on normally on restart, it hung and did not do anything for about an hour. Did a hard stop and it came back up and worked properly. Hopefuly this did not mess it up any.

Here are the logs.

VundoFix V6.5.8

Checking Java version...

Sun Java not detected
Scan started at 5:08:38 AM 7/23/2007

Listing files found while scanning....

C:\windows\system32\bkicgovb.ini
C:\windows\system32\bvogcikb.dll
C:\windows\system32\dvidimyk.dll
C:\WINDOWS\system32\eiuxifbr.dll
C:\windows\system32\fxvjtbsi.dll
C:\WINDOWS\system32\gebcc.dll
C:\windows\system32\ipcqjsuo.dll
C:\windows\system32\isbtjvxf.ini
C:\windows\system32\jucnvcms.ini
C:\windows\system32\kymidivd.ini
C:\windows\system32\kynqbnln.dll
C:\windows\system32\mquwenym.ini
C:\windows\system32\mynewuqm.dll
C:\windows\system32\nlnbqnyk.ini
C:\windows\system32\ousjqcpi.ini
C:\windows\system32\psyoqawt.ini
C:\windows\system32\qiclpknu.dll
C:\windows\system32\qtdokcwu.ini
C:\windows\system32\rslbfjdy.ini
C:\windows\system32\smcvncuj.dll
C:\windows\system32\spcsyngw.dll
C:\windows\system32\twaqoysp.dll
C:\windows\system32\unkplciq.ini
C:\windows\system32\uwckodtq.dll
C:\windows\system32\wgnyscps.ini
C:\WINDOWS\system32\wqkivnry.dll
C:\windows\system32\xgiuebry.dll
C:\windows\system32\ydjfblsr.dll
C:\windows\system32\yrbeuigx.ini

Beginning removal...

Attempting to delete C:\windows\system32\bkicgovb.ini
C:\windows\system32\bkicgovb.ini Has been deleted!

Attempting to delete C:\windows\system32\bvogcikb.dll
C:\windows\system32\bvogcikb.dll Has been deleted!

Attempting to delete C:\windows\system32\dvidimyk.dll
C:\windows\system32\dvidimyk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\eiuxifbr.dll
C:\WINDOWS\system32\eiuxifbr.dll Has been deleted!

Attempting to delete C:\windows\system32\fxvjtbsi.dll
C:\windows\system32\fxvjtbsi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\gebcc.dll Has been deleted!

Attempting to delete C:\windows\system32\ipcqjsuo.dll
C:\windows\system32\ipcqjsuo.dll Has been deleted!

Attempting to delete C:\windows\system32\isbtjvxf.ini
C:\windows\system32\isbtjvxf.ini Has been deleted!

Attempting to delete C:\windows\system32\jucnvcms.ini
C:\windows\system32\jucnvcms.ini Has been deleted!

Attempting to delete C:\windows\system32\kymidivd.ini
C:\windows\system32\kymidivd.ini Has been deleted!

Attempting to delete C:\windows\system32\kynqbnln.dll
C:\windows\system32\kynqbnln.dll Has been deleted!

Attempting to delete C:\windows\system32\mquwenym.ini
C:\windows\system32\mquwenym.ini Has been deleted!

Attempting to delete C:\windows\system32\mynewuqm.dll
C:\windows\system32\mynewuqm.dll Has been deleted!

Attempting to delete C:\windows\system32\nlnbqnyk.ini
C:\windows\system32\nlnbqnyk.ini Has been deleted!

Attempting to delete C:\windows\system32\ousjqcpi.ini
C:\windows\system32\ousjqcpi.ini Has been deleted!

Attempting to delete C:\windows\system32\psyoqawt.ini
C:\windows\system32\psyoqawt.ini Has been deleted!

Attempting to delete C:\windows\system32\qiclpknu.dll
C:\windows\system32\qiclpknu.dll Has been deleted!

Attempting to delete C:\windows\system32\qtdokcwu.ini
C:\windows\system32\qtdokcwu.ini Has been deleted!

Attempting to delete C:\windows\system32\rslbfjdy.ini
C:\windows\system32\rslbfjdy.ini Has been deleted!

Attempting to delete C:\windows\system32\smcvncuj.dll
C:\windows\system32\smcvncuj.dll Has been deleted!

Attempting to delete C:\windows\system32\spcsyngw.dll
C:\windows\system32\spcsyngw.dll Has been deleted!

Attempting to delete C:\windows\system32\twaqoysp.dll
C:\windows\system32\twaqoysp.dll Has been deleted!

Attempting to delete C:\windows\system32\unkplciq.ini
C:\windows\system32\unkplciq.ini Has been deleted!

Attempting to delete C:\windows\system32\uwckodtq.dll
C:\windows\system32\uwckodtq.dll Has been deleted!

Attempting to delete C:\windows\system32\wgnyscps.ini
C:\windows\system32\wgnyscps.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\wqkivnry.dll
C:\WINDOWS\system32\wqkivnry.dll Has been deleted!

Attempting to delete C:\windows\system32\xgiuebry.dll
C:\windows\system32\xgiuebry.dll Has been deleted!

Attempting to delete C:\windows\system32\ydjfblsr.dll
C:\windows\system32\ydjfblsr.dll Has been deleted!

Attempting to delete C:\windows\system32\yrbeuigx.ini
C:\windows\system32\yrbeuigx.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.8

Checking Java version...

Sun Java not detected
Scan started at 5:21:18 AM 7/23/2007

Listing files found while scanning....

No infected files were found.

SDFix: Version 1.106

Run by ELITENE JOSEPH on Mon 07/23/2007 at 06:02 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
cmdService
Network Monitor

ImagePath:
C:\WINDOWS\RUxJVEVORSBKT1NFUEg\command.exe
C:\Program Files\Network Monitor\netmon.exe service

cmdService - Deleted
Network Monitor - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Program Files\WinPop\UnInstall.exe - Deleted
C:\Program Files\Words\list.txt - Deleted
C:\Program Files\Words\UnInstall.exe - Deleted
C:\Program Files\Words\Words.exe - Deleted
C:\Documents and Settings\ELITENE JOSEPH\Start Menu\Programs\Startup\TA_Start.lnk - Deleted
C:\WINDOWS\b128.exe - Deleted
C:\WINDOWS\b143.exe - Deleted
C:\WINDOWS\b147.exe - Deleted
C:\WINDOWS\system32\atmtd.dll - Deleted
C:\WINDOWS\system32\atmtd.dll._ - Deleted
C:\WINDOWS\system32\msnav32.ax - Deleted
C:\WINDOWS\system32\zxdnt3d.cfg - Deleted
C:\WINDOWS\wr.txt - Deleted


Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Network Monitor - Removed
Folder C:\Program Files\WinPop - Removed
Folder C:\Program Files\Words - Removed
Folder C:\Temp\fse - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\aeohhege.exe"="C:\\WINDOWS\\system32\\aeo"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\Grace joseph\Local Settings\Temp\xjkgbkbi.dll
C:\Program Files\Picasa2\setup.exe
C:\WINDOWS\system32\??pPatch\?serinit.exe
C:\i386\923B80A3FC.sys
C:\i386\KGyGaAvL.sys
C:\WINDOWS\system32\923B80A3FC.sys
C:\WINDOWS\system32\FCA3803B92.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Documents and Settings\ELITENE JOSEPH\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp
C:\Documents and Settings\ELITENE JOSEPH\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp
C:\Documents and Settings\ELITENE JOSEPH\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp
C:\Documents and Settings\ELITENE JOSEPH\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp
C:\Documents and Settings\ELITENE JOSEPH\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp
C:\Documents and Settings\Grace joseph\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp
C:\Documents and Settings\Grace joseph\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp
C:\Documents and Settings\Grace joseph\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp
C:\Documents and Settings\Grace joseph\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp
C:\Documents and Settings\mistilien joseph\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp
C:\Documents and Settings\mistilien joseph\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp
C:\Documents and Settings\mistilien joseph\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp
C:\Documents and Settings\mistilien joseph\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp
C:\WINDOWS\Fonts\frtm.tmp
C:\WINDOWS\system32\ccbeg.tmp

Finished!

Deckard's System Scanner v20070905.67
Run by ELITENE JOSEPH on 2007-07-23 07:28:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
21: 2007-07-23 12:29:12 UTC - RP321 - Deckard's System Scanner Restore Point
20: 2007-07-23 10:31:25 UTC - RP320 - Removed NetZeroInstallers
19: 2007-07-23 10:29:19 UTC - RP319 - Removed Get High Speed Internet!
18: 2007-07-23 10:27:36 UTC - RP318 - Removed Corel Photo Album 6
17: 2007-07-23 03:16:00 UTC - RP317 - System Checkpoint


-- First Restore Point --
1: 2007-07-11 15:56:38 UTC - RP301 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 79% (more than 75%).
Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis (run as ELITENE JOSEPH.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:30:41 AM, on 7/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\aeohhege.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\SystemDoctor\main.exe
C:\Program Files\USS\USS.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Documents and Settings\ELITENE JOSEPH\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ELITENE JOSEPH.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {2A698FD4-1317-48CE-6D22-4171C471C59B} - C:\WINDOWS\system32\gkcco.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {8657FE6C-01C8-42EB-AD31-1E3B5B0F39C5} - C:\WINDOWS\system32\gebcc.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [SystemDoctor] C:\Program Files\SystemDoctor\main.exe
O4 - HKLM\..\Run: [USS] "C:\Program Files\USS\USS.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\qkcfuskj.dll",sitypnow
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Lisf] "C:\Documents and Settings\ELITENE JOSEPH\Application Data\?asks\j?vaw.exe"
O4 - HKCU\..\Run: [DDC] C:\WINDOWS\system32\aeohhege.exe
O4 - HKCU\..\Run: [iifu] C:\PROGRA~1\COMMON~1\iifu\iifum.exe
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\SCURIT~1\rundll32.exe" -vt ndrv
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZJ
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Grace joseph\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\aeohhege.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 11454 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.1100>

S3 btwhid - c:\windows\system32\drivers\btwhid.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.1100>
S3 btwmodem (Bluetooth Modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.1100>
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 SDDMI2 - c:\windows\system32\ddmi2.sys <Not Verified; Gteko Ltd.; DDMI>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DomainService - c:\windows\system32\aeohhege.exe /service <Not Verified; ; DDC>
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-07-21 22:15:58 358 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-07-21 22:15:57 350 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2007-06-23 and 2007-07-23 -----------------------------

2007-09-07 08:46:06 0 d-------- C:\Program Files\Common Files\SupportSoft
2007-09-05 19:29:46 0 d-------- C:\Program Files\Insider
2007-09-05 19:29:36 0 d-------- C:\WINDOWS\?icrosoft
2007-09-05 19:29:36 0 d-------- C:\WINDOWS\RUxJVEVORSBKT1NFUEg
2007-09-05 19:29:36 0 d-------- C:\Documents and Settings\ELITENE JOSEPH\Application Data\WinTouch
2007-09-05 19:29:32 0 d-------- C:\Documents and Settings\Grace joseph\Application Data\WinTouch
2007-09-05 19:29:04 0 d-------- C:\WINDOWS\s?curity
2007-09-05 19:29:04 0 d-------- C:\WINDOWS\system32\X1
2007-09-05 19:29:04 0 d-------- C:\WINDOWS\system32\f02WtR
2007-09-05 19:29:04 0 d-------- C:\WINDOWS\system32\checkdll
2007-09-05 19:29:04 0 d-------- C:\WINDOWS\system32\B1
2007-09-05 19:29:04 0 d-------- C:\Documents and Settings\ELITENE JOSEPH\Application Data\?asks
2007-09-05 19:28:54 0 d-------- C:\Documents and Settings\mistilien joseph\Application Data\McAfee.com Personal Firewall
2007-09-05 19:28:54 0 d-------- C:\Documents and Settings\mistilien joseph\Application Data\Google
2007-09-05 19:28:52 0 dr------- C:\Documents and Settings\mistilien joseph\Start Menu
2007-09-05 19:28:52 0 dr-h----- C:\Documents and Settings\mistilien joseph\SendTo
2007-09-05 19:28:52 0 dr-h----- C:\Documents and Settings\mistilien joseph\Recent
2007-09-05 19:28:52 0 d--h----- C:\Documents and Settings\mistilien joseph\PrintHood
2007-09-05 19:28:52 0 d-------- C:\Documents and Settings\mistilien joseph\Desktop
2007-09-05 19:28:52 0 d-------- C:\Documents and Settings\mistilien joseph\Application Data\Symantec
2007-09-05 19:28:52 0 d-------- C:\Documents and Settings\mistilien joseph\Application Data\Sun
2007-09-05 19:28:52 0 d-------- C:\Documents and Settings\mistilien joseph\Application Data\Identities
2007-09-05 08:44:32 75328 --a------ C:\WINDOWS\system32\kwgpnmcl.exe <Not Verified; ; DDC>
2007-09-04 08:44:32 75328 --a------ C:\WINDOWS\system32\xcnafolo.exe <Not Verified; ; DDC>
2007-09-03 08:43:37 75328 --a------ C:\WINDOWS\system32\qndkknpt.exe <Not Verified; ; DDC>
2007-09-03 08:43:07 237588 --a------ C:\WINDOWS\system32\wpoleqxg.dll
2007-09-03 08:42:41 69652 --a------ C:\WINDOWS\system32\mbphtake.dll
2007-08-31 21:35:08 75328 --a------ C:\WINDOWS\system32\xheeifco.exe <Not Verified; ; DDC>
2007-08-31 15:30:19 75328 --a------ C:\WINDOWS\system32\wvmnwdqr.exe <Not Verified; ; DDC>
2007-08-31 08:46:13 75328 --a------ C:\WINDOWS\system32\phmbnpga.exe <Not Verified; ; DDC>
2007-08-30 20:08:22 75328 --a------ C:\WINDOWS\system32\oceqxtwu.exe <Not Verified; ; DDC>
2007-08-30 19:47:03 75328 --a------ C:\WINDOWS\system32\xofajgfv.exe <Not Verified; ; DDC>
2007-08-30 10:37:36 0 d-------- C:\Program Files\Common Files\iifu
2007-08-30 10:37:34 0 d-------- C:\WINDOWS\iifu
2007-08-30 09:31:24 75328 --a------ C:\WINDOWS\system32\luhqesqo.exe <Not Verified; ; DDC>
2007-08-28 16:21:53 75328 --a------ C:\WINDOWS\system32\aeohhege.exe <Not Verified; ; DDC>
2007-08-27 17:59:47 237588 --a------ C:\WINDOWS\system32\vjneqxbr.dll
2007-08-27 17:59:24 69652 --a------ C:\WINDOWS\system32\vwvehtbi.dll
2007-08-24 12:38:22 0 d-------- C:\Documents and Settings\LocalService\Application Data\COMCASTTOOLBAR
2007-08-24 12:30:30 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-08-20 21:54:54 69652 --a------ C:\WINDOWS\system32\ciip32.dll
2007-08-20 21:54:53 69652 --a------ C:\WINDOWS\system32\axehsctm.dll
2007-08-15 18:43:28 1978049 ---hs---- C:\WINDOWS\system32\ccbeg.bak2
2007-08-15 10:26:41 237588 --a------ C:\WINDOWS\system32\ynoavwyi.dll
2007-08-15 10:26:32 64788 --a------ C:\WINDOWS\system32\tncgtaek.dll
2007-08-14 16:18:11 2 --a------ C:\WINDOWS\system32\wnstsicomsv32.exe
2007-08-14 16:17:59 0 d-------- C:\Program Files\Outerinfo
2007-08-14 15:49:32 1686922 ---hs---- C:\WINDOWS\system32\ccbeg.bak1
2007-08-14 14:45:17 932 --a------ C:\WINDOWS\system32\winpfz32.sys
2007-08-14 14:44:02 0 d-------- C:\Temp
2007-08-11 11:30:58 0 d-------- C:\Documents and Settings\ELITENE JOSEPH\Application Data\SystemDoctor
2007-08-11 11:05:27 0 d-------- C:\Program Files\USS
2007-08-11 10:55:00 0 d-------- C:\Documents and Settings\Grace joseph\Application Data\SystemDoctor
2007-08-11 10:53:50 0 d-------- C:\Documents and Settings\All Users\Application Data\SystemDoctor
2007-08-11 10:52:13 0 d-------- C:\Program Files\SystemDoctor
2007-08-10 14:54:19 0 d-------- C:\Documents and Settings\mistilien joseph\Application Data\MySpace
2007-08-08 11:06:46 0 d-------- C:\Program Files\SpyShredder
2007-08-02 19:20:32 0 d-------- C:\Documents and Settings\Grace joseph\Application Data\MySpace
2007-08-01 13:47:10 0 d-------- C:\Documents and Settings\ELITENE JOSEPH\Application Data\MySpace
2007-07-31 14:07:36 0 d-------- C:\Documents and Settings\mistilien joseph\Application Data\SystemDoctor Free
2007-07-31 14:01:46 0 d-------- C:\Documents and Settings\mistilien joseph\Application Data\Macromedia
2007-07-31 13:50:26 0 d-------- C:\Documents and Settings\mistilien joseph\Application Data\COMCASTTOOLBAR
2007-07-31 13:48:58 0 d--h----- C:\Documents and Settings\mistilien joseph\Application Data\GTek
2007-07-31 13:48:52 0 d-------- C:\Documents and Settings\mistilien joseph\Application Data\SiteAdvisor
2007-07-31 13:47:32 0 d-------- C:\Documents and Settings\mistilien joseph\Application Data\PC Suite
2007-07-31 13:47:21 0 d-------- C:\Documents and Settings\mistilien joseph\Favorites
2007-07-31 13:47:21 0 d-------- C:\Documents and Settings\mistilien joseph\Cookies
2007-07-31 13:47:21 0 dr-h----- C:\Documents and Settings\mistilien joseph\Application Data
2007-07-31 13:47:21 0 d---s---- C:\Documents and Settings\mistilien joseph\Application Data\Microsoft
2007-07-31 13:47:20 0 d--h----- C:\Documents and Settings\mistilien joseph\Templates
2007-07-31 13:47:20 1048576 --ah----- C:\Documents and Settings\mistilien joseph\ntuser.dat
2007-07-31 13:47:20 0 d-------- C:\Documents and Settings\mistilien joseph\My Documents
2007-07-31 13:47:20 0 d--h----- C:\Documents and Settings\mistilien joseph\Local Settings
2007-07-23 06:01:25 0 d-------- C:\WINDOWS\ERUNT
2007-07-23 05:58:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-07-23 05:58:10 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-07-23 05:58:10 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-07-23 05:58:10 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-07-23 05:58:10 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-07-23 05:58:10 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-07-23 05:58:10 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-07-23 05:58:10 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-07-23 05:58:10 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-07-23 05:58:10 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-07-23 05:58:10 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-07-23 05:58:10 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-07-23 05:58:10 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-07-23 05:58:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-07-23 05:58:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-07-23 05:58:10 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-07-23 05:58:09 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-07-23 05:30:26 0 d-------- C:\Documents and Settings\ELITENE JOSEPH\Application Data\MSNInstaller
2007-07-23 05:08:38 0 d-------- C:\VundoFix Backups
2007-07-22 16:41:23 83008 --a------ C:\WINDOWS\system32\qkcfuskj.dll
2007-07-22 16:34:43 0 d-------- C:\WINDOWS\pss
2007-07-22 15:35:53 0 d-------- C:\Program Files\Trend Micro
2007-07-21 22:49:34 83008 --a------ C:\WINDOWS\system32\ibdapoiy.dll
2007-07-21 22:45:55 75328 --a------ C:\WINDOWS\system32\wqymgfbp.exe <Not Verified; ; DDC>
2007-07-21 22:21:56 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2007-07-21 22:14:46 0 d-------- C:\Program Files\McAfee.com
2007-07-21 22:13:15 0 d-------- C:\Program Files\Common Files\McAfee
2007-07-21 22:12:39 0 d-------- C:\Program Files\McAfee
2007-07-21 21:33:45 83008 --a------ C:\WINDOWS\system32\svhfkyvg.dll
2007-07-21 21:31:36 75328 --a------ C:\WINDOWS\system32\hexwnhep.exe <Not Verified; ; DDC>
2007-07-21 20:36:48 83008 --a------ C:\WINDOWS\system32\hsphtlsw.dll
2007-07-21 20:32:54 75328 --a------ C:\WINDOWS\system32\dcoqeywo.exe <Not Verified; ; DDC>
2007-07-21 20:31:18 0 d-------- C:\Program Files\Common Files\?icrosoft
2007-07-21 20:30:28 60928 --a------ C:\WINDOWS\system32\gkcco.dll
2007-07-21 20:29:46 246 --a------ C:\Program Files\Common Files\lavu
2007-07-17 20:46:50 1981776 ---hs---- C:\WINDOWS\system32\ccbeg.ini2
2007-07-17 11:48:03 75328 --a------ C:\WINDOWS\system32\hgurnnyc.exe <Not Verified; ; DDC>
2007-07-15 11:22:20 0 d-------- C:\WINDOWS\system32\??pPatch
2007-07-15 11:20:52 75328 --a------ C:\WINDOWS\system32\qtjmcqsw.exe <Not Verified; ; DDC>
2007-07-14 17:50:54 75328 --a------ C:\WINDOWS\system32\gjlddnkj.exe <Not Verified; ; DDC>
2007-07-14 15:45:44 237588 --a------ C:\WINDOWS\system32\cirjjwwu.dll
2007-07-14 15:45:24 69652 --a------ C:\WINDOWS\system32\jrkseowh.dll
2007-07-14 13:20:50 0 d-------- C:\Program Files\s?stem
2007-07-14 13:10:01 75328 --a------ C:\WINDOWS\system32\qeiimkva.exe <Not Verified; ; DDC>
2007-07-14 13:00:05 3932160 --a------ C:\Documents and Settings\ELITENE JOSEPH\ntuser.dat
2007-07-14 12:43:40 75328 --a------ C:\WINDOWS\system32\jxxxowgh.exe <Not Verified; ; DDC>
2007-07-12 13:34:27 0 d--hs---- C:\found.002
2007-07-06 03:13:14 0 d--hs---- C:\found.001
2007-07-05 17:12:29 0 d-------- C:\Program Files\Windows Media Connect 2
2007-07-05 17:09:56 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-02 23:40:18 0 d-------- C:\Documents and Settings\Grace joseph\Application Data\COMCASTTOOLBAR
2007-06-29 19:38:28 0 d-------- C:\Documents and Settings\ELITENE JOSEPH\Application Data\FunWebProducts
2007-06-29 09:46:47 0 d-------- C:\WINDOWS\network diagnostic


-- Find3M Report ---------------------------------------------------------------

2007-09-05 19:28:40 0 d-------- C:\Program Files\FunWebProducts
2007-09-05 19:25:41 0 d-------- C:\Program Files\SystemDoctor Free
2007-08-02 19:57:19 4184 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-02 19:57:14 88 -r-hs---- C:\WINDOWS\system32\923B80A3FC.sys
2007-07-28 04:06:22 135 --a------ C:\Program Files\Common Files\profsy.html
2007-07-23 05:44:03 0 d-------- C:\Program Files\Common Files
2007-07-23 05:35:57 0 d-------- C:\Program Files\Common Files\AOL
2007-07-23 05:31:06 0 d-------- C:\Program Files\NetZero
2007-07-23 05:28:13 0 d-------- C:\Program Files\Common Files\Corel
2007-07-22 15:22:04 0 d-------- C:\Program Files\Common Files\SystemDoctor
2007-07-21 21:38:03 0 d-------- C:\Program Files\Dell
2007-07-21 20:59:46 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-21 20:59:12 0 d-------- C:\Program Files\Google
2007-07-21 20:40:59 0 d-------- C:\Program Files\ComcastToolbar
2007-07-21 20:31:18 0 d-------- C:\Program Files\Common Files\?icrosoft
2007-07-17 12:05:10 0 d-------- C:\Program Files\SiteAdvisor
2007-07-15 13:19:22 0 d-------- C:\Documents and Settings\ELITENE JOSEPH\Application Data\?asks
2007-07-14 17:51:56 0 d-------- C:\Documents and Settings\ELITENE JOSEPH\Application Data\SiteAdvisor
2007-07-14 13:20:50 0 d-------- C:\Program Files\s?stem
2007-07-12 00:00:46 0 d-------- C:\Program Files\support.com
2007-07-11 11:27:49 249225 --a------ C:\Documents and Settings\ELITENE JOSEPH\Application Data\NMM-MetaData.db
2007-06-20 17:59:53 0 --a----c- C:\WINDOWS\system32\ISHARE
2007-06-15 14:19:40 0 d-------- C:\Documents and Settings\ELITENE JOSEPH\Application Data\Nokia Multimedia Player
2007-06-07 13:43:35 0 d-------- C:\Documents and Settings\ELITENE JOSEPH\Application Data\Nokia
2007-06-05 22:19:52 0 d-------- C:\Program Files\IOGEAR
2007-06-05 21:19:23 0 d-------- C:\Documents and Settings\ELITENE JOSEPH\Application Data\AdobeUM
2007-06-03 21:37:37 0 d-------- C:\Documents and Settings\ELITENE JOSEPH\Application Data\PC Suite
2007-06-03 20:36:12 0 d-------- C:\Program Files\DIFX
2007-06-03 20:24:38 0 d-------- C:\Program Files\Common Files\PCSuite
2007-06-03 20:22:34 0 d-------- C:\Program Files\Common Files\Nokia
2007-06-03 20:20:42 0 d-------- C:\Program Files\Nokia
2007-06-03 19:55:00 0 d-------- C:\Program Files\PC Connectivity Solution
2007-05-12 23:53:05 664 --a----c- C:\WINDOWS\system32\d3d9caps.dat
2007-05-11 21:05:53 3072 --a----c- C:\Documents and Settings\ELITENE JOSEPH\Application Data\dvd.bmk
2007-05-11 10:34:20 56 -r-hs--c- C:\WINDOWS\system32\FCA3803B92.sys
2007-05-11 10:04:47 61678 --a----c- C:\Documents and Settings\ELITENE JOSEPH\Application Data\PFP120JPR.{PB
2007-05-11 10:04:47 12358 --a----c- C:\Documents and Settings\ELITENE JOSEPH\Application Data\PFP120JCM.{PB
2007-05-08 15:03:04 1275392 --a------ C:\WINDOWS\system32\msxml4.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP 2>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A698FD4-1317-48CE-6D22-4171C471C59B}]
09/06/2007 08:47 AM 60928 --a------ C:\WINDOWS\system32\gkcco.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8657FE6C-01C8-42EB-AD31-1E3B5B0F39C5}]
C:\WINDOWS\system32\gebcc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 07:42 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/05/2005 07:22 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/05/2005 07:19 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [04/05/2005 07:23 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [10/05/2005 03:12 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 10:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 10:44 AM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 05:20 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07/05/2006 02:50 PM]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/08/2005 07:20 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/12/2005 12:12 AM]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [12/11/2006 07:36 PM]
"Salestart"="C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe" [02/27/2007 12:04 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [03/30/2007 10:42 AM]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [03/23/2007 01:20 PM]
"BearFlix"="C:\Program Files\BearFlix\BearFlix.exe" []
"SystemDoctor"="C:\Program Files\SystemDoctor\main.exe" [03/13/2007 06:11 PM]
"USS"="C:\Program Files\USS\USS.exe" [04/27/2007 03:56 PM]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" []
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"SearchIndexer"="C:\WINDOWS\system32\qkcfuskj.dll" [07/22/2007 04:41 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"NetZero_uoltray"="C:\Program Files\NetZero\exec.exe" [11/10/2005 07:57 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"Lisf"="C:\Documents and Settings\ELITENE JOSEPH\Application Data\?asks\j?vaw.exe" []
"DDC"="C:\WINDOWS\system32\aeohhege.exe" [08/28/2007 04:21 PM]
"iifu"="C:\PROGRA~1\COMMON~1\iifu\iifum.exe" []
"Sen"="C:\WINDOWS\SCURIT~1\rundll32.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe [4/12/2006 10:37:48 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [7/5/2006 2:46:35 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 12:23:26 AM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/12/2005 1:49:24 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ELITENE JOSEPH^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\ELITENE JOSEPH\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Teecumgo]
C:\WINDOWS\system32\??pPatch\?serinit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words]
C:\Program Files\Words\Words.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\MONITOR.EXE




-- End of Deckard's System Scanner: finished at 2007-07-23 07:32:50 ------------

Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) CPU 2.53GHz
Percentage of Memory in Use: 84%
Physical Memory (total/avail): 253.98 MiB / 38.86 MiB
Pagefile Memory (total/avail): 624.99 MiB / 226.2 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1968.09 MiB

C: is Fixed (NTFS) - 52.7 GiB total, 43.93 GiB free.
D: is Fixed (NTFS) - 18.61 GiB total, 18.54 GiB free.
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST380011A - 74.5 GiB - 4 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 52.7 GiB - C:
\PARTITION2 - Installable File System - 18.61 GiB - D:
\PARTITION3 - Unknown - 3.15 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\aeohhege.exe"="C:\\WINDOWS\\system32\\aeo"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\ELITENE JOSEPH\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DB8RH9B1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\ELITENE JOSEPH
LOGONSERVER=\\DB8RH9B1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ELITEN~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ELITEN~1\LOCALS~1\Temp
USERDOMAIN=DB8RH9B1
USERNAME=ELITENE JOSEPH
USERPROFILE=C:\Documents and Settings\ELITENE JOSEPH
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

ELITENE JOSEPH (admin)
Grace joseph (admin)
mistilien joseph (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
BearShare MediaBar --> regsvr32 /u /s "C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll"
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Desktop Doctor --> "C:\Program Files\Support.com\providerComcast\Uninstall.exe" /c "Remove Desktop Doctor?"
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Diner Dash --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6293BC00-4EB8-4C65-8548-53E2FC3BF937\Uninstall.exe"
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
FATE --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C2D8F0E2-6978-4409-8351-BA8785DA11EE\Uninstall.exe"
Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Extended Capabilities 5.3 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.A --> "C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
Intel(R) PROSet for Wired Connections --> MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
IOGEAR Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\6172\uninstall.exe
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Nokia Connectivity Cable Driver --> MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_eng_us_web[1].exe /LANG="1033"
Nokia PC Suite --> MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
OIN --> "C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe"
Outerinfo --> "C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe"
PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
SpyShredder --> C:\Program Files\SpyShredder\Uninstall.exe
SystemDoctor 1.1.137.6 --> "C:\Program Files\SystemDoctor\unins000.exe"
SystemDoctor Optimizer Plugin --> rundll32.exe C:\WINDOWS\Fonts\iiswave.dll,Uninstall
TargetSaver --> C:\WINDOWS\system32\tsuninst.exe /u
Tradewinds --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\3C48F877-A164-45E9-B9DA-26A049FFC207\Uninstall.exe"
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
USS_USSPlugin 2.0.5.0 --> "C:\Program Files\USS\{20CF7FD9-6C26-450b-BC5B-B4AD67438A26}\unins000.exe"
USS_USSPlugin 2.0.5.0 --> "C:\Program Files\USS\unins000.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinTouch --> C:\Documents and Settings\ELITENE JOSEPH\Application Data\WinTouch\WTUninstaller.exe
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}


-- Application Event Log -------------------------------------------------------

Event Record #/Type840 / Warning
Event Submitted/Written: 07/23/2007 07:22:27 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}', feature 'SoleFeature' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Event Record #/Type839 / Warning
Event Submitted/Written: 07/23/2007 07:22:27 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}', feature 'SoleFeature', component '{71264A65-7637-11D5-8B40-00105A9846E9}' failed. The resource 'C:\WINDOWS\Downloaded Program Files\dwusplay.dll' does not exist.

Event Record #/Type837 / Warning
Event Submitted/Written: 07/23/2007 07:22:26 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}', feature 'SoleFeature' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Event Record #/Type836 / Warning
Event Submitted/Written: 07/23/2007 07:22:26 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}', feature 'SoleFeature', component '{71264A65-7637-11D5-8B40-00105A9846E9}' failed. The resource 'C:\WINDOWS\Downloaded Program Files\dwusplay.dll' does not exist.

Event Record #/Type834 / Warning
Event Submitted/Written: 07/23/2007 07:22:22 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{AF19F291-F22F-4798-9662-525305AE9E48}', feature 'UpdateIS' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type204479 / Error
Event Submitted/Written: 07/23/2007 07:19:27 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.

Event Record #/Type204467 / Error
Event Submitted/Written: 07/23/2007 07:18:41 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.

Event Record #/Type204456 / Error
Even
lystell
Regular Member
 
Posts: 30
Joined: August 12th, 2007, 6:26 pm

Unread postby SNOWHITE » September 22nd, 2007, 11:18 pm

Hello lystell,

PLEASE READ THIS POST COMPLETELY, IT MAY MAKE IT EASIER FOR YOU IF YOU COPY AND PASTE THIS POST INTO A NEW TEXT DOCUMENT OR PRINT IT FOR REFERENCE LATER


Please follow the steps below exactly in the order they are written:

Step #1

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Use your up arrow key to highlight Safe Mode then hit Enter.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

OIN
Outerinfo
TargetSaver
SpyShredder
SystemDoctor 1.1.137.6
SystemDoctor Optimizer Plugin
WinTouch


WildTangent Web Driver - Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer system including

Operating System Version
CPU Type and Speed
Memory Amount
Video Card type and Driver Version
Sound Card type and Driver Version
DirectX Version
Location that the Web Driver was installed from
It is also a MAJOR resource hog.

Please note any other programs that you don't recognize in that list in your next response

Reboot in Normal Mode.

Step #2

1. Download combofix from one of these links:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

In your next post please include the following reports:
  • ComboFix report
  • New HijackThis log
Let me know how the things went.

Regards,
User avatar
SNOWHITE
Regular Member
 
Posts: 94
Joined: February 12th, 2007, 2:06 pm

Unread postby lystell » September 23rd, 2007, 8:14 am

here are the reports. he did not want wild tanget removed as his kids play games from there. I did explain it to him, and we discussed getting additional memory for this pc as he only has 256 and should have minimum of 512 if not full gig. Will see what he permits. I had most of the programs you listed already gone.

combofix
ComboFix 07-09-21.2 - "ELITENE JOSEPH" 2007-07-24 6:46:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.38 [GMT -5:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free\Data\ActivationCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free\Data\HOURS
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free\Data\ProductCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor\Data\ProductCode
C:\DOCUME~1\ELITEN~1\APPLIC~1\ASKS~1
C:\DOCUME~1\ELITEN~1\APPLIC~1\FunWebProducts
C:\DOCUME~1\ELITEN~1\APPLIC~1\FunWebProducts\Data\ELITENE JOSEPH\avatar.dat
C:\DOCUME~1\ELITEN~1\APPLIC~1\FunWebProducts\Data\ELITENE JOSEPH\register.dat
C:\DOCUME~1\ELITEN~1\APPLIC~1\FunWebProducts\Data\ELITENE JOSEPH\zbucks.dat
C:\DOCUME~1\ELITEN~1\APPLIC~1\SystemDoctor
C:\DOCUME~1\ELITEN~1\APPLIC~1\SystemDoctor Free
C:\DOCUME~1\ELITEN~1\APPLIC~1\SystemDoctor Free\Logs\update.log
C:\DOCUME~1\ELITEN~1\APPLIC~1\SystemDoctor\Logs\Activate.log
C:\DOCUME~1\ELITEN~1\APPLIC~1\SystemDoctor\Logs\update.log
C:\DOCUME~1\ELITEN~1\err.log
C:\DOCUME~1\ELITEN~1\ResErrors.log
C:\DOCUME~1\GRACEJ~1\APPLIC~1\FunWebProducts
C:\DOCUME~1\GRACEJ~1\APPLIC~1\FunWebProducts\Data\Grace joseph\avatar.dat
C:\DOCUME~1\GRACEJ~1\APPLIC~1\FunWebProducts\Data\Grace joseph\register.dat
C:\DOCUME~1\GRACEJ~1\APPLIC~1\SystemDoctor
C:\DOCUME~1\GRACEJ~1\APPLIC~1\SystemDoctor Free
C:\DOCUME~1\GRACEJ~1\APPLIC~1\SystemDoctor Free\Logs\update.log
C:\DOCUME~1\GRACEJ~1\APPLIC~1\SystemDoctor\Logs\Activate.log
C:\DOCUME~1\GRACEJ~1\APPLIC~1\SystemDoctor\Logs\update.log
C:\DOCUME~1\GRACEJ~1\APPLIC~1\WinTouch
C:\DOCUME~1\GRACEJ~1\APPLIC~1\WinTouch\wintouch.cfg
C:\DOCUME~1\GRACEJ~1\APPLIC~1\WinTouch\WTUninstaller.exe
C:\DOCUME~1\GRACEJ~1\err.log
C:\DOCUME~1\GRACEJ~1\ResErrors.log
C:\DOCUME~1\GRACEJ~1\STARTM~1\Programs\Startup\ta_start.lnk
C:\DOCUME~1\GRACEJ~1\STARTM~1\Programs\Startup\think-adz.lnk
C:\DOCUME~1\MISTIL~1\APPLIC~1\SystemDoctor Free
C:\DOCUME~1\MISTIL~1\APPLIC~1\SystemDoctor Free\Logs\update.log
C:\DOCUME~1\MISTIL~1\err.log
C:\DOCUME~1\MISTIL~1\ResErrors.log
C:\Program Files\Common Files\icroso~1
C:\Program Files\Common Files\SystemDoctor
C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe
C:\Program Files\Common Files\SystemDoctor\err.log
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\030F8CDE.urr
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\sstem~1
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\icroso~1
C:\WINDOWS\scurit~1
C:\WINDOWS\scurit~1\s?curity\
C:\WINDOWS\system32\B1
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\ppatch~1
C:\WINDOWS\system32\X1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent


((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
.

2007-09-07 08:46 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2007-09-05 19:29 <DIR> d-------- C:\WINDOWS\system32\checkdll
2007-09-05 19:29 <DIR> d-------- C:\WINDOWS\RUxJVEVORSBKT1NFUEg
2007-09-05 19:28 <DIR> d-------- C:\DOCUME~1\MISTIL~1\APPLIC~1\Symantec
2007-09-05 19:28 <DIR> d-------- C:\DOCUME~1\MISTIL~1\APPLIC~1\McAfee.com Personal Firewall
2007-09-05 19:28 <DIR> d-------- C:\DOCUME~1\MISTIL~1\APPLIC~1\Google
2007-09-03 08:43 237,588 --a------ C:\WINDOWS\system32\wpoleqxg.dll
2007-09-03 08:42 69,652 --a------ C:\WINDOWS\system32\mbphtake.dll
2007-08-30 10:37 <DIR> d-------- C:\WINDOWS\iifu
2007-08-30 10:37 <DIR> d-------- C:\Program Files\Common Files\iifu
2007-08-27 17:59 69,652 --a------ C:\WINDOWS\system32\vwvehtbi.dll
2007-08-27 17:59 237,588 --a------ C:\WINDOWS\system32\vjneqxbr.dll
2007-08-24 12:38 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\COMCASTTOOLBAR
2007-08-24 12:30 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-21 06:46 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-09-08 08:57 1686922 ---hs---- C:\WINDOWS\system32\ccbeg.bak1
2007-09-05 19:29 249 --ahs---- C:\WINDOWS\Fonts.\iiswave.inf
2007-09-05 19:28 --------- d--h----- C:\DOCUME~1\MISTIL~1\APPLIC~1\GTek
2007-09-05 19:28 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-09-05 19:28 --------- d-------- C:\DOCUME~1\MISTIL~1\APPLIC~1\PC Suite
2007-09-05 19:28 --------- d-------- C:\DOCUME~1\GRACEJ~1\APPLIC~1\COMCASTTOOLBAR
2007-09-05 19:26 --------- d-------- C:\DOCUME~1\MISTIL~1\APPLIC~1\COMCASTTOOLBAR
2007-09-05 19:25 --------- d-------- C:\Program Files\USS
2007-09-05 19:25 --------- d-------- C:\Program Files\SystemDoctor Free
2007-09-05 16:09 --------- d-------- C:\DOCUME~1\GRACEJ~1\APPLIC~1\SiteAdvisor
2007-08-31 15:21 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-08-20 21:54 69652 --a------ C:\WINDOWS\system32\axehsctm.dll
2007-08-15 10:26 237588 --a------ C:\WINDOWS\system32\ynoavwyi.dll
2007-08-10 14:54 --------- d-------- C:\DOCUME~1\MISTIL~1\APPLIC~1\MySpace
2007-08-02 19:57 4184 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-02 19:20 --------- d-------- C:\DOCUME~1\GRACEJ~1\APPLIC~1\MySpace
2007-08-01 13:47 --------- d-------- C:\DOCUME~1\ELITEN~1\APPLIC~1\MySpace
2007-07-31 13:48 --------- d-------- C:\DOCUME~1\MISTIL~1\APPLIC~1\SiteAdvisor
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-28 04:06 135 --a------ C:\Program Files\Common Files\profsy.html
2007-07-23 12:57 --------- d-------- C:\Program Files\SUPERAntiSpyware
2007-07-23 09:36 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-23 09:35 --------- d-------- C:\DOCUME~1\ELITEN~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-23 09:34 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-23 05:35 --------- d-------- C:\Program Files\Common Files\AOL
2007-07-23 05:35 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-07-23 05:31 --------- d-------- C:\Program Files\NetZero
2007-07-23 05:30 --------- d-------- C:\DOCUME~1\ELITEN~1\APPLIC~1\MSNInstaller
2007-07-23 05:28 --------- d-------- C:\Program Files\Common Files\Corel
2007-07-23 05:13 1981776 ---hs---- C:\WINDOWS\system32\ccbeg.ini2
2007-07-22 16:41 83008 --a------ C:\WINDOWS\system32\qkcfuskj.dll
2007-07-22 16:33 1978049 ---hs---- C:\WINDOWS\system32\ccbeg.bak2
2007-07-22 15:35 --------- d-------- C:\Program Files\Trend Micro
2007-07-21 22:52 246 --a------ C:\Program Files\Common Files\lavu
2007-07-21 22:49 83008 --a------ C:\WINDOWS\system32\ibdapoiy.dll
2007-07-21 22:28 --------- d-------- C:\Program Files\McAfee
2007-07-21 22:21 --------- d-------- C:\Program Files\Common Files\McAfee
2007-07-21 22:20 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-07-21 22:15 --------- d-------- C:\Program Files\McAfee.com
2007-07-21 21:38 --------- d-------- C:\Program Files\Dell
2007-07-21 21:33 83008 --a------ C:\WINDOWS\system32\svhfkyvg.dll
2007-07-21 20:59 --------- d-------- C:\Program Files\Google
2007-07-21 20:59 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-21 20:42 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-07-21 20:40 --------- d-------- C:\Program Files\ComcastToolbar
2007-07-21 20:36 83008 --a------ C:\WINDOWS\system32\hsphtlsw.dll
2007-07-21 20:12 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
2007-07-19 01:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-17 19:30 1144 --ahs---- C:\WINDOWS\Fonts.\frtm.tmp
2007-07-14 15:45 69652 --a------ C:\WINDOWS\system32\jrkseowh.dll
2007-07-14 15:45 69652 --a------ C:\WINDOWS\system32\ciip32.dll
2007-07-14 15:45 237588 --a------ C:\WINDOWS\system32\cirjjwwu.dll
2007-07-12 18:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 09:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 09:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 09:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 09:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 09:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 09:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 09:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 09:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 09:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 09:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 09:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 09:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 09:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 09:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 09:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 09:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 09:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 09:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 09:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 09:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 03:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 03:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 03:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 02:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 22:10 317440 --a------ C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 01:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2005-05-12 00:36 12288 --a--c--- C:\WINDOWS\Fonts\RandFont.dll
2007-05-11 15:34:20 56 -csh--r C:\WINDOWS\system32\FCA3803B92.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 19:22]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 19:19]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 19:23]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-03-30 10:42]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" []
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-09-26 19:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"Sen"="C:\WINDOWS\SCURIT~1\rundll32.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Bluetooth.lnk - C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe [2006-04-12 10:37:48]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-05 14:46:35]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearFlix]
"C:\Program Files\BearFlix\BearFlix.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iifu]
C:\PROGRA~1\COMMON~1\iifu\iifum.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lisf]
"C:\Documents and Settings\ELITENE JOSEPH\Application Data\?asks\j?vaw.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]
C:\Program Files\NetZero\exec.exe regrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
"C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
rundll32.exe "C:\WINDOWS\system32\qkcfuskj.dll",sitypnow

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USS]
"C:\Program Files\USS\USS.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words]
C:\Program Files\Words\Words.exe



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\MONITOR.EXE

.
Contents of the 'Scheduled Tasks' folder
"2007-07-22 03:15:58 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-07-22 03:15:57 C:\WINDOWS\Tasks\McQcTask.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-21 06:55:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-21 7:04:38 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-21 07:04
.
--- E O F ---

HJTLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:37 AM, on 9/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\SCURIT~1\rundll32.exe" -vt ndrv
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZJ
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Grace joseph\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 8796 bytes
lystell
Regular Member
 
Posts: 30
Joined: August 12th, 2007, 6:26 pm

Unread postby SNOWHITE » September 24th, 2007, 2:50 am

Hello lystell,

Please follow the steps below exactly in the order they are written:

Step #1

Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
File::
C:\WINDOWS\system32\hsphtlsw.dll
C:\WINDOWS\system32\jrkseowh.dll
C:\WINDOWS\system32\ccbeg.bak1
C:\Program Files\Common Files\profsy.html
C:\WINDOWS\system32\qkcfuskj.dll
C:\WINDOWS\system32\ibdapoiy.dll
C:\WINDOWS\system32\ccbeg.ini2
C:\WINDOWS\system32\ccbeg.bak2

Folder::
C:\WINDOWS\system32\checkdll
C:\WINDOWS\RUxJVEVORSBKT1NFUEg
C:\WINDOWS\iifu
C:\Program Files\Common Files\iifu
C:\Program Files\SystemDoctor Free
C:\Program Files\Words

Collect::[29]
C:\WINDOWS\system32\cirjjwwu.dll
C:\WINDOWS\system32\wpoleqxg.dll
C:\WINDOWS\system32\mbphtake.dll
C:\WINDOWS\system32\vwvehtbi.dll
C:\WINDOWS\system32\vjneqxbr.dll
C:\WINDOWS\system32\axehsctm.dll 
C:\WINDOWS\system32\ynoavwyi.dll
C:\WINDOWS\Fonts.\iiswave.inf
C:\WINDOWS\system32\svhfkyvg.dll
C:\WINDOWS\system32\ciip32.dll

DirLook::
C:\WINDOWS\Fonts.

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iifu]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lisf]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]  
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words]



Save this as "CFScript"


Image

Refering to the picture above, drag CFScript into ComboFix.exe

This will start ComboFix again.

Additonally, ComboFix will generate the following files on your desktop
  • A zipped file on your desktop called Submit [Date Time].zip
  • And another file named - CF-Submit.htm
ComboFix may need to reboot to finish its work. Let it.

When CF has finished running, it will generate the ComboFix.log which will appear on your screen.

If CF-Submit.htm is detected, ComboFix will generate this message box:

Image

Clicking OK will cause the machine's browser to load CF-Submit.htm

Image

Click the "Browse" button and locate the Submit [Date Time].zip file on your desktop.
  • Click on the file to Select it.
  • Submit the file by clicking "OK"
Once the file has been submitted, please DELETE both files on your desktop.

Post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log (run after ComboFix has finished its work.)


Regards,
User avatar
SNOWHITE
Regular Member
 
Posts: 94
Joined: February 12th, 2007, 2:06 pm

Unread postby lystell » September 24th, 2007, 11:21 am

Hi Snowwhite,

When I rebooted after combofix I got this message from Mcaffee.
A new network has been detected. Trusting this network allows traffic from any other computer on this network.

Trust this network only if you trust the other computers connected to this same network and you are certain it is safe, otherwise do not trust this network at this time.

Details
Gateway: 192.168.1.1
Mask: 255.255.255.0
MAC Address: 00-0F-66-59-C2-73
I did not trust this network. Not sure if this should have came up or not.

For some reason combofix gave me two zipped files all the same name except one had 9:50 at the end and the other 10:00. I sent both as I was not sure if the other was needed or just a ghost.

Here are the new logs.

ComboFix 07-09-21.2 - "ELITENE JOSEPH" 2007-09-22 9:50:46.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.58 [GMT -5:00]
* Created a new restore point

FILE::
C:\WINDOWS\system32\hsphtlsw.dll
C:\WINDOWS\system32\jrkseowh.dll
C:\WINDOWS\system32\ccbeg.bak1
C:\Program Files\Common Files\profsy.html
C:\WINDOWS\system32\qkcfuskj.dll
C:\WINDOWS\system32\ibdapoiy.dll
C:\WINDOWS\system32\ccbeg.ini2
C:\WINDOWS\system32\ccbeg.bak2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\iifu
C:\Program Files\Common Files\iifu\iifua.lck
C:\Program Files\Common Files\iifu\iifud\class-barrel
C:\Program Files\Common Files\iifu\iifud\vocabulary
C:\Program Files\Common Files\iifu\iifuh
C:\Program Files\Common Files\iifu\iiful.lck
C:\Program Files\Common Files\iifu\iifum.lck
C:\Program Files\Common Files\profsy.html
C:\Program Files\SystemDoctor Free
C:\Program Files\SystemDoctor Free\lock.dat
C:\Program Files\SystemDoctor Free\mfc71.dll
C:\Program Files\SystemDoctor Free\msvcp71.dll
C:\Program Files\SystemDoctor Free\msvcr71.dll
C:\Program Files\SystemDoctor Free\sdmain.exe
C:\WINDOWS\Fonts.\iiswave.inf
C:\WINDOWS\iifu
C:\WINDOWS\iifu\iifu.dat
C:\WINDOWS\iifu\wu
C:\WINDOWS\RUxJVEVORSBKT1NFUEg
C:\WINDOWS\system32\axehsctm.dll
C:\WINDOWS\system32\ccbeg.bak1
C:\WINDOWS\system32\ccbeg.bak2
C:\WINDOWS\system32\ccbeg.ini2
C:\WINDOWS\system32\checkdll
C:\WINDOWS\system32\ciip32.dll
C:\WINDOWS\system32\cirjjwwu.dll
C:\WINDOWS\system32\hsphtlsw.dll
C:\WINDOWS\system32\ibdapoiy.dll
C:\WINDOWS\system32\jrkseowh.dll
C:\WINDOWS\system32\mbphtake.dll
C:\WINDOWS\system32\qkcfuskj.dll
C:\WINDOWS\system32\svhfkyvg.dll
C:\WINDOWS\system32\vjneqxbr.dll
C:\WINDOWS\system32\vwvehtbi.dll
C:\WINDOWS\system32\wpoleqxg.dll
C:\WINDOWS\system32\ynoavwyi.dll

.
((((((((((((((((((((((((( Files Created from 2007-08-22 to 2007-09-22 )))))))))))))))))))))))))))))))
.

2007-09-07 08:46 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2007-09-05 19:28 <DIR> d-------- C:\DOCUME~1\MISTIL~1\APPLIC~1\Symantec
2007-09-05 19:28 <DIR> d-------- C:\DOCUME~1\MISTIL~1\APPLIC~1\McAfee.com Personal Firewall
2007-09-05 19:28 <DIR> d-------- C:\DOCUME~1\MISTIL~1\APPLIC~1\Google
2007-08-24 12:38 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\COMCASTTOOLBAR
2007-08-24 12:30 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-22 09:43 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-09-05 19:28 --------- d--h----- C:\DOCUME~1\MISTIL~1\APPLIC~1\GTek
2007-09-05 19:28 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-09-05 19:28 --------- d-------- C:\DOCUME~1\MISTIL~1\APPLIC~1\PC Suite
2007-09-05 19:28 --------- d-------- C:\DOCUME~1\GRACEJ~1\APPLIC~1\COMCASTTOOLBAR
2007-09-05 19:26 --------- d-------- C:\DOCUME~1\MISTIL~1\APPLIC~1\COMCASTTOOLBAR
2007-09-05 19:25 --------- d-------- C:\Program Files\USS
2007-09-05 16:09 --------- d-------- C:\DOCUME~1\GRACEJ~1\APPLIC~1\SiteAdvisor
2007-08-31 15:21 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-08-10 14:54 --------- d-------- C:\DOCUME~1\MISTIL~1\APPLIC~1\MySpace
2007-08-02 19:57 4184 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-02 19:20 --------- d-------- C:\DOCUME~1\GRACEJ~1\APPLIC~1\MySpace
2007-08-01 13:47 --------- d-------- C:\DOCUME~1\ELITEN~1\APPLIC~1\MySpace
2007-07-31 13:48 --------- d-------- C:\DOCUME~1\MISTIL~1\APPLIC~1\SiteAdvisor
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-23 12:57 --------- d-------- C:\Program Files\SUPERAntiSpyware
2007-07-23 09:36 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-23 09:35 --------- d-------- C:\DOCUME~1\ELITEN~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-23 09:34 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-23 05:35 --------- d-------- C:\Program Files\Common Files\AOL
2007-07-23 05:35 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-07-23 05:31 --------- d-------- C:\Program Files\NetZero
2007-07-23 05:30 --------- d-------- C:\DOCUME~1\ELITEN~1\APPLIC~1\MSNInstaller
2007-07-23 05:28 --------- d-------- C:\Program Files\Common Files\Corel
2007-07-22 15:35 --------- d-------- C:\Program Files\Trend Micro
2007-07-21 22:52 246 --a------ C:\Program Files\Common Files\lavu
2007-07-21 22:28 --------- d-------- C:\Program Files\McAfee
2007-07-21 22:21 --------- d-------- C:\Program Files\Common Files\McAfee
2007-07-21 22:20 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-07-21 22:15 --------- d-------- C:\Program Files\McAfee.com
2007-07-21 21:38 --------- d-------- C:\Program Files\Dell
2007-07-21 20:59 --------- d-------- C:\Program Files\Google
2007-07-21 20:59 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-21 20:42 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-07-21 20:40 --------- d-------- C:\Program Files\ComcastToolbar
2007-07-21 20:12 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
2007-07-19 01:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-17 19:30 1144 --ahs---- C:\WINDOWS\Fonts.\frtm.tmp
2007-07-12 18:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 09:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 09:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 09:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 09:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 09:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 09:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 09:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 09:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 09:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 09:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 09:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 09:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 09:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 09:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 09:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 09:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 09:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 09:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 09:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 09:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 03:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 03:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 03:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 02:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 22:10 317440 --a------ C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 01:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2005-05-12 00:36 12288 --a--c--- C:\WINDOWS\Fonts\RandFont.dll
2007-05-11 15:34:20 56 -csh--r C:\WINDOWS\system32\FCA3803B92.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))


---- Directory of C:\WINDOWS\Fonts. ----

2007-09-05 19:29 249 --ahs---- C:\WINDOWS\Fonts.\iiswave.inf
2007-07-17 19:30 1144 --ahs---- C:\WINDOWS\Fonts.\frtm.tmp
2005-05-12 00:36 12288 --a--c--- C:\WINDOWS\Fonts.\RandFont.dll
2004-12-09 15:54 57748 -ra------ C:\WINDOWS\Fonts.\STONSSBB.TTF
2004-12-09 15:54 56876 -ra------ C:\WINDOWS\Fonts.\STONSSBA.TTF
2004-12-09 15:54 49644 -ra------ C:\WINDOWS\Fonts.\STONSSBC.TTF
2004-12-09 15:54 47880 -ra------ C:\WINDOWS\Fonts.\FRUTSI_B.TTF
2004-12-09 15:54 47636 -ra------ C:\WINDOWS\Fonts.\FRUTSR_B.TTF
2004-12-09 15:54 47352 -ra------ C:\WINDOWS\Fonts.\FRUTSB_B.TTF
2004-12-09 15:54 47216 -ra------ C:\WINDOWS\Fonts.\FRUTSI_A.TTF
2004-12-09 15:54 47100 -ra------ C:\WINDOWS\Fonts.\FRUTSR_A.TTF
2004-12-09 15:54 46752 -ra------ C:\WINDOWS\Fonts.\FRUTSB_A.TTF
2004-12-09 15:54 41028 -ra------ C:\WINDOWS\Fonts.\FRUTSI_C.TTF
2004-12-09 15:54 41016 -ra------ C:\WINDOWS\Fonts.\FRUTSR_C.TTF
2004-12-09 15:54 40880 -ra------ C:\WINDOWS\Fonts.\FRUTSB_C.TTF
2004-08-10 13:03 67 --ahs---- C:\WINDOWS\Fonts.\desktop.ini
2004-08-04 05:00 9856 --ah-c--- C:\WINDOWS\Fonts.\8514sysg.fon
2004-08-04 05:00 98256 --ah-c--- C:\WINDOWS\Fonts.\sseriffr.fon
2004-08-04 05:00 9792 --ah-c--- C:\WINDOWS\Fonts.\8514syst.fon
2004-08-04 05:00 9504 --ah-c--- C:\WINDOWS\Fonts.\8514syse.fon
2004-08-04 05:00 9472 --ah-c--- C:\WINDOWS\Fonts.\85s1257.fon
2004-08-04 05:00 9280 --ah-c--- C:\WINDOWS\Fonts.\8514sys.fon
2004-08-04 05:00 9248 --ah-c--- C:\WINDOWS\Fonts.\ega40869.fon
2004-08-04 05:00 9248 --ah-c--- C:\WINDOWS\Fonts.\ega40737.fon
2004-08-04 05:00 9232 --ah-c--- C:\WINDOWS\Fonts.\ega40866.fon
2004-08-04 05:00 92032 --ah-c--- C:\WINDOWS\Fonts.\sseriffe.fon
2004-08-04 05:00 90736 --ah-c--- C:\WINDOWS\Fonts.\seriffr.fon
2004-08-04 05:00 90336 --ah-c--- C:\WINDOWS\Fonts.\ssef1257.fon
2004-08-04 05:00 90288 --ah-c--- C:\WINDOWS\Fonts.\sseriffg.fon
2004-08-04 05:00 89856 --ah-c--- C:\WINDOWS\Fonts.\sseriff.fon
2004-08-04 05:00 89456 --ah-c--- C:\WINDOWS\Fonts.\sserifft.fon
2004-08-04 05:00 8704 --ah-c--- C:\WINDOWS\Fonts.\ega40857.fon
2004-08-04 05:00 8704 --a------ C:\WINDOWS\Fonts.\modern.fon
2004-08-04 05:00 86256 --ah-c--- C:\WINDOWS\Fonts.\seriffg.fon
2004-08-04 05:00 85360 --ah-c--- C:\WINDOWS\Fonts.\seriffe.fon
2004-08-04 05:00 84848 --ah-c--- C:\WINDOWS\Fonts.\serifft.fon
2004-08-04 05:00 84080 --ah-c--- C:\WINDOWS\Fonts.\serf1257.fon
2004-08-04 05:00 8384 --ah-c--- C:\WINDOWS\Fonts.\ega40850.fon
2004-08-04 05:00 8368 --ah-c--- C:\WINDOWS\Fonts.\ega40852.fon
2004-08-04 05:00 8368 --ah----- C:\WINDOWS\Fonts.\ega40woa.fon
2004-08-04 05:00 81728 --ah-c--- C:\WINDOWS\Fonts.\seriff.fon
2004-08-04 05:00 81000 --a------ C:\WINDOWS\Fonts.\wingding.ttf
2004-08-04 05:00 79744 --a------ C:\WINDOWS\Fonts.\estre.ttf
2004-08-04 05:00 73292 --a------ C:\WINDOWS\Fonts.\latha.ttf
2004-08-04 05:00 7280 --ah----- C:\WINDOWS\Fonts.\vgasys.fon
2004-08-04 05:00 7232 --ah-c--- C:\WINDOWS\Fonts.\cga40866.fon
2004-08-04 05:00 7216 --ah-c--- C:\WINDOWS\Fonts.\cga40869.fon
2004-08-04 05:00 7216 --ah-c--- C:\WINDOWS\Fonts.\cga40737.fon
2004-08-04 05:00 7008 --ah-c--- C:\WINDOWS\Fonts.\vgasysg.fon
2004-08-04 05:00 69464 --a------ C:\WINDOWS\Fonts.\symbol.ttf
2004-08-04 05:00 6912 --ah-c--- C:\WINDOWS\Fonts.\vgasyst.fon
2004-08-04 05:00 6912 --ah-c--- C:\WINDOWS\Fonts.\vgasysr.fon
2004-08-04 05:00 68848 --ah-c--- C:\WINDOWS\Fonts.\sserifer.fon
2004-08-04 05:00 6672 --ah-c--- C:\WINDOWS\Fonts.\cga40857.fon
2004-08-04 05:00 6672 --ah-c--- C:\WINDOWS\Fonts.\cga40852.fon
2004-08-04 05:00 6656 --ah-c--- C:\WINDOWS\Fonts.\vgas1257.fon
2004-08-04 05:00 66464 --ah-c--- C:\WINDOWS\Fonts.\sserifee.fon
2004-08-04 05:00 6608 --ah-c--- C:\WINDOWS\Fonts.\vgasyse.fon
2004-08-04 05:00 65456 --ah-c--- C:\WINDOWS\Fonts.\ssee1257.fon
2004-08-04 05:00 65328 --ah-c--- C:\WINDOWS\Fonts.\sserifeg.fon
2004-08-04 05:00 64656 --ah----- C:\WINDOWS\Fonts.\sserife.fon
2004-08-04 05:00 64400 --ah-c--- C:\WINDOWS\Fonts.\sserifet.fon
2004-08-04 05:00 6352 --ah-c--- C:\WINDOWS\Fonts.\cga40850.fon
2004-08-04 05:00 6336 --ah----- C:\WINDOWS\Fonts.\cga40woa.fon
2004-08-04 05:00 63296 --ah-c--- C:\WINDOWS\Fonts.\serifer.fon
2004-08-04 05:00 6192 --ah-c--- C:\WINDOWS\Fonts.\ega80869.fon
2004-08-04 05:00 6192 --ah-c--- C:\WINDOWS\Fonts.\ega80737.fon
2004-08-04 05:00 6160 --ah-c--- C:\WINDOWS\Fonts.\vga852.fon
2004-08-04 05:00 6128 --ah-c--- C:\WINDOWS\Fonts.\vga866.fon
2004-08-04 05:00 6112 --ah-c--- C:\WINDOWS\Fonts.\vgafixt.fon
2004-08-04 05:00 6112 --ah-c--- C:\WINDOWS\Fonts.\vgafixg.fon
2004-08-04 05:00 61024 --ah-c--- C:\WINDOWS\Fonts.\serifet.fon
2004-08-04 05:00 60752 --ah-c--- C:\WINDOWS\Fonts.\serifeg.fon
2004-08-04 05:00 59952 --ah-c--- C:\WINDOWS\Fonts.\serifee.fon
2004-08-04 05:00 59024 --ah-c--- C:\WINDOWS\Fonts.\sere1257.fon
2004-08-04 05:00 57936 --ah----- C:\WINDOWS\Fonts.\serife.fon
2004-08-04 05:00 57348 --a------ C:\WINDOWS\Fonts.\raavi.ttf
2004-08-04 05:00 5648 --ah-c--- C:\WINDOWS\Fonts.\ega80857.fon
2004-08-04 05:00 56336 --ah----- C:\WINDOWS\Fonts.\symbole.fon
2004-08-04 05:00 5600 --ah-c--- C:\WINDOWS\Fonts.\vgafixr.fon
2004-08-04 05:00 5552 --ah-c--- C:\WINDOWS\Fonts.\vga857.fon
2004-08-04 05:00 5376 --ah-c--- C:\WINDOWS\Fonts.\vgafixe.fon
2004-08-04 05:00 5376 --ah-c--- C:\WINDOWS\Fonts.\vgaf1257.fon
2004-08-04 05:00 5360 --ah----- C:\WINDOWS\Fonts.\vgafix.fon
2004-08-04 05:00 5344 --ah-c--- C:\WINDOWS\Fonts.\ega80852.fon
2004-08-04 05:00 5328 --ah-c--- C:\WINDOWS\Fonts.\ega80850.fon
2004-08-04 05:00 5312 --ah----- C:\WINDOWS\Fonts.\ega80woa.fon
2004-08-04 05:00 5280 --ah-c--- C:\WINDOWS\Fonts.\ega80866.fon
2004-08-04 05:00 5232 --ah-c--- C:\WINDOWS\Fonts.\vga850.fon
2004-08-04 05:00 5200 --ah-c--- C:\WINDOWS\Fonts.\vga863.fon
2004-08-04 05:00 5200 --ah-c--- C:\WINDOWS\Fonts.\cga80852.fon
2004-08-04 05:00 5184 --ah-c--- C:\WINDOWS\Fonts.\vga869.fon
2004-08-04 05:00 5184 --ah-c--- C:\WINDOWS\Fonts.\vga865.fon
2004-08-04 05:00 5184 --ah-c--- C:\WINDOWS\Fonts.\vga860.fon
2004-08-04 05:00 5168 --ah-c--- C:\WINDOWS\Fonts.\vga775.fon
2004-08-04 05:00 5168 --ah-c--- C:\WINDOWS\Fonts.\vga737.fon
2004-08-04 05:00 5168 --ah-c--- C:\WINDOWS\Fonts.\cga80869.fon
2004-08-04 05:00 5168 --ah-c--- C:\WINDOWS\Fonts.\cga80866.fon
2004-08-04 05:00 5168 --ah-c--- C:\WINDOWS\Fonts.\cga80737.fon
2004-08-04 05:00 5168 --ah----- C:\WINDOWS\Fonts.\vgaoem.fon
2004-08-04 05:00 5120 --ah-c--- C:\WINDOWS\Fonts.\vga855.fon
2004-08-04 05:00 489884 --a------ C:\WINDOWS\Fonts.\pala.ttf
2004-08-04 05:00 4640 --ah-c--- C:\WINDOWS\Fonts.\cga80857.fon
2004-08-04 05:00 460728 --a------ C:\WINDOWS\Fonts.\micross.ttf
2004-08-04 05:00 434004 --a------ C:\WINDOWS\Fonts.\palab.ttf
2004-08-04 05:00 4320 --ah-c--- C:\WINDOWS\Fonts.\cga80850.fon
2004-08-04 05:00 430800 --a------ C:\WINDOWS\Fonts.\palai.ttf
2004-08-04 05:00 4304 --ah----- C:\WINDOWS\Fonts.\cga80woa.fon
2004-08-04 05:00 409280 --a------ C:\WINDOWS\Fonts.\times.ttf
2004-08-04 05:00 40500 --a------ C:\WINDOWS\Fonts.\mvboli.ttf
2004-08-04 05:00 398372 --a------ C:\WINDOWS\Fonts.\timesbd.ttf
2004-08-04 05:00 383140 --a------ C:\WINDOWS\Fonts.\tahoma.ttf
2004-08-04 05:00 37472 --ah-c--- C:\WINDOWS\Fonts.\app866.fon
2004-08-04 05:00 37296 --ah-c--- C:\WINDOWS\Fonts.\app855.fon
2004-08-04 05:00 367112 --a------ C:\WINDOWS\Fonts.\arial.ttf
2004-08-04 05:00 36672 --ah-c--- C:\WINDOWS\Fonts.\app857.fon
2004-08-04 05:00 36672 --ah-c--- C:\WINDOWS\Fonts.\app850.fon
2004-08-04 05:00 36656 --ah-c--- C:\WINDOWS\Fonts.\app852.fon
2004-08-04 05:00 36656 --ah----- C:\WINDOWS\Fonts.\dosapp.fon
2004-08-04 05:00 36336 --ah-c--- C:\WINDOWS\Fonts.\dos737.fon
2004-08-04 05:00 35808 --ah-c--- C:\WINDOWS\Fonts.\app775.fon
2004-08-04 05:00 355436 --a------ C:\WINDOWS\Fonts.\tahomabd.ttf
2004-08-04 05:00 352224 --a------ C:\WINDOWS\Fonts.\arialbd.ttf
2004-08-04 05:00 344288 --a------ C:\WINDOWS\Fonts.\palabi.ttf
2004-08-04 05:00 33360 --ah-c--- C:\WINDOWS\Fonts.\courft.fon
2004-08-04 05:00 33344 --ah-c--- C:\WINDOWS\Fonts.\courfg.fon
2004-08-04 05:00 323980 --a------ C:\WINDOWS\Fonts.\l_10646.ttf
2004-08-04 05:00 31808 --ah-c--- C:\WINDOWS\Fonts.\courfr.fon
2004-08-04 05:00 31776 --ah-c--- C:\WINDOWS\Fonts.\courfe.fon
2004-08-04 05:00 31760 --ah-c--- C:\WINDOWS\Fonts.\couf1257.fon
2004-08-04 05:00 31712 --ah-c--- C:\WINDOWS\Fonts.\courf.fon
2004-08-04 05:00 312920 --a------ C:\WINDOWS\Fonts.\courbd.ttf
2004-08-04 05:00 303296 --a------ C:\WINDOWS\Fonts.\cour.ttf
2004-08-04 05:00 29200 --ah-c--- C:\WINDOWS\Fonts.\smallet.fon
2004-08-04 05:00 28912 --ah-c--- C:\WINDOWS\Fonts.\smalleg.fon
2004-08-04 05:00 26112 --ah----- C:\WINDOWS\Fonts.\smalle.fon
2004-08-04 05:00 252820 --a------ C:\WINDOWS\Fonts.\vrinda.ttf
2004-08-04 05:00 25024 --ah-c--- C:\WINDOWS\Fonts.\couret.fon
2004-08-04 05:00 25024 --ah-c--- C:\WINDOWS\Fonts.\coureg.fon
2004-08-04 05:00 248368 --a------ C:\WINDOWS\Fonts.\timesi.ttf
2004-08-04 05:00 24832 --ah-c--- C:\WINDOWS\Fonts.\smaller.fon
2004-08-04 05:00 24784 --ah-c--- C:\WINDOWS\Fonts.\smallee.fon
2004-08-04 05:00 24672 --ah-c--- C:\WINDOWS\Fonts.\smae1257.fon
2004-08-04 05:00 245032 --a------ C:\WINDOWS\Fonts.\couri.ttf
2004-08-04 05:00 24124 --ah----- C:\WINDOWS\Fonts.\marlett.ttf
2004-08-04 05:00 239692 --a------ C:\WINDOWS\Fonts.\timesbi.ttf
2004-08-04 05:00 236148 --a------ C:\WINDOWS\Fonts.\courbi.ttf
2004-08-04 05:00 23440 --ah-c--- C:\WINDOWS\Fonts.\courer.fon
2004-08-04 05:00 23440 --ah-c--- C:\WINDOWS\Fonts.\couree.fon
2004-08-04 05:00 23440 --ah-c--- C:\WINDOWS\Fonts.\coue1257.fon
2004-08-04 05:00 234280 --a------ C:\WINDOWS\Fonts.\shruti.ttf
2004-08-04 05:00 23408 --ah----- C:\WINDOWS\Fonts.\coure.fon
2004-08-04 05:00 23120 --ah-c--- C:\WINDOWS\Fonts.\smallfg.fon
2004-08-04 05:00 23008 --ah-c--- C:\WINDOWS\Fonts.\smallft.fon
2004-08-04 05:00 226748 --a------ C:\WINDOWS\Fonts.\arialbi.ttf
2004-08-04 05:00 221676 --a------ C:\WINDOWS\Fonts.\sylfaen.ttf
2004-08-04 05:00 21504 --ah-c--- C:\WINDOWS\Fonts.\smallf.fon
2004-08-04 05:00 214936 --a------ C:\WINDOWS\Fonts.\gautami.ttf
2004-08-04 05:00 207808 --a------ C:\WINDOWS\Fonts.\ariali.ttf
2004-08-04 05:00 19904 --ah-c--- C:\WINDOWS\Fonts.\smaf1257.fon
2004-08-04 05:00 19760 --ah-c--- C:\WINDOWS\Fonts.\smallfr.fon
2004-08-04 05:00 19600 --ah-c--- C:\WINDOWS\Fonts.\smallfe.fon
2004-08-04 05:00 18880 --a------ C:\WINDOWS\Fonts.\wst_swed.fon
2004-08-04 05:00 18880 --a------ C:\WINDOWS\Fonts.\wst_span.fon
2004-08-04 05:00 18880 --a------ C:\WINDOWS\Fonts.\wst_ital.fon
2004-08-04 05:00 18880 --a------ C:\WINDOWS\Fonts.\wst_germ.fon
2004-08-04 05:00 18880 --a------ C:\WINDOWS\Fonts.\wst_fren.fon
2004-08-04 05:00 18880 --a------ C:\WINDOWS\Fonts.\wst_engl.fon
2004-08-04 05:00 18880 --a------ C:\WINDOWS\Fonts.\wst_czec.fon
2004-08-04 05:00 171792 --a------ C:\WINDOWS\Fonts.\verdana.ttf
2004-08-04 05:00 159736 --a------ C:\WINDOWS\Fonts.\georgiaz.ttf
2004-08-04 05:00 157388 --a------ C:\WINDOWS\Fonts.\georgiai.ttf
2004-08-04 05:00 155076 --a------ C:\WINDOWS\Fonts.\verdanai.ttf
2004-08-04 05:00 155068 --a------ C:\WINDOWS\Fonts.\georgia.ttf
2004-08-04 05:00 154800 --a------ C:\WINDOWS\Fonts.\verdanaz.ttf
2004-08-04 05:00 152844 --a------ C:\WINDOWS\Fonts.\framdit.ttf
2004-08-04 05:00 148636 --a------ C:\WINDOWS\Fonts.\tunga.ttf
2004-08-04 05:00 143864 --a------ C:\WINDOWS\Fonts.\mangal.ttf
2004-08-04 05:00 141032 --a------ C:\WINDOWS\Fonts.\georgiab.ttf
2004-08-04 05:00 139288 --a------ C:\WINDOWS\Fonts.\trebucit.ttf
2004-08-04 05:00 137616 --a------ C:\WINDOWS\Fonts.\verdanab.ttf
2004-08-04 05:00 136076 --a------ C:\WINDOWS\Fonts.\impact.ttf
2004-08-04 05:00 135984 --a------ C:\WINDOWS\Fonts.\framd.ttf
2004-08-04 05:00 134108 --a------ C:\WINDOWS\Fonts.\trebuc.ttf
2004-08-04 05:00 13312 --a------ C:\WINDOWS\Fonts.\roman.fon
2004-08-04 05:00 13248 --ah-c--- C:\WINDOWS\Fonts.\8514oeme.fon
2004-08-04 05:00 13200 --ah-c--- C:\WINDOWS\Fonts.\8514oemr.fon
2004-08-04 05:00 131188 --a------ C:\WINDOWS\Fonts.\trebucbi.ttf
2004-08-04 05:00 12800 --ah-c--- C:\WINDOWS\Fonts.\8514oemg.fon
2004-08-04 05:00 127596 --a------ C:\WINDOWS\Fonts.\comic.ttf
2004-08-04 05:00 12720 --ah-c--- C:\WINDOWS\Fonts.\8514oemt.fon
2004-08-04 05:00 123096 --a------ C:\WINDOWS\Fonts.\trebucbd.ttf
2004-08-04 05:00 12304 --ah-c--- C:\WINDOWS\Fonts.\85775.fon
2004-08-04 05:00 12288 --ah-c--- C:\WINDOWS\Fonts.\8514oem.fon
2004-08-04 05:00 12288 --a------ C:\WINDOWS\Fonts.\script.fon
2004-08-04 05:00 12256 --ah-c--- C:\WINDOWS\Fonts.\85855.fon
2004-08-04 05:00 121452 --a------ C:\WINDOWS\Fonts.\kartika.ttf
2004-08-04 05:00 118752 --a------ C:\WINDOWS\Fonts.\webdings.ttf
2004-08-04 05:00 117028 --a------ C:\WINDOWS\Fonts.\ariblk.ttf
2004-08-04 05:00 11520 --ah-c--- C:\WINDOWS\Fonts.\8514fixg.fon
2004-08-04 05:00 115068 --a------ C:\WINDOWS\Fonts.\lucon.ttf
2004-08-04 05:00 11488 --ah-c--- C:\WINDOWS\Fonts.\8514fixt.fon
2004-08-04 05:00 111476 --a------ C:\WINDOWS\Fonts.\comicbd.ttf
2004-08-04 05:00 10976 --ah-c--- C:\WINDOWS\Fonts.\85f1257.fon
2004-08-04 05:00 10976 --ah-c--- C:\WINDOWS\Fonts.\8514fixr.fon
2004-08-04 05:00 10976 --ah-c--- C:\WINDOWS\Fonts.\8514fixe.fon
2004-08-04 05:00 10976 --ah-c--- C:\WINDOWS\Fonts.\8514fix.fon
2004-08-04 05:00 10064 --ah-c--- C:\WINDOWS\Fonts.\8514sysr.fon
2003-01-01 12:04 9408 --a------ C:\WINDOWS\Fonts.\WPHV05NB.TTF
2003-01-01 12:04 8084 --a------ C:\WINDOWS\Fonts.\WPRO01NB.TTF
2003-01-01 12:04 71392 --a------ C:\WINDOWS\Fonts.\WPHV05NA.TTF
2003-01-01 12:04 69756 --a------ C:\WINDOWS\Fonts.\WPSI14N_.TTF
2003-01-01 12:04 66388 --a------ C:\WINDOWS\Fonts.\WPRO01NA.TTF
2003-01-01 12:04 63408 --a------ C:\WINDOWS\Fonts.\WPRO10NA.TTF
2003-01-01 12:04 6332 --a------ C:\WINDOWS\Fonts.\WPHV01NB.TTF
2003-01-01 12:04 58224 --a------ C:\WINDOWS\Fonts.\WPCO01NA.TTF
2003-01-01 12:04 57644 --a------ C:\WINDOWS\Fonts.\WPSI13N_.TTF
2003-01-01 12:04 5556 --a------ C:\WINDOWS\Fonts.\WPHV06NB.TTF
2003-01-01 12:04 52140 --a------ C:\WINDOWS\Fonts.\WPHV06NA.TTF
2003-01-01 12:04 50780 --a------ C:\WINDOWS\Fonts.\WPHV01NA.TTF
2003-01-01 12:04 36196 --a------ C:\WINDOWS\Fonts.\WPHV07NA.TTF
2003-01-01 12:04 33272 --a------ C:\WINDOWS\Fonts.\WPCE08N_.TTF
2003-01-01 12:04 32180 --a------ C:\WINDOWS\Fonts.\WPDV09N_.TTF
2003-01-01 12:04 29412 --a------ C:\WINDOWS\Fonts.\WPCO08N_.TTF
2003-01-01 12:04 2920 --a------ C:\WINDOWS\Fonts.\WPHV07NB.TTF
2003-01-01 12:04 29092 --a------ C:\WINDOWS\Fonts.\WPHV04N_.TTF
2003-01-01 12:04 28392 --a------ C:\WINDOWS\Fonts.\WPHV02N_.TTF
2003-01-01 12:04 28236 --a------ C:\WINDOWS\Fonts.\WPHV08N_.TTF
2003-01-01 12:04 20376 --a------ C:\WINDOWS\Fonts.\WPCO03N_.TTF
2003-01-01 12:04 20028 --a------ C:\WINDOWS\Fonts.\WPHV11N_.TTF
2003-01-01 12:04 15400 --a------ C:\WINDOWS\Fonts.\WPRO10NB.TTF
2003-01-01 12:04 13960 --a------ C:\WINDOWS\Fonts.\WPCO01NB.TTF
2003-01-01 12:01 83172 --a------ C:\WINDOWS\Fonts.\GoudyHan.ttf
2003-01-01 12:01 83168 --a------ C:\WINDOWS\Fonts.\GOUDHNDN.TTF
2003-01-01 12:01 7672 --a------ C:\WINDOWS\Fonts.\MTEXTRA.TTF
2003-01-01 12:01 62316 --a------ C:\WINDOWS\Fonts.\Eng111Vi.ttf
2003-01-01 12:01 62308 --a------ C:\WINDOWS\Fonts.\E111Viva.ttf
2003-01-01 12:01 61600 --a------ C:\WINDOWS\Fonts.\GoudyOS_.ttf
2003-01-01 12:01 61592 --a------ C:\WINDOWS\Fonts.\GOUDYOSN.TTF
2003-01-01 12:01 61452 --a------ C:\WINDOWS\Fonts.\ZELP711B.TTF
2003-01-01 12:01 61432 --a------ C:\WINDOWS\Fonts.\ZapE711B.ttf
2003-01-01 12:01 60752 --a------ C:\WINDOWS\Fonts.\ZEL711BI.TTF
2003-01-01 12:01 60732 --a------ C:\WINDOWS\Fonts.\ZapE711t.ttf
2003-01-01 12:01 60644 --a------ C:\WINDOWS\Fonts.\GOUDYOSB.TTF
2003-01-01 12:01 59612 --a------ C:\WINDOWS\Fonts.\ZELP711I.TTF
2003-01-01 12:01 59592 --a------ C:\WINDOWS\Fonts.\ZapE711I.ttf
2003-01-01 12:01 59192 --a------ C:\WINDOWS\Fonts.\ZELP711N.TTF
2003-01-01 12:01 59192 --a------ C:\WINDOWS\Fonts.\ZapE711R.ttf
2003-01-01 12:01 58640 --a------ C:\WINDOWS\Fonts.\GOUDOSBI.TTF
2003-01-01 12:01 58628 --a------ C:\WINDOWS\Fonts.\GoudyOST.ttf
2003-01-01 12:01 57428 --a------ C:\WINDOWS\Fonts.\GOUDYOSI.TTF
2003-01-01 12:01 56780 --a------ C:\WINDOWS\Fonts.\TypoUpri.ttf
2003-01-01 12:01 56776 --a------ C:\WINDOWS\Fonts.\TYPOUPRN.TTF
2003-01-01 12:01 55972 --a------ C:\WINDOWS\Fonts.\BNHRDMOB.TTF
2003-01-01 12:01 55968 --a------ C:\WINDOWS\Fonts.\BernModB.ttf
2003-01-01 12:01 54500 --a------ C:\WINDOWS\Fonts.\BNHRDMBI.TTF
2003-01-01 12:01 54496 --a------ C:\WINDOWS\Fonts.\BernModT.ttf
2003-01-01 12:01 52800 --a------ C:\WINDOWS\Fonts.\Alleg_Rg.ttf
2003-01-01 12:01 52788 --a------ C:\WINDOWS\Fonts.\ALLEGRON.TTF
2003-01-01 12:01 50668 --a------ C:\WINDOWS\Fonts.\OzHandRm.ttf
2003-01-01 12:01 50648 --a------ C:\WINDOWS\Fonts.\OZHANDIN.TTF
2003-01-01 12:01 48360 --a------ C:\WINDOWS\Fonts.\BernFash.ttf
2003-01-01 12:01 48356 --a------ C:\WINDOWS\Fonts.\BNHRDFAN.TTF
2003-01-01 12:01 46492 --a------ C:\WINDOWS\Fonts.\PSTRBODN.TTF
2003-01-01 12:01 45440 --a------ C:\WINDOWS\Fonts.\COPGOTHB.TTF
2003-01-01 12:01 44356 --a------ C:\WINDOWS\Fonts.\BremenBd.ttf
2003-01-01 12:01 44336 --a------ C:\WINDOWS\Fonts.\BREMENB.TTF
2003-01-01 12:01 40248 --a------ C:\WINDOWS\Fonts.\SerifIt_.ttf
2003-01-01 12:01 40236 --a------ C:\WINDOWS\Fonts.\SERIFAI.TTF
2003-01-01 12:01 39640 --a------ C:\WINDOWS\Fonts.\SerifBd_.ttf
2003-01-01 12:01 39628 --a------ C:\WINDOWS\Fonts.\SERIFAB.TTF
2003-01-01 12:01 39468 --a------ C:\WINDOWS\Fonts.\SerifRm_.ttf
2003-01-01 12:01 39440 --a------ C:\WINDOWS\Fonts.\SERIFAN.TTF
2003-01-01 12:01 38884 --a------ C:\WINDOWS\Fonts.\FutuEBl_.ttf
2003-01-01 12:01 38860 --a------ C:\WINDOWS\Fonts.\FUTURAXK.TTF
2003-01-01 12:01 38788 --a------ C:\WINDOWS\Fonts.\FutuBdIt.ttf
2003-01-01 12:01 38772 --a------ C:\WINDOWS\Fonts.\FUTURABI.TTF
2003-01-01 12:01 38412 --a------ C:\WINDOWS\Fonts.\SWZ911XC.TTF
2003-01-01 12:01 38380 --a------ C:\WINDOWS\Fonts.\Sw911ExC.ttf
2003-01-01 12:01 38324 --a------ C:\WINDOWS\Fonts.\FutuBd__.ttf
2003-01-01 12:01 38308 --a------ C:\WINDOWS\Fonts.\FUTURAB.TTF
2003-01-01 12:01 38168 --a------ C:\WINDOWS\Fonts.\SerifTh_.ttf
2003-01-01 12:01 38148 --a------ C:\WINDOWS\Fonts.\SERIFAT.TTF
2003-01-01 12:01 37728 --a------ C:\WINDOWS\Fonts.\FutuLtIt.ttf
2003-01-01 12:01 37712 --a------ C:\WINDOWS\Fonts.\FUTURALI.TTF
2003-01-01 12:01 37248 --a------ C:\WINDOWS\Fonts.\HUM521BI.TTF
2003-01-01 12:01 37028 --a------ C:\WINDOWS\Fonts.\ZURCHE.TTF
2003-01-01 12:01 37016 --a------ C:\WINDOWS\Fonts.\ZuricExt.ttf
2003-01-01 12:01 37008 --a------ C:\WINDOWS\Fonts.\FutuLt__.ttf
2003-01-01 12:01 36992 --a------ C:\WINDOWS\Fonts.\FUTURAL.TTF
2003-01-01 12:01 36800 --a------ C:\WINDOWS\Fonts.\Hum521Rm.ttf
2003-01-01 12:01 36776 --a------ C:\WINDOWS\Fonts.\HUM521N.TTF
2003-01-01 12:01 36740 --a------ C:\WINDOWS\Fonts.\Hum521It.ttf
2003-01-01 12:01 36740 --a------ C:\WINDOWS\Fonts.\HUM521I.TTF
2003-01-01 12:01 36688 --a------ C:\WINDOWS\Fonts.\Hum521Bd.ttf
2003-01-01 12:01 36688 --a------ C:\WINDOWS\Fonts.\HUM521B.TTF
2003-01-01 12:01 35412 --a------ C:\WINDOWS\Fonts.\BNKGOTHM.TTF
2003-01-01 12:01 32976 --a------ C:\WINDOWS\Fonts.\FutuBl__.ttf
2003-01-01 12:01 32968 --a------ C:\WINDOWS\Fonts.\FUTURAK.TTF
2003-01-01 12:01 22088 --a------ C:\WINDOWS\Fonts.\COMBULN.TTF
2003-01-01 12:01 119532 --a------ C:\WINDOWS\Fonts.\Stacc222.ttf
2003-01-01 12:01 119528 --a------ C:\WINDOWS\Fonts.\STAC222N.TTF


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 19:22]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 19:19]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 19:23]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-03-30 10:42]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" []
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-09-26 19:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"Sen"="C:\WINDOWS\SCURIT~1\rundll32.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Bluetooth.lnk - C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe [2006-04-12 10:37:48]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-05 14:46:35]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearFlix]
"C:\Program Files\BearFlix\BearFlix.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]
C:\Program Files\NetZero\exec.exe regrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USS]
"C:\Program Files\USS\USS.exe"



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\MONITOR.EXE

.
Contents of the 'Scheduled Tasks' folder
"2007-07-22 03:15:58 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-07-22 03:15:57 C:\WINDOWS\Tasks\McQcTask.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-22 09:57:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-22 10:02:18 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-22 10:02
C:\ComboFix2.txt ... 2007-09-21 07:04
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13, on 2007-09-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\SCURIT~1\rundll32.exe" -vt ndrv
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZJ
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Grace joseph\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 8653 bytes
lystell
Regular Member
 
Posts: 30
Joined: August 12th, 2007, 6:26 pm

Unread postby lystell » September 26th, 2007, 12:26 pm

I checked it out and the network is for my router so this is not a problem. Still not sure why it gave me two log files to submit.
lystell
Regular Member
 
Posts: 30
Joined: August 12th, 2007, 6:26 pm

Unread postby SNOWHITE » September 27th, 2007, 1:38 am

Hello lystell :)

PLEASE READ THIS POST COMPLETELY, IT MAY MAKE IT EASIER FOR YOU IF YOU COPY AND PASTE THIS POST INTO A NEW TEXT DOCUMENT OR PRINT IT FOR REFERENCE LATER

Please follow the steps below exactly in the order they are written:

Step #1

Please re-open HiJackThis and click on "Do a system scan only". Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - (no file)
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\SCURIT~1\rundll32.exe" -vt ndrv

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Step #2

Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
File::
C:\WINDOWS\Fonts.\iiswave.inf
C:\WINDOWS\Fonts.\frtm.tmp

Folder::
C:\WINDOWS\SCURIT~1

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

Suspect::[29]
E:\MONITOR.EXE


Save this as "CFScript"


Image

Refering to the picture above, drag CFScript into ComboFix.exe

This will start ComboFix again. Additonally, ComboFix will generate the following files on your desktop
  • A zipped file on your desktop called Submit [Date Time].zip
  • And another file named - CF-Submit.htm
6. ComboFix may need to reboot to finish its work. Let it.

When CF has finished running, it will generate the ComboFix.log which will appear on your screen.

If CF-Submit.htm is detected, ComboFix will generate this message box:

Image

Clicking OK will cause the machine's browser to load CF-Submit.htm

Image

Click the "Browse" button and locate the Submit [Date Time].zip file on your desktop.
  • Click on the file to Select it.
  • Submit the file by clicking "OK"
Once the file has been submitted, please DELETE both files on your desktop.

Step #3

- Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

    - Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
    http://www.ewido.net/en/download/
    • Install AVG Anti-Spyware by double clicking the installer.
    • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
    • On the main screen under Your Computer's security.
      • Click on Change state next to Resident shield. It should now change to inactive.
      • Click on Change state next to Automatic updates. It should now change to inactive.
      • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
      • Wait until you see the Update succesfull message.
    • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    If you are having problems with the updater, you can use this link to manually update ewido.
    AVG Anti-Spyware manual updates.
    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

    - Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    - Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

- Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.


Post the following reports/logs into your next reply:
  • Combofix.txt
  • AVG Anti-Spyware report
  • A new HijackThis log (run after AVG Anti-Spyware has finished its work.)


Regards
User avatar
SNOWHITE
Regular Member
 
Posts: 94
Joined: February 12th, 2007, 2:06 pm

Unread postby lystell » September 27th, 2007, 5:48 pm

Hello SnowWhite,

here are the new logs. I am thankful for all of your help in gettint this pc fixed. It is running much better now, still slow but that is from the memory being so low.

Do I still need SDFix, DSS, and VundoFix? If not I will remove them. Would hate for the owner or kids of the owner to play with them.

ComboFix 07-09-21.2 - "ELITENE JOSEPH" 2007-09-25 11:15:45.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.61 [GMT -5:00]
* Created a new restore point

FILE::
C:\WINDOWS\Fonts.\iiswave.inf
C:\WINDOWS\Fonts.\frtm.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Fonts.\frtm.tmp

.
((((((((((((((((((((((((( Files Created from 2007-08-25 to 2007-09-25 )))))))))))))))))))))))))))))))
.

2007-09-07 08:46 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2007-09-05 19:28 <DIR> d-------- C:\DOCUME~1\MISTIL~1\APPLIC~1\Symantec
2007-09-05 19:28 <DIR> d-------- C:\DOCUME~1\MISTIL~1\APPLIC~1\McAfee.com Personal Firewall
2007-09-05 19:28 <DIR> d-------- C:\DOCUME~1\MISTIL~1\APPLIC~1\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-25 00:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-09-05 19:28 --------- d--h----- C:\DOCUME~1\MISTIL~1\APPLIC~1\GTek
2007-09-05 19:28 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-09-05 19:28 --------- d-------- C:\DOCUME~1\MISTIL~1\APPLIC~1\PC Suite
2007-09-05 19:28 --------- d-------- C:\DOCUME~1\GRACEJ~1\APPLIC~1\COMCASTTOOLBAR
2007-09-05 19:26 --------- d-------- C:\DOCUME~1\MISTIL~1\APPLIC~1\COMCASTTOOLBAR
2007-09-05 19:25 --------- d-------- C:\Program Files\USS
2007-09-05 16:09 --------- d-------- C:\DOCUME~1\GRACEJ~1\APPLIC~1\SiteAdvisor
2007-08-31 15:21 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-08-24 12:30 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-08-10 14:54 --------- d-------- C:\DOCUME~1\MISTIL~1\APPLIC~1\MySpace
2007-08-02 19:57 4184 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-02 19:20 --------- d-------- C:\DOCUME~1\GRACEJ~1\APPLIC~1\MySpace
2007-08-01 13:47 --------- d-------- C:\DOCUME~1\ELITEN~1\APPLIC~1\MySpace
2007-07-31 13:48 --------- d-------- C:\DOCUME~1\MISTIL~1\APPLIC~1\SiteAdvisor
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-21 22:52 246 --a------ C:\Program Files\Common Files\lavu
2007-07-19 01:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 18:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 09:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 09:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 09:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 09:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 09:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 09:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 09:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 09:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 09:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 09:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 09:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 09:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 09:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 09:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 09:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 09:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 09:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 09:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 09:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 09:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 03:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 03:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 03:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 02:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 22:10 317440 --a------ C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 01:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2005-05-12 00:36 12288 --a--c--- C:\WINDOWS\Fonts\RandFont.dll
2007-05-11 15:34:20 56 -csh--r C:\WINDOWS\system32\FCA3803B92.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 19:22]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 19:19]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 19:23]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-03-30 10:42]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Bluetooth.lnk - C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe [2006-04-12 10:37:48]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-05 14:46:35]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearFlix]
"C:\Program Files\BearFlix\BearFlix.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]
C:\Program Files\NetZero\exec.exe regrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USS]
"C:\Program Files\USS\USS.exe"


.
Contents of the 'Scheduled Tasks' folder
"2007-07-22 03:15:58 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-07-22 03:15:57 C:\WINDOWS\Tasks\McQcTask.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-25 11:19:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-25 11:20:20
C:\ComboFix-quarantined-files.txt ... 2007-09-25 11:20
C:\ComboFix2.txt ... 2007-09-22 10:02
C:\ComboFix3.txt ... 2007-09-21 07:04
.
--- E O F ---

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:21:48 PM 9/25/2007

+ Scan result:



C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP323\A0865727.exe -> Downloader.Agent.buo : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/b128.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\Program Files\Common Files\iifu\iifud\vocabulary.vir -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0865677.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:03 PM, on 9/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZJ
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Grace joseph\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 8548 bytes
lystell
Regular Member
 
Posts: 30
Joined: August 12th, 2007, 6:26 pm

Unread postby SNOWHITE » September 27th, 2007, 6:16 pm

Hello lystell :)
Do I still need SDFix, DSS, and VundoFix? If not I will remove them. Would hate for the owner or kids of the owner to play with them.


I will give you instructions later for removing of the tools we have used ;)

Please follow the steps below exactly in the order they are written:

Step #1

Please re-open HiJackThis and click on "Do a system scan only". Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Step #2

* Click start then run, type prefetch then press enter, click edit then select all, (all files will highlight), right click any file, click delete, confirm.


* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.

Step #3

Please do an online scan with Kaspersky WebScanner

NOTE: This Scanner will work with Internet Explorer Only!


Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report As... button:
  • Under Save as type select Text file write name for the file and save it to your Desktop.
  • Locate the file at the Desktop, open it, then copy and paste that information in your next post.


Please post back with Kaspersky online scan and new HijackThis log.

Regards,
User avatar
SNOWHITE
Regular Member
 
Posts: 94
Joined: February 12th, 2007, 2:06 pm

Unread postby lystell » September 27th, 2007, 11:18 pm

Hi SnowWhite

here are the new logs.

KASPERSKY ONLINE SCANNER REPORT
Tuesday, September 25, 2007 10:11:28 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 28/09/2007
Kaspersky Anti-Virus database records: 424438


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 52251
Number of viruses found 3
Number of infected objects 21
Number of suspicious objects 0
Duration of the scan process 00:45:30

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{3F98D711-4CCC-4DF1-9C9D-F4ECDE2DC94B}.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{C35664EE-F5AC-43DA-A607-4F51186F5407}.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\History\History.IE5\MSHist012007092520070926\index.dat Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Temp\~DF7F2D.tmp Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Temp\~DFAEAC.tmp Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Temp\~DFB59F.tmp Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Temp\~DFB5C8.tmp Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\ntuser.dat Object is locked skipped

C:\Documents and Settings\ELITENE JOSEPH\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\qoobox\Quarantine\C\Program Files\Insider\UnInstall.exe.vir Infected: Trojan.Win32.Agent.bnd skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0865652.exe Infected: Trojan.Win32.Agent.bck skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0865653.exe Infected: Trojan.Win32.Agent.bck skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0865654.exe Infected: Trojan.Win32.Agent.bck skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0865655.exe Infected: Trojan.Win32.Agent.bck skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0865656.exe Infected: Trojan.Win32.Agent.bck skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0865657.exe Infected: Trojan.Win32.Agent.bck skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0865658.exe Infected: Trojan.Win32.Agent.bck skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0865659.exe Infected: Trojan.Win32.Agent.bck skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0865660.exe Infected: Trojan.Win32.Agent.bck skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0865661.exe Infected: Trojan.Win32.Agent.bck skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0865662.exe Infected: Trojan.Win32.Agent.bck skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0865663.exe Infected: Trojan.Win32.Agent.bck skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0865664.exe Infected: Trojan.Win32.Agent.bck skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0865665.exe Infected: Trojan.Win32.Agent.bck skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0865666.exe Infected: Trojan.Win32.Agent.bck skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0865667.exe Infected: Trojan.Win32.Agent.bck skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0865668.exe Infected: Trojan.Win32.Agent.bck skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0865681.exe Infected: Trojan.Win32.Agent.bck skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0865682.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fz skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0865744.exe Infected: Trojan.Win32.Agent.bnd skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP329\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{386B4BC0-BB96-4E5B-A087-5F39D6956C55}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\mcafee_HuD38awgeqQVRNI Object is locked skipped

C:\WINDOWS\Temp\mcmsc_61Hblvg1n1e5dPn Object is locked skipped

C:\WINDOWS\Temp\mcmsc_6Eu61eKqnaSFeka Object is locked skipped

C:\WINDOWS\Temp\mcmsc_cJMRie7nK84LiFI Object is locked skipped

C:\WINDOWS\Temp\mcmsc_qCtUHjRC7IjM50f Object is locked skipped

C:\WINDOWS\Temp\mcmsc_siP0KyYHFuSJzwa Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:06 PM, on 9/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZJ
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Grace joseph\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 8487 bytes
lystell
Regular Member
 
Posts: 30
Joined: August 12th, 2007, 6:26 pm

Unread postby SNOWHITE » September 28th, 2007, 5:00 am

Hello lystell :)

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
Next, double click OTMoveIt and you should see a CleanUp! button, press that button, you may get prompt by your firewall that OTMoveIt tries to contact internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes.

NOTE: This will remove some of the tools we used so far, including OTMoveIt.

Empty Recycle Bin.

You will find below steps for cleaning System Restore, please follow those instructions.

I will keep your thread open for a couple of days, if the malware problem reappear feel free to post here.

Should you have any questions, please feel free to ask. ;)

    DISABLE THE VIEWING OF SYSTEM FILES
    From Windows Explorer, go to Tools>Folder Options> View tab.
    • Untick - Show hidden files and folder
    • Tick - Hide file extensions for known types
    • Tick - Hide protected operating system files
    Click Yes to confirm & then click OK

    CLEAR & RESET SYSTEM RESTORE'S CACHE - (System Volume Information folder)
    Go to Start >> Run - type control sysdm.cpl,,4 & press Enter
    • Tick on the checkbox - Turn off System Restore on all drives
    • Click Apply
    Turn it back 'On' by unticking the same checkbox & click OK
    SECURING INTERNET EXPLORER
    From within Internet Explorer click on the Tools menu and then click on Internet Options.
  • Select the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Select Custom Level .
      • Change 'Download signed ActiveX controls' to Prompt

      • Change 'Download unsigned ActiveX controls' to Disable
      • Change 'Initialize and script ActiveX controls not marked as safe' to Disable
      • Change 'Installation of desktop items' to Prompt
      • Change 'Launching programs and files in an IFRAME' to Prompt
      • Change 'Navigate sub-frames across different domains' to Prompt
      • When all these changes have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Select OK to exit the Internet Properties page.
    Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
    Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


    Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see this link:
    Understanding and Using Firewalls



    SPYWAREBLASTER
    SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.

    Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here:
    http://www.bleepingcomputer.com/forums/tutorial49.html


    IE-SPYAD
    IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here:
    http://www.spywarewarrior.com/uiuc/resource.htm


    COMODO BOClean
    BOClean runs automatically in the background without interfering with your work and kills malwares INSTANTLY the moment they activate without giving them the chance to invade your machine. A tutorial on installing this product can be found here:
    http://www.comodo.com/boclean/boclean.html


    WINPATROL
    Download and install the free version of Winpatrol. A tutorial for this product is located here:
    http://www.winpatrol.com/features.html

    A-SQUARED Anti-Dialer
    This is a free program that provides defense against Dialers, scans the harddisk and provides a permanent background guard protection against new Dialer infections.
    "Dialers are small programs that change the Internet access number of a modem-equipped computer to a much more expensive number"
    To understand this treat better read this article The Dialer-Problem in Detail. a-squared Anti-Dialer can be downloaded at the following link:
    http://download5.emsisoft.com/a2AntiDialerSetup.exe

    A-SQUARED Free
    This program is completely free of charge for private use, it removes infections of Trojans, Spyware, Adware, Worms, Keyloggers, Rootkits, Dialers and other malicious programs. It can be downloaded at the following link:
    http://www.emsisoft.com/en/software/free

    SUPERAntiSpyware Home Edition
    Another effective program for helping remove some of the more difficult infections.
    http://www.superantispyware.com/downloadfile.html
    • More Secure Browser - Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, and Opera
    • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.


Happy surfing and stay clean! :wave:

Please respond to this thread once more so we can mark this thread as resolved.

Best regards,
User avatar
SNOWHITE
Regular Member
 
Posts: 94
Joined: February 12th, 2007, 2:06 pm

Unread postby lystell » September 30th, 2007, 10:24 pm

Thank you for all of your help SnowWhite.

He is very happy with his pc now. Said it runs better than when he got it :D .


He also said everyone is fantastic for donating their time to help with problems, and train others to help.

Thanks,
Lystell



This topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Gary R
lystell
Regular Member
 
Posts: 30
Joined: August 12th, 2007, 6:26 pm
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware