Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Ok Here's my Hijack list I keep getting 2 trojan alerts

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Ok Here's my Hijack list I keep getting 2 trojan alerts

Unread postby gumijagr » April 7th, 2010, 4:06 pm

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:51:12 AM, on 4/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\5-Day Forecast\5-Day Forecast\5-Day Forecast.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Mwewerihehafi] rundll32.exe "C:\WINDOWS\Wjejoqeviwecedul.dll",e
O4 - HKLM\..\Run: [Svecaye] rundll32.exe "C:\WINDOWS\ilozesec.dll",e
O4 - HKLM\..\Run: [CTEMON.EXE] "" /h
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P35 "EPSON Stylus CX4800 Series (Copy 1)" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [5-Day Forecast] "C:\Program Files\5-Day Forecast\5-Day Forecast\5-Day Forecast.exe" /Startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Register.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\Register.exe
O4 - Global Startup: Wallpaper Changer.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} (Aosmgr Control) - http://ahnlabdownload.nefficient.co.kr/ ... aosmgr.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/tes ... eGames.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://mail.daum.net/hanmail-ax/DaumAct ... er=2,0,0,4
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} (NaverAXGuide Class) - http://blog.naver.com/common/item/NaverAXGuide.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)
O22 - SharedTaskScheduler: Windows Installer Class - {020487CC-FC04-4B1E-863F-D9801796230B} - C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\wndutl32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 14426 bytes
gumijagr
Regular Member
 
Posts: 17
Joined: April 4th, 2010, 4:43 pm
Advertisement
Register to Remove

Re: Ok Here's my Hijack list I keep getting 2 trojan alerts

Unread postby Blade81 » April 10th, 2010, 7:31 am

Hello,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Ok Here's my Hijack list I keep getting 2 trojan alerts

Unread postby gumijagr » April 10th, 2010, 7:03 pm

DDS (Ver_10-03-17.01) - NTFSx86
Run by Guy Falone at 15:58:29.37 on Sat 04/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.291 [GMT -7:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\5-Day Forecast\5-Day Forecast\5-Day Forecast.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Guy Falone\My Documents\Downloads\dds.com

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&cli ... channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program

files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search

helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752

\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google

toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: dossec.dossec.dossec: {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - mscoree.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
uRun: [OE] "c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [EPSON Stylus CX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M

"Stylus CX4800"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Mwewerihehafi] rundll32.exe "c:\windows\Wjejoqeviwecedul.dll",e
mRun: [Svecaye] rundll32.exe "c:\windows\ilozesec.dll",e
mRun: [CTEMON.EXE] "" /h
mRun: [EPSON Stylus CX4800 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_FATIADA.EXE /P35 "EPSON Stylus CX4800 Series (Copy

1)" /O6 "USB001" /M "Stylus CX4800"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [5-Day Forecast] "c:\program files\5-day forecast\5-day forecast\5-Day Forecast.exe" /Startup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\register.lnk - c:\program files\azurebay\azurebay screen saver\Register.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wallpa~1.lnk - c:\program files\azurebay\azurebay screen saver\WPChanger.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows

live\writer\WriterBrowserExtension.dll
Trusted Zone: musicmatch.com\online
DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} - hxxp://ahnlabdownload.nefficient.co.kr/ ... aosmgr.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shoc ... wswaxf.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/tes ... eGames.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumAct ... er=2,0,0,4
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} - hxxp://fdl.msn.com/public/investor/v13/ticker.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://blog.naver.com/common/item/NaverAXGuide.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: IPC Configuration Utility - No File
STS: Windows Installer Class: {020487cc-fc04-4b1e-863f-d9801796230b} - c:\docume~1\michel~1\locals~1\temp\wndutl32.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\guyfal~1\applic~1\mozilla\firefox\profiles\klt2ugxs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\guy falone\application data\mozilla\firefox\profiles\klt2ugxs.default\extensions\{3112ca9c-de6d-

4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.50106.0\npctrl.1.0.20816.0.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: XUL Cache: {0F80794E-5790-48DF-8088-F06968CE615F} - c:\documents and settings\guy falone\local settings\application

data\{0F80794E-5790-48DF-8088-F06968CE615F}
FF - HiddenExtension: XUL Cache: {A50E925E-D77A-4F63-A0CD-705DDBCD73FB} - c:\documents and settings\michele falone\local settings\application

data\{A50E925E-D77A-4F63-A0CD-705DDBCD73FB}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5

\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-

ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-

ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref

("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-3-9 54752]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-4-2 50192]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-4-2 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2010-4-2 335376]
R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2010-4-2 488768]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-4-2 648456]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2009-1-30 131072]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-1-30 79104]

=============== Created Last 30 ================

2010-04-04 08:24:30 0 d-----w- c:\program files\TrendMicro
2010-04-02 20:03:17 52752 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-04-02 20:03:17 50192 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-04-02 20:03:17 0 d-----w- c:\windows\system32\log
2010-04-02 20:02:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Trend Micro
2010-04-02 20:00:10 656648 ----a-w- c:\windows\system32\UfWSC.cpl
2010-04-02 20:00:03 66320 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-04-02 20:00:03 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2010-04-02 20:00:03 335376 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2010-04-02 20:00:03 225808 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2010-04-02 20:00:03 1223832 ----a-w- c:\windows\system32\drivers\vsapint.sys
2010-03-30 00:58:47 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-26 19:00:50 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-03-12 19:10:15 0 d-----w- C:\pwrcmdr

==================== Find3M ====================

2010-04-10 21:01:21 138328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-10 21:01:12 214816 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-02 20:00:03 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-01 09:55:36 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-02-25 18:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-03 00:56:21 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2010-02-03 00:56:21 249856 ----a-w- c:\windows\system32\pdfmona.dll
2008-03-16 06:02:50 534 ----a-w- c:\program files\User.Ini
2007-12-17 15:30:12 2933171 ----a-w- c:\program files\Olb.exe
2007-12-16 18:56:34 93820 ----a-w- c:\program files\whatsnew.eng
2007-12-12 02:41:32 61778 ----a-w- c:\program files\Internet.Lst
2007-12-06 18:09:04 93892 ----a-w- c:\program files\whatsnew.eng.bak
2007-12-01 19:53:20 92194 ----a-w- c:\program files\Messages.eng
2007-08-25 20:47:54 28839 ------w- c:\program files\Install.Msg
2007-05-17 04:47:34 234751 ----a-w- c:\program files\helpeng.chm
2007-01-28 21:06:44 9865 ----a-w- c:\program files\Desktop.Idt
2006-12-25 21:42:04 15360 ----a-w- c:\program files\Rapi.dll
2006-12-16 20:50:58 69120 ----a-w- c:\program files\OlbDel.Exe
2005-07-29 18:18:00 16438 ----a-w- c:\program files\Module.Lst
2005-01-19 17:21:26 44330 ----a-w- c:\program files\Category.Lst
2004-04-09 15:27:52 143635 ----a-w- c:\program files\TUTORENG.CHM
2004-02-18 23:58:52 14246472 ------w- c:\program files\DVDXCopy_Platinum_v4.0.3.8_full_install.exe
2004-02-18 23:58:04 130450 ------w- c:\program files\12.02 DVDXCopy Platinum 4.0.3.8.zip
2003-01-21 00:09:10 25508 ----a-w- c:\program files\OLBGrk.TTF
2003-01-21 00:09:10 22348 ----a-w- c:\program files\OLBHeb.TTF
2001-08-16 14:33:56 5496 ----a-w- c:\program files\vireadme.eng
2000-01-09 14:35:54 4204 ----a-w- c:\program files\dsp.wav
2000-01-09 14:35:50 41972 ----a-w- c:\program files\std.wav
1999-11-30 13:38:46 3978 ----a-w- c:\program files\titles.v6
1999-01-09 16:20:36 2635 ----a-w- c:\program files\biblewin.exe
1998-09-28 17:41:56 3888 ----a-w- c:\program files\paragrap.map
2008-12-17 00:50:18 109 --sha-w- c:\windows\system32\1623630655.dat
2008-08-25 21:57:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5

\mshist012008082520080826\index.dat

============= FINISH: 15:59:17.75 ===============
gumijagr
Regular Member
 
Posts: 17
Joined: April 4th, 2010, 4:43 pm

Re: Ok Here's my Hijack list I keep getting 2 trojan alerts

Unread postby gumijagr » April 10th, 2010, 7:07 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/2/2007 11:51:05 PM
System Uptime: 4/10/2010 8:15:49 AM (7 hours ago)

Motherboard: Dell Inc. | | 0YC523
Processor: Intel(R) Pentium(R) D CPU 2.80GHz |

Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 144 GiB total, 92.7 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP900: 1/11/2010 4:41:05 AM - System Checkpoint
RP901: 1/12/2010 4:59:09 AM - System Checkpoint
RP902: 1/13/2010 6:09:09 AM - System Checkpoint
RP903: 1/14/2010 3:00:21 AM - Software Distribution Service 3.0
RP904: 1/15/2010 3:00:16 AM - Software Distribution Service 3.0
RP905: 1/16/2010 6:32:26 AM - System Checkpoint
RP906: 1/17/2010 3:38:16 PM - System Checkpoint
RP907: 1/18/2010 4:31:29 PM - System Checkpoint
RP908: 1/20/2010 2:38:01 AM - System Checkpoint
RP909: 1/21/2010 10:08:09 AM - System Checkpoint
RP910: 1/22/2010 3:00:17 AM - Software Distribution Service 3.0
RP911: 1/23/2010 3:00:15 AM - Software Distribution Service 3.0
RP912: 1/24/2010 3:25:41 AM - System Checkpoint
RP913: 1/25/2010 3:00:16 AM - Software Distribution Service 3.0
RP914: 1/26/2010 3:00:19 AM - Software Distribution Service 3.0
RP915: 1/27/2010 3:07:09 AM - System Checkpoint
RP916: 1/28/2010 12:34:46 PM - System Checkpoint
RP917: 1/29/2010 1:39:09 PM - System Checkpoint
RP918: 1/30/2010 2:31:34 PM - System Checkpoint
RP919: 1/30/2010 4:13:51 PM - Software Distribution Service 3.0
RP920: 1/31/2010 5:58:14 PM - System Checkpoint
RP921: 2/1/2010 3:00:14 AM - Software Distribution Service 3.0
RP922: 2/2/2010 3:49:53 AM - System Checkpoint
RP923: 2/2/2010 2:18:22 PM - Installed H&R Block Deluxe + Efile + State

2009.
RP924: 2/2/2010 3:57:47 PM - Installed H&R Block California 2009.
RP925: 2/2/2010 4:56:28 PM - Printer Driver PDF995 Printer Driver

Installed
RP926: 2/3/2010 5:38:11 PM - System Checkpoint
RP927: 2/4/2010 7:56:40 PM - System Checkpoint
RP928: 2/5/2010 10:54:47 PM - System Checkpoint
RP929: 2/7/2010 12:20:03 AM - System Checkpoint
RP930: 2/8/2010 12:37:03 AM - System Checkpoint
RP931: 2/9/2010 1:38:06 AM - System Checkpoint
RP932: 2/10/2010 1:08:48 AM - Software Distribution Service 3.0
RP933: 2/11/2010 1:38:59 AM - System Checkpoint
RP934: 2/11/2010 3:00:15 AM - Software Distribution Service 3.0
RP935: 2/12/2010 3:47:19 AM - System Checkpoint
RP936: 2/13/2010 4:48:22 AM - System Checkpoint
RP937: 2/14/2010 5:49:54 AM - System Checkpoint
RP938: 2/15/2010 6:44:00 AM - System Checkpoint
RP939: 2/16/2010 7:44:45 AM - System Checkpoint
RP940: 2/17/2010 4:25:00 PM - System Checkpoint
RP941: 2/18/2010 4:47:55 PM - System Checkpoint
RP942: 2/19/2010 6:56:24 PM - System Checkpoint
RP943: 2/20/2010 3:00:14 AM - Software Distribution Service 3.0
RP944: 2/21/2010 3:08:25 AM - System Checkpoint
RP945: 2/22/2010 3:16:39 AM - System Checkpoint
RP946: 2/23/2010 3:00:21 AM - Software Distribution Service 3.0
RP947: 2/23/2010 12:58:13 PM - Installed Adobe Reader 9.3.
RP948: 2/23/2010 11:01:20 PM - Software Distribution Service 3.0
RP949: 2/24/2010 11:33:58 PM - System Checkpoint
RP950: 2/25/2010 3:00:26 AM - Software Distribution Service 3.0
RP951: 2/26/2010 3:33:56 AM - System Checkpoint
RP952: 2/27/2010 3:58:02 AM - System Checkpoint
RP953: 2/28/2010 6:11:47 AM - System Checkpoint
RP954: 3/1/2010 6:35:02 AM - System Checkpoint
RP955: 3/2/2010 3:00:16 AM - Software Distribution Service 3.0
RP956: 3/2/2010 1:05:07 PM - Software Distribution Service 3.0
RP957: 3/3/2010 1:43:12 PM - System Checkpoint
RP958: 3/4/2010 2:37:13 PM - System Checkpoint
RP959: 3/5/2010 11:10:37 PM - System Checkpoint
RP960: 3/7/2010 11:38:29 AM - System Checkpoint
RP961: 3/8/2010 3:00:18 AM - Software Distribution Service 3.0
RP962: 3/9/2010 3:00:21 AM - Software Distribution Service 3.0
RP963: 3/9/2010 11:53:42 AM - Installed Windows XP KB954708.
RP964: 3/9/2010 11:54:06 AM - Installed DirectX
RP965: 3/10/2010 3:00:20 AM - Software Distribution Service 3.0
RP966: 3/10/2010 8:20:01 PM - Software Distribution Service 3.0
RP967: 3/10/2010 10:01:10 PM - Software Distribution Service 3.0
RP968: 3/12/2010 1:18:29 AM - System Checkpoint
RP969: 3/12/2010 3:00:16 AM - Software Distribution Service 3.0
RP970: 3/13/2010 3:57:40 AM - System Checkpoint
RP971: 3/13/2010 4:48:52 PM - Software Distribution Service 3.0
RP972: 3/14/2010 7:35:09 PM - System Checkpoint
RP973: 3/15/2010 3:00:14 AM - Software Distribution Service 3.0
RP974: 3/16/2010 12:47:57 AM - Software Distribution Service 3.0
RP975: 3/17/2010 1:51:38 AM - System Checkpoint
RP976: 3/17/2010 3:00:15 AM - Software Distribution Service 3.0
RP977: 3/18/2010 3:15:34 AM - System Checkpoint
RP978: 3/19/2010 8:11:41 PM - System Checkpoint
RP979: 3/20/2010 3:00:16 AM - Software Distribution Service 3.0
RP980: 3/21/2010 3:26:45 AM - System Checkpoint
RP981: 3/22/2010 5:16:34 PM - System Checkpoint
RP982: 3/23/2010 3:00:15 AM - Software Distribution Service 3.0
RP983: 3/24/2010 12:51:51 AM - Software Distribution Service 3.0
RP984: 3/25/2010 12:54:33 AM - System Checkpoint
RP985: 3/25/2010 3:00:14 AM - Software Distribution Service 3.0
RP986: 3/27/2010 1:10:37 AM - Software Distribution Service 3.0
RP987: 3/28/2010 12:56:54 AM - Software Distribution Service 3.0
RP988: 3/29/2010 1:07:28 AM - System Checkpoint
RP989: 3/29/2010 1:10:22 AM - Software Distribution Service 3.0
RP990: 3/30/2010 2:28:44 AM - Software Distribution Service 3.0
RP991: 3/31/2010 3:00:22 AM - Software Distribution Service 3.0
RP992: 3/31/2010 9:49:25 AM - Software Distribution Service 3.0
RP993: 4/1/2010 2:35:39 AM - Software Distribution Service 3.0
RP994: 4/1/2010 3:00:17 AM - Software Distribution Service 3.0
RP995: 4/2/2010 1:03:18 AM - Software Distribution Service 3.0
RP996: 4/2/2010 12:45:06 PM - Software Distribution Service 3.0
RP997: 4/2/2010 1:01:59 PM - Installed Trend Micro Internet Security
RP998: 4/3/2010 3:00:25 AM - Software Distribution Service 3.0
RP999: 4/4/2010 1:24:29 AM - Installed HiJackThis
RP1000: 4/4/2010 1:30:45 AM - Software Distribution Service 3.0
RP1001: 4/4/2010 2:25:21 PM - Software Distribution Service 3.0
RP1002: 4/5/2010 10:30:44 AM - Software Distribution Service 3.0
RP1003: 4/6/2010 10:44:09 AM - Software Distribution Service 3.0
RP1004: 4/7/2010 12:09:08 PM - System Checkpoint
RP1005: 4/7/2010 1:06:28 PM - Software Distribution Service 3.0
RP1006: 4/8/2010 4:15:06 PM - System Checkpoint
RP1007: 4/9/2010 2:43:05 AM - Software Distribution Service 3.0
RP1008: 4/9/2010 10:40:22 AM - Software Distribution Service 3.0
RP1009: 4/10/2010 11:15:39 AM - Software Distribution Service 3.0

==== Installed Programs ======================

??? ActiveX ???
5-Day Forecast
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
Adobe Shockwave Player
AGEIA PhysX v7.05.17
AhnLab Online Security
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
ATI Control Panel
ATI Display Driver
AzureBay Screen Saver
Ben 10 Alien Force Bounty Hunters
Bonjour
CDDRV_Installer
Conexant D850 56K V.9x DFVc Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Daum ActiveX ÄÁÆ®·Ñ - ??? ?????
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Games
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
Disney Pirates of the Caribbean Online
EarthLink setup files
EducateU
ELIcon
Enemy Territory - QUAKE Wars(TM)
Enemy Territory - QUAKE Wars(TM) 1.1 Patch
Enemy Territory - QUAKE Wars(TM) 1.1 Patch
EPSON CX 4200 4800 Guide
EPSON Printer Software
EPSON Scan
erLT
ESPNMotion
Garmin Communicator Plugin
Garmin USB Drivers
GemMaster Mystic
Get High Speed Internet!
Google Earth
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
H&R Block California 2009
H&R Block Deluxe + Efile + State 2009
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Insaniquarium Deluxe
Intel Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Intel(R) Quick Resume Technology Drivers
Intel® Viiv™
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
KhalInstallWrapper
Learn2 Player (Uninstall Only)
Logitech SetPoint
LucasArts' X-Wing vs. TIE Fighter
MGI PhotoSuite 8.1 (Remove Only)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Mozilla Firefox (3.6.3)
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Musicmatch for Windows Media Player
Musicmatch® Jukebox
NetWaiting
NetZeroInstallers
OLYMPUS Master 2
Online Bible 10.10.09
Otto
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
Picasa 3
Planetarium
QuickTime
RealPlayer
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
Search Assist
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
SoulSeek Client 156c
TaxCut California 2007
TaxCut California 2008
TaxCut Premium + State + Efile 2007
TaxCut Premium + State + Efile 2008
Trend Micro Internet Security
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Media Player
VLC media player 1.0.1
WebCyberCoach 3.2 Dell
WebFldrs XP
WildTangent Games
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007

2.2.1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Wizard101
Wolfenstein - Enemy Territory
WordPerfect Office 12
Xfire (remove only)

==== Event Viewer Messages From Past Week ========

4/9/2010 11:52:11 AM, error: Disk [11] - The driver detected a

controller error on \Device\Harddisk4\D.
4/9/2010 10:45:16 AM, error: Service Control Manager [7034] - The

Trend Micro Central Control Component service terminated unexpectedly.

It has done this 1 time(s).
4/9/2010 10:34:30 AM, error: Service Control Manager [7009] - Timeout

(30000 milliseconds) waiting for the Trend Micro Personal Firewall

service to connect.
4/9/2010 10:34:30 AM, error: Service Control Manager [7000] - The

Trend Micro Personal Firewall service failed to start due to the

following error: The service did not respond to the start or control

request in a timely fashion.
4/6/2010 10:37:36 AM, error: DCOM [10005] - DCOM got error "%1084"

attempting to start the service EventSystem with arguments "" in order

to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/6/2010 10:35:02 AM, error: Service Control Manager [7009] - Timeout

(30000 milliseconds) waiting for the Trend Micro Proxy Service service

to connect.
4/6/2010 10:35:02 AM, error: Service Control Manager [7000] - The

Trend Micro Proxy Service service failed to start due to the following

error: The service did not respond to the start or control request in

a timely fashion.

==== End Of File ===========================
gumijagr
Regular Member
 
Posts: 17
Joined: April 4th, 2010, 4:43 pm

Re: Ok Here's my Hijack list I keep getting 2 trojan alerts

Unread postby Blade81 » April 11th, 2010, 6:27 am

Hi,

Please disable word wrap in Notepad to make logs appear in more readable format.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Ok Here's my Hijack list I keep getting 2 trojan alerts

Unread postby gumijagr » April 11th, 2010, 6:27 pm

ComboFix 10-04-10.02 - Guy Falone 04/11/2010 14:30:54.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.478 [GMT -7:00]
Running from: c:\documents and settings\Guy Falone\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Protect\track.sys
c:\documents and settings\Guy Falone\Application Data\~tmp.html
c:\documents and settings\Guy Falone\Application Data\config.cfg
c:\documents and settings\Guy Falone\Favorites\Online Security Test.url
c:\documents and settings\Guy Falone\Local Settings\Application Data\{0F80794E-5790-48DF-8088-F06968CE615F}
c:\documents and settings\Guy Falone\Local Settings\Application Data\{0F80794E-5790-48DF-8088-F06968CE615F}\chrome.manifest
c:\documents and settings\Guy Falone\Local Settings\Application Data\{0F80794E-5790-48DF-8088-F06968CE615F}\chrome\content\_cfg.js
c:\documents and settings\Guy Falone\Local Settings\Application Data\{0F80794E-5790-48DF-8088-F06968CE615F}\chrome\content\c.js
c:\documents and settings\Guy Falone\Local Settings\Application Data\{0F80794E-5790-48DF-8088-F06968CE615F}\chrome\content\overlay.xul
c:\documents and settings\Guy Falone\Local Settings\Application Data\{0F80794E-5790-48DF-8088-F06968CE615F}\install.rdf
c:\documents and settings\Michele Falone\Local Settings\Application Data\{A50E925E-D77A-4F63-A0CD-705DDBCD73FB}
c:\documents and settings\Michele Falone\Local Settings\Application Data\{A50E925E-D77A-4F63-A0CD-705DDBCD73FB}\chrome.manifest
c:\documents and settings\Michele Falone\Local Settings\Application Data\{A50E925E-D77A-4F63-A0CD-705DDBCD73FB}\chrome\content\_cfg.js
c:\documents and settings\Michele Falone\Local Settings\Application Data\{A50E925E-D77A-4F63-A0CD-705DDBCD73FB}\chrome\content\c.js
c:\documents and settings\Michele Falone\Local Settings\Application Data\{A50E925E-D77A-4F63-A0CD-705DDBCD73FB}\chrome\content\overlay.xul
c:\documents and settings\Michele Falone\Local Settings\Application Data\{A50E925E-D77A-4F63-A0CD-705DDBCD73FB}\install.rdf
c:\program files\VirusProtectPro 3.7
c:\program files\VirusProtectPro 3.7\ignored.lst
c:\windows\ilozesec.dll
c:\windows\system32\1623630655.dat
c:\windows\Wjejoqeviwecedul.dll

.
((((((((((((((((((((((((( Files Created from 2010-03-11 to 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-04 08:24 . 2010-04-04 20:41 -------- d-----w- c:\program files\TrendMicro
2010-04-02 20:03 . 2010-04-02 20:03 -------- d-----w- c:\windows\system32\log
2010-04-02 20:02 . 2010-04-11 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2010-04-02 00:27 . 2010-04-02 00:27 -------- d-----w- c:\documents and settings\Guy Falone\Local Settings\Application Data\WMTools Downloaded Files
2010-03-30 00:58 . 2010-03-30 00:58 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-26 19:00 . 2010-03-26 19:00 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-03-14 00:20 . 2010-03-14 00:20 -------- d-----w- c:\documents and settings\Michele Falone\Application Data\pdf995

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 19:48 . 2007-08-27 05:32 138328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-11 19:48 . 2007-08-27 05:31 214816 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-11 19:35 . 2008-06-01 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-09 00:16 . 2007-11-01 01:49 -------- d-----w- c:\program files\Xfire
2010-04-07 19:49 . 2010-03-29 18:44 439816 ----a-w- c:\documents and settings\Guy Falone\Application Data\Real\Update\setup3.10\setup.exe
2010-04-04 08:24 . 2010-04-04 08:24 388096 ----a-r- c:\documents and settings\Guy Falone\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-01 09:55 . 2007-08-27 20:10 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-01 09:55 . 2007-08-27 20:10 152 --sh--r- c:\windows\system32\3767958B1C.sys
2010-03-30 00:58 . 2009-02-24 02:22 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-30 00:58 . 2007-11-01 01:49 -------- d-----w- c:\documents and settings\Guy Falone\Application Data\Xfire
2010-03-29 03:36 . 2009-10-06 04:16 -------- d-----w- c:\documents and settings\Guy Falone\Application Data\vlc
2010-03-24 23:51 . 2007-11-03 05:17 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2010-03-14 00:23 . 2008-02-05 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2010-03-11 15:43 . 2009-11-13 14:45 79488 ----a-w- c:\documents and settings\Michele Falone\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-11 05:26 . 2009-11-11 01:49 79488 ----a-w- c:\documents and settings\Guy Falone\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-10 11:22 . 2007-08-28 05:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-10 01:57 . 2007-10-13 15:37 50464 ----a-w- c:\documents and settings\Michele Falone\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-09 20:05 . 2007-08-27 20:10 50464 ----a-w- c:\documents and settings\Guy Falone\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-09 19:55 . 2010-03-09 19:50 -------- d-----w- c:\program files\Windows Live
2010-03-09 19:54 . 2010-03-09 19:54 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-03-09 19:53 . 2010-03-09 19:53 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-03-09 19:51 . 2010-03-09 19:51 -------- d-----w- c:\program files\Microsoft
2010-03-09 19:51 . 2010-03-09 19:51 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-03-07 17:25 . 2010-03-07 17:25 -------- d-----w- c:\documents and settings\Michele Falone\Application Data\TaxCut
2010-03-03 20:32 . 2010-03-03 20:31 19486488 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\US64016501xupd.exe
2010-02-25 06:24 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 00:45 . 2006-03-20 16:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-24 00:44 . 2010-02-24 00:44 -------- d-----w- c:\program files\MGI
2010-02-23 20:58 . 2007-08-04 10:05 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-22 21:09 . 2010-02-22 21:09 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-19 15:36 . 2009-11-04 05:32 430592 ----a-w- c:\documents and settings\All Users\Application Data\5-Day Forecast\setup.exe
2010-02-18 08:21 . 2010-02-18 08:20 18205544 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\US60016401xupd.exe
2010-02-03 00:56 . 2008-02-05 19:51 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2010-02-03 00:56 . 2008-02-05 19:51 249856 ----a-w- c:\windows\system32\pdfmona.dll
2010-02-02 23:57 . 2010-02-02 23:57 3741656 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Downloads\HRBlockCA.exe
2010-02-02 22:21 . 2010-02-02 22:20 16832384 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\US30026001xupd.exe
2008-03-16 06:02 . 2008-02-05 16:49 534 ----a-w- c:\program files\User.Ini
2007-12-17 15:30 . 2008-02-05 16:49 2933171 ----a-w- c:\program files\Olb.exe
2007-12-16 18:56 . 2008-02-05 16:49 93820 ----a-w- c:\program files\whatsnew.eng
2007-12-12 02:41 . 2008-02-05 16:49 61778 ----a-w- c:\program files\Internet.Lst
2007-12-06 18:09 . 2008-02-05 16:49 93892 ----a-w- c:\program files\whatsnew.eng.bak
2007-12-01 19:53 . 2008-02-05 16:49 92194 ----a-w- c:\program files\Messages.eng
2007-08-25 20:47 . 2008-02-05 16:49 28839 ------w- c:\program files\Install.Msg
2007-05-17 04:47 . 2008-02-05 16:49 234751 ----a-w- c:\program files\helpeng.chm
2007-01-28 21:06 . 2008-02-05 16:49 9865 ----a-w- c:\program files\Desktop.Idt
2006-12-25 21:42 . 2008-02-05 16:49 15360 ----a-w- c:\program files\Rapi.dll
2006-12-16 20:50 . 2008-02-05 16:49 69120 ----a-w- c:\program files\OlbDel.Exe
2005-07-29 18:18 . 2008-02-05 16:49 16438 ----a-w- c:\program files\Module.Lst
2005-01-19 17:21 . 2008-02-05 16:49 44330 ----a-w- c:\program files\Category.Lst
2004-04-09 15:27 . 2008-02-05 16:49 143635 ----a-w- c:\program files\TUTORENG.CHM
2004-02-18 23:58 . 2004-02-18 23:58 14246472 ------w- c:\program files\DVDXCopy_Platinum_v4.0.3.8_full_install.exe
2004-02-18 23:58 . 2004-02-18 23:58 130450 ------w- c:\program files\12.02 DVDXCopy Platinum 4.0.3.8.zip
2003-01-21 00:09 . 2008-02-05 16:49 25508 ----a-w- c:\program files\OLBGrk.TTF
2003-01-21 00:09 . 2008-02-05 16:49 22348 ----a-w- c:\program files\OLBHeb.TTF
2001-08-16 14:33 . 2008-02-05 16:49 5496 ----a-w- c:\program files\vireadme.eng
2000-01-09 14:35 . 2008-02-05 16:49 4204 ----a-w- c:\program files\dsp.wav
2000-01-09 14:35 . 2008-02-05 16:49 41972 ----a-w- c:\program files\std.wav
1999-11-30 13:38 . 2008-02-05 16:49 3978 ----a-w- c:\program files\titles.v6
1999-01-09 16:20 . 2008-02-05 16:49 2635 ----a-w- c:\program files\biblewin.exe
1998-09-28 17:41 . 2008-02-05 16:49 3888 ----a-w- c:\program files\paragrap.map
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-05-16 95536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-12 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-28 136600]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-17 106496]
"EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"EPSON Stylus CX4800 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-05-16 54576]
"5-Day Forecast"="c:\program files\5-Day Forecast\5-Day Forecast\5-Day Forecast.exe" [2009-07-29 876544]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-29 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2010-01-29 136744]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-20 24576]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-29 784912]
Register.lnk - c:\program files\AzureBay\AzureBay Screen Saver\Register.exe [2007-8-3 456704]
Wallpaper Changer.lnk - c:\program files\AzureBay\AzureBay Screen Saver\WPChanger.exe [2007-8-3 49664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 18:10 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Wolfenstein _ Enemy Territory\\ET.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\msn.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Cartoon Network\\Ben 10 Bounty Hunters\\RT_Multiplayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/20/2009 6:46 PM 135664]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [1/30/2009 8:58 PM 131072]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [1/30/2009 8:58 PM 79104]
.
Contents of the 'Scheduled Tasks' folder

2010-04-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-04-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-03 11:01]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 01:46]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 01:46]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: musicmatch.com\online
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumAct ... er=2,0,0,4
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://blog.naver.com/common/item/NaverAXGuide.cab
FF - ProfilePath - c:\documents and settings\Guy Falone\Application Data\Mozilla\Firefox\Profiles\klt2ugxs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\Guy Falone\Application Data\Mozilla\Firefox\Profiles\klt2ugxs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft Silverlight\3.0.50106.0\npctrl.1.0.20816.0.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

BHO-{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file)
HKLM-Run-Mwewerihehafi - c:\windows\Wjejoqeviwecedul.dll
HKLM-Run-Svecaye - c:\windows\ilozesec.dll
SharedTaskScheduler-IPC Configuration Utility - (no file)
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 14:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2140)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe
c:\windows\eHome\ehmsas.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-04-11 14:51:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-11 21:50

Pre-Run: 100,187,541,504 bytes free
Post-Run: 102,897,844,224 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 3C2D887E1B64B20891E85050143B4E04
gumijagr
Regular Member
 
Posts: 17
Joined: April 4th, 2010, 4:43 pm

Re: Ok Here's my Hijack list I keep getting 2 trojan alerts

Unread postby Blade81 » April 12th, 2010, 8:49 am

Please post a fresh dds log too.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Ok Here's my Hijack list I keep getting 2 trojan alerts

Unread postby gumijagr » April 12th, 2010, 3:55 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/2/2007 11:51:05 PM
System Uptime: 4/12/2010 12:35:34 PM (0 hours ago)

Motherboard: Dell Inc. | | 0YC523
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 144 GiB total, 95.122 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP901: 1/12/2010 4:59:09 AM - System Checkpoint
RP902: 1/13/2010 6:09:09 AM - System Checkpoint
RP903: 1/14/2010 3:00:21 AM - Software Distribution Service 3.0
RP904: 1/15/2010 3:00:16 AM - Software Distribution Service 3.0
RP905: 1/16/2010 6:32:26 AM - System Checkpoint
RP906: 1/17/2010 3:38:16 PM - System Checkpoint
RP907: 1/18/2010 4:31:29 PM - System Checkpoint
RP908: 1/20/2010 2:38:01 AM - System Checkpoint
RP909: 1/21/2010 10:08:09 AM - System Checkpoint
RP910: 1/22/2010 3:00:17 AM - Software Distribution Service 3.0
RP911: 1/23/2010 3:00:15 AM - Software Distribution Service 3.0
RP912: 1/24/2010 3:25:41 AM - System Checkpoint
RP913: 1/25/2010 3:00:16 AM - Software Distribution Service 3.0
RP914: 1/26/2010 3:00:19 AM - Software Distribution Service 3.0
RP915: 1/27/2010 3:07:09 AM - System Checkpoint
RP916: 1/28/2010 12:34:46 PM - System Checkpoint
RP917: 1/29/2010 1:39:09 PM - System Checkpoint
RP918: 1/30/2010 2:31:34 PM - System Checkpoint
RP919: 1/30/2010 4:13:51 PM - Software Distribution Service 3.0
RP920: 1/31/2010 5:58:14 PM - System Checkpoint
RP921: 2/1/2010 3:00:14 AM - Software Distribution Service 3.0
RP922: 2/2/2010 3:49:53 AM - System Checkpoint
RP923: 2/2/2010 2:18:22 PM - Installed H&R Block Deluxe + Efile + State 2009.
RP924: 2/2/2010 3:57:47 PM - Installed H&R Block California 2009.
RP925: 2/2/2010 4:56:28 PM - Printer Driver PDF995 Printer Driver Installed
RP926: 2/3/2010 5:38:11 PM - System Checkpoint
RP927: 2/4/2010 7:56:40 PM - System Checkpoint
RP928: 2/5/2010 10:54:47 PM - System Checkpoint
RP929: 2/7/2010 12:20:03 AM - System Checkpoint
RP930: 2/8/2010 12:37:03 AM - System Checkpoint
RP931: 2/9/2010 1:38:06 AM - System Checkpoint
RP932: 2/10/2010 1:08:48 AM - Software Distribution Service 3.0
RP933: 2/11/2010 1:38:59 AM - System Checkpoint
RP934: 2/11/2010 3:00:15 AM - Software Distribution Service 3.0
RP935: 2/12/2010 3:47:19 AM - System Checkpoint
RP936: 2/13/2010 4:48:22 AM - System Checkpoint
RP937: 2/14/2010 5:49:54 AM - System Checkpoint
RP938: 2/15/2010 6:44:00 AM - System Checkpoint
RP939: 2/16/2010 7:44:45 AM - System Checkpoint
RP940: 2/17/2010 4:25:00 PM - System Checkpoint
RP941: 2/18/2010 4:47:55 PM - System Checkpoint
RP942: 2/19/2010 6:56:24 PM - System Checkpoint
RP943: 2/20/2010 3:00:14 AM - Software Distribution Service 3.0
RP944: 2/21/2010 3:08:25 AM - System Checkpoint
RP945: 2/22/2010 3:16:39 AM - System Checkpoint
RP946: 2/23/2010 3:00:21 AM - Software Distribution Service 3.0
RP947: 2/23/2010 12:58:13 PM - Installed Adobe Reader 9.3.
RP948: 2/23/2010 11:01:20 PM - Software Distribution Service 3.0
RP949: 2/24/2010 11:33:58 PM - System Checkpoint
RP950: 2/25/2010 3:00:26 AM - Software Distribution Service 3.0
RP951: 2/26/2010 3:33:56 AM - System Checkpoint
RP952: 2/27/2010 3:58:02 AM - System Checkpoint
RP953: 2/28/2010 6:11:47 AM - System Checkpoint
RP954: 3/1/2010 6:35:02 AM - System Checkpoint
RP955: 3/2/2010 3:00:16 AM - Software Distribution Service 3.0
RP956: 3/2/2010 1:05:07 PM - Software Distribution Service 3.0
RP957: 3/3/2010 1:43:12 PM - System Checkpoint
RP958: 3/4/2010 2:37:13 PM - System Checkpoint
RP959: 3/5/2010 11:10:37 PM - System Checkpoint
RP960: 3/7/2010 11:38:29 AM - System Checkpoint
RP961: 3/8/2010 3:00:18 AM - Software Distribution Service 3.0
RP962: 3/9/2010 3:00:21 AM - Software Distribution Service 3.0
RP963: 3/9/2010 11:53:42 AM - Installed Windows XP KB954708.
RP964: 3/9/2010 11:54:06 AM - Installed DirectX
RP965: 3/10/2010 3:00:20 AM - Software Distribution Service 3.0
RP966: 3/10/2010 8:20:01 PM - Software Distribution Service 3.0
RP967: 3/10/2010 10:01:10 PM - Software Distribution Service 3.0
RP968: 3/12/2010 1:18:29 AM - System Checkpoint
RP969: 3/12/2010 3:00:16 AM - Software Distribution Service 3.0
RP970: 3/13/2010 3:57:40 AM - System Checkpoint
RP971: 3/13/2010 4:48:52 PM - Software Distribution Service 3.0
RP972: 3/14/2010 7:35:09 PM - System Checkpoint
RP973: 3/15/2010 3:00:14 AM - Software Distribution Service 3.0
RP974: 3/16/2010 12:47:57 AM - Software Distribution Service 3.0
RP975: 3/17/2010 1:51:38 AM - System Checkpoint
RP976: 3/17/2010 3:00:15 AM - Software Distribution Service 3.0
RP977: 3/18/2010 3:15:34 AM - System Checkpoint
RP978: 3/19/2010 8:11:41 PM - System Checkpoint
RP979: 3/20/2010 3:00:16 AM - Software Distribution Service 3.0
RP980: 3/21/2010 3:26:45 AM - System Checkpoint
RP981: 3/22/2010 5:16:34 PM - System Checkpoint
RP982: 3/23/2010 3:00:15 AM - Software Distribution Service 3.0
RP983: 3/24/2010 12:51:51 AM - Software Distribution Service 3.0
RP984: 3/25/2010 12:54:33 AM - System Checkpoint
RP985: 3/25/2010 3:00:14 AM - Software Distribution Service 3.0
RP986: 3/27/2010 1:10:37 AM - Software Distribution Service 3.0
RP987: 3/28/2010 12:56:54 AM - Software Distribution Service 3.0
RP988: 3/29/2010 1:07:28 AM - System Checkpoint
RP989: 3/29/2010 1:10:22 AM - Software Distribution Service 3.0
RP990: 3/30/2010 2:28:44 AM - Software Distribution Service 3.0
RP991: 3/31/2010 3:00:22 AM - Software Distribution Service 3.0
RP992: 3/31/2010 9:49:25 AM - Software Distribution Service 3.0
RP993: 4/1/2010 2:35:39 AM - Software Distribution Service 3.0
RP994: 4/1/2010 3:00:17 AM - Software Distribution Service 3.0
RP995: 4/2/2010 1:03:18 AM - Software Distribution Service 3.0
RP996: 4/2/2010 12:45:06 PM - Software Distribution Service 3.0
RP997: 4/2/2010 1:01:59 PM - Installed Trend Micro Internet Security
RP998: 4/3/2010 3:00:25 AM - Software Distribution Service 3.0
RP999: 4/4/2010 1:24:29 AM - Installed HiJackThis
RP1000: 4/4/2010 1:30:45 AM - Software Distribution Service 3.0
RP1001: 4/4/2010 2:25:21 PM - Software Distribution Service 3.0
RP1002: 4/5/2010 10:30:44 AM - Software Distribution Service 3.0
RP1003: 4/6/2010 10:44:09 AM - Software Distribution Service 3.0
RP1004: 4/7/2010 12:09:08 PM - System Checkpoint
RP1005: 4/7/2010 1:06:28 PM - Software Distribution Service 3.0
RP1006: 4/8/2010 4:15:06 PM - System Checkpoint
RP1007: 4/9/2010 2:43:05 AM - Software Distribution Service 3.0
RP1008: 4/9/2010 10:40:22 AM - Software Distribution Service 3.0
RP1009: 4/10/2010 11:15:39 AM - Software Distribution Service 3.0
RP1010: 4/11/2010 11:51:42 AM - System Checkpoint
RP1011: 4/11/2010 12:46:13 PM - Software Distribution Service 3.0
RP1012: 4/11/2010 2:19:46 PM - Removed Trend Micro Internet Security
RP1013: 4/11/2010 2:55:23 PM - Installed Trend Micro Internet Security
RP1014: 4/11/2010 11:37:50 PM - Software Distribution Service 3.0

==== Installed Programs ======================

??? ActiveX ???
5-Day Forecast
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
Adobe Shockwave Player
AGEIA PhysX v7.05.17
AhnLab Online Security
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
ATI Control Panel
ATI Display Driver
AzureBay Screen Saver
Ben 10 Alien Force Bounty Hunters
Bonjour
CDDRV_Installer
Conexant D850 56K V.9x DFVc Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Daum ActiveX ÄÁÆ®·Ñ - ??? ?????
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Games
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
Disney Pirates of the Caribbean Online
EarthLink setup files
EducateU
ELIcon
Enemy Territory - QUAKE Wars(TM)
Enemy Territory - QUAKE Wars(TM) 1.1 Patch
Enemy Territory - QUAKE Wars(TM) 1.1 Patch
EPSON CX 4200 4800 Guide
EPSON Printer Software
EPSON Scan
erLT
ESPNMotion
Garmin Communicator Plugin
Garmin USB Drivers
GemMaster Mystic
Get High Speed Internet!
Google Earth
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
H&R Block California 2009
H&R Block Deluxe + Efile + State 2009
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Insaniquarium Deluxe
Intel Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Intel(R) Quick Resume Technology Drivers
Intel® Viiv™
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
KhalInstallWrapper
Learn2 Player (Uninstall Only)
Logitech SetPoint
LucasArts' X-Wing vs. TIE Fighter
MGI PhotoSuite 8.1 (Remove Only)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Mozilla Firefox (3.6.3)
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Musicmatch for Windows Media Player
Musicmatch® Jukebox
NetWaiting
NetZeroInstallers
OLYMPUS Master 2
Online Bible 10.10.09
Otto
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
Picasa 3
Planetarium
QuickTime
RealPlayer
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
Search Assist
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
SoulSeek Client 156c
TaxCut California 2007
TaxCut California 2008
TaxCut Premium + State + Efile 2007
TaxCut Premium + State + Efile 2008
Trend Micro Internet Security
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Media Player
VLC media player 1.0.1
WebFldrs XP
WildTangent Games
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Wizard101
Wolfenstein - Enemy Territory
WordPerfect Office 12
Xfire (remove only)

==== Event Viewer Messages From Past Week ========

4/9/2010 11:52:11 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\D.
4/9/2010 10:45:16 AM, error: Service Control Manager [7034] - The Trend Micro Central Control Component service terminated unexpectedly. It has done this 1 time(s).
4/9/2010 10:34:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Trend Micro Personal Firewall service to connect.
4/9/2010 10:34:30 AM, error: Service Control Manager [7000] - The Trend Micro Personal Firewall service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/6/2010 10:38:32 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/6/2010 10:35:02 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Trend Micro Proxy Service service to connect.
4/6/2010 10:35:02 AM, error: Service Control Manager [7000] - The Trend Micro Proxy Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================
gumijagr
Regular Member
 
Posts: 17
Joined: April 4th, 2010, 4:43 pm

Re: Ok Here's my Hijack list I keep getting 2 trojan alerts

Unread postby gumijagr » April 12th, 2010, 3:56 pm

svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\5-Day Forecast\5-Day Forecast\5-Day Forecast.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Guy Falone\Local Settings\Temporary Internet Files\Content.IE5\K5R785E0\dds[1].com

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [EPSON Stylus CX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [EPSON Stylus CX4800 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_FATIADA.EXE /P35 "EPSON Stylus CX4800 Series (Copy 1)" /O6 "USB001" /M "Stylus CX4800"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [5-Day Forecast] "c:\program files\5-day forecast\5-day forecast\5-Day Forecast.exe" /Startup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\register.lnk - c:\program files\azurebay\azurebay screen saver\Register.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wallpa~1.lnk - c:\program files\azurebay\azurebay screen saver\WPChanger.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: musicmatch.com\online
DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} - hxxp://ahnlabdownload.nefficient.co.kr/ ... aosmgr.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shoc ... wswaxf.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/tes ... eGames.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumAct ... er=2,0,0,4
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} - hxxp://fdl.msn.com/public/investor/v13/ticker.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://blog.naver.com/common/item/NaverAXGuide.cab
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\guyfal~1\applic~1\mozilla\firefox\profiles\klt2ugxs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\guy falone\application data\mozilla\firefox\profiles\klt2ugxs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.50106.0\npctrl.1.0.20816.0.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-3-9 54752]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-4-11 50192]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-4-11 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2010-4-11 335376]
R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2010-4-11 488768]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-4-11 648456]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2009-1-30 131072]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-1-30 79104]

=============== Created Last 30 ================

2010-04-11 21:56:25 52752 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-04-11 21:56:25 50192 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-04-11 21:56:25 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-11 21:55:25 0 d-----w- c:\program files\Trend Micro
2010-04-11 21:53:37 656648 ----a-w- c:\windows\system32\UfWSC.cpl
2010-04-11 21:53:30 66320 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-04-11 21:53:30 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2010-04-11 21:53:30 335376 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2010-04-11 21:53:30 225808 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2010-04-11 21:53:30 1223832 ----a-w- c:\windows\system32\drivers\vsapint.sys
2010-04-11 21:25:15 0 d-sha-r- C:\cmdcons
2010-04-11 21:23:51 98816 ----a-w- c:\windows\sed.exe
2010-04-11 21:23:51 77312 ----a-w- c:\windows\MBR.exe
2010-04-11 21:23:51 261632 ----a-w- c:\windows\PEV.exe
2010-04-11 21:23:51 161792 ----a-w- c:\windows\SWREG.exe
2010-04-04 08:24:30 0 d-----w- c:\program files\TrendMicro
2010-04-02 20:03:17 0 d-----w- c:\windows\system32\log
2010-04-02 20:02:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Trend Micro
2010-03-30 00:58:47 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-26 19:00:50 41872 ----a-w- c:\windows\system32\xfcodec.dll

==================== Find3M ====================

2010-04-12 03:07:03 138328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-12 03:06:54 214816 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-01 09:55:36 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-02-25 18:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-03 00:56:21 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2010-02-03 00:56:21 249856 ----a-w- c:\windows\system32\pdfmona.dll
2008-03-16 06:02:50 534 ----a-w- c:\program files\User.Ini
2007-12-17 15:30:12 2933171 ----a-w- c:\program files\Olb.exe
2007-12-16 18:56:34 93820 ----a-w- c:\program files\whatsnew.eng
2007-12-12 02:41:32 61778 ----a-w- c:\program files\Internet.Lst
2007-12-06 18:09:04 93892 ----a-w- c:\program files\whatsnew.eng.bak
2007-12-01 19:53:20 92194 ----a-w- c:\program files\Messages.eng
2007-08-25 20:47:54 28839 ------w- c:\program files\Install.Msg
2007-05-17 04:47:34 234751 ----a-w- c:\program files\helpeng.chm
2007-01-28 21:06:44 9865 ----a-w- c:\program files\Desktop.Idt
2006-12-25 21:42:04 15360 ----a-w- c:\program files\Rapi.dll
2006-12-16 20:50:58 69120 ----a-w- c:\program files\OlbDel.Exe
2005-07-29 18:18:00 16438 ----a-w- c:\program files\Module.Lst
2005-01-19 17:21:26 44330 ----a-w- c:\program files\Category.Lst
2004-04-09 15:27:52 143635 ----a-w- c:\program files\TUTORENG.CHM
2004-02-18 23:58:52 14246472 ------w- c:\program files\DVDXCopy_Platinum_v4.0.3.8_full_install.exe
2004-02-18 23:58:04 130450 ------w- c:\program files\12.02 DVDXCopy Platinum 4.0.3.8.zip
2003-01-21 00:09:10 25508 ----a-w- c:\program files\OLBGrk.TTF
2003-01-21 00:09:10 22348 ----a-w- c:\program files\OLBHeb.TTF
2001-08-16 14:33:56 5496 ----a-w- c:\program files\vireadme.eng
2000-01-09 14:35:54 4204 ----a-w- c:\program files\dsp.wav
2000-01-09 14:35:50 41972 ----a-w- c:\program files\std.wav
1999-11-30 13:38:46 3978 ----a-w- c:\program files\titles.v6
1999-01-09 16:20:36 2635 ----a-w- c:\program files\biblewin.exe
1998-09-28 17:41:56 3888 ----a-w- c:\program files\paragrap.map
2008-08-25 21:57:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082520080826\index.dat

============= FINISH: 12:53:17.07 ===============
gumijagr
Regular Member
 
Posts: 17
Joined: April 4th, 2010, 4:43 pm

Re: Ok Here's my Hijack list I keep getting 2 trojan alerts

Unread postby Blade81 » April 13th, 2010, 11:58 am

Hi,

Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab, unselect files option and then click scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Ok Here's my Hijack list I keep getting 2 trojan alerts

Unread postby gumijagr » April 14th, 2010, 12:00 pm

thanks for all your time and help! I really appreciate it . before I downloaded the Gmer program all seemed quicker and the Orphans seemed to have been removed. after I sownload that program it looks like when I get near it or try to send the file my computer bogs down and seems to freeze up and I had to shut it down by holding the power button finally. I will try to save the file and copy it to my desktop then send it again , hope it works this time for you.
thanks again for sticking with this!
Guy F.
gumijagr
Regular Member
 
Posts: 17
Joined: April 4th, 2010, 4:43 pm

Re: Ok Here's my Hijack list I keep getting 2 trojan alerts

Unread postby gumijagr » April 14th, 2010, 12:19 pm

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-14 09:08:20
Windows 5.1.2600 Service Pack 3
Running: utqpew75[1].exe; Driver: C:\DOCUME~1\GUYFAL~1\LOCALS~1\Temp\kxloapog.sys


---- System - GMER 1.0.15 ----

SSDT 8531EC60 ZwCreateKey
SSDT 8531E160 ZwCreateProcess
SSDT 8531E420 ZwCreateProcessEx
SSDT 8531FAC0 ZwCreateThread
SSDT 8531F1E0 ZwDeleteKey
SSDT 8531F4A0 ZwDeleteValueKey
SSDT 8531FC60 ZwLoadDriver
SSDT 8531E6E0 ZwOpenProcess
SSDT 8531EF20 ZwSetValueKey
SSDT 8531E9A0 ZwTerminateProcess
SSDT 8531F920 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 80504870 4 Bytes JMP ABF6CDA6

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4236] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4236] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4236] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4236] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4236] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4236] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4236] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4236] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4236] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4236] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4236] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4236] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4236] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4236] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4236] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CAE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4236] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CAEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4236] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CAE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4236] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CAE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4236] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CAE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4236] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CAF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5040] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5040] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5040] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5040] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5040] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5040] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5040] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5040] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5040] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5212] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5212] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5212] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5212] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5212] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5212] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5212] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5212] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5212] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5212] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5212] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5212] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5212] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5212] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5212] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CAE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5212] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CAEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5212] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CAE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5212] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CAE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5212] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CAE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5212] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CAF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[4236] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[5212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----
gumijagr
Regular Member
 
Posts: 17
Joined: April 4th, 2010, 4:43 pm

Re: Ok Here's my Hijack list I keep getting 2 trojan alerts

Unread postby Blade81 » April 14th, 2010, 1:07 pm

Thanks for the log.

Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
Folder::
c:\program files\limewire
c:\program files\soulseek
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Soulseek\\slsk.exe"=-
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Update Adobe Reader with version 9.3.2 here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Uninstall your current Adobe shockwave player and get the fresh one here if needed.


Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 19.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u19-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Ok Here's my Hijack list I keep getting 2 trojan alerts

Unread postby gumijagr » April 14th, 2010, 5:43 pm

ComboFix 10-04-10.02 - Guy Falone 04/14/2010 13:32:02.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.612 [GMT -7:00]
Running from: c:\documents and settings\Guy Falone\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Guy Falone\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\limewire
c:\program files\limewire\lib\aopalliance.jar
c:\program files\limewire\lib\clink.jar
c:\program files\limewire\lib\commons-codec-1.3.jar
c:\program files\limewire\lib\commons-logging.jar
c:\program files\limewire\lib\commons-net.jar
c:\program files\limewire\lib\daap.jar
c:\program files\limewire\lib\dnsjava.jar
c:\program files\limewire\lib\forms.jar
c:\program files\limewire\lib\foxtrot.jar
c:\program files\limewire\lib\gettext-commons.jar
c:\program files\limewire\lib\guice-1.0.jar
c:\program files\limewire\lib\hsqldb.jar
c:\program files\limewire\lib\httpclient-4.0-alpha5-20080522.192134-5.jar
c:\program files\limewire\lib\httpcore-4.0-beta2-20080510.140437-10.jar
c:\program files\limewire\lib\httpcore-nio-4.0-beta2-20080510.140437-10.jar
c:\program files\limewire\lib\icu4j.jar
c:\program files\limewire\lib\jaudiotagger.jar
c:\program files\limewire\lib\jcraft.jar
c:\program files\limewire\lib\jdic.dll
c:\program files\limewire\lib\jdic.jar
c:\program files\limewire\lib\jdic_stub.jar
c:\program files\limewire\lib\jflac.jar
c:\program files\limewire\lib\jl.jar
c:\program files\limewire\lib\jmdns.jar
c:\program files\limewire\lib\jogg.jar
c:\program files\limewire\lib\jorbis.jar
c:\program files\limewire\lib\LimeWire.jar
c:\program files\limewire\lib\log4j.jar
c:\program files\limewire\lib\looks.jar
c:\program files\limewire\lib\messages.jar
c:\program files\limewire\lib\mp3spi.jar
c:\program files\limewire\lib\onion-common.jar
c:\program files\limewire\lib\onion-fec.jar
c:\program files\limewire\lib\ProgressTabs.jar
c:\program files\limewire\lib\swt.jar
c:\program files\limewire\lib\SystemUtilities.dll
c:\program files\limewire\lib\themes.jar
c:\program files\limewire\lib\tray.dll
c:\program files\limewire\lib\tritonus.jar
c:\program files\limewire\lib\vorbisspi.jar
c:\program files\limewire\LimeWire.exe
c:\program files\soulseek
c:\program files\soulseek\attrstrings.cfg
c:\program files\soulseek\autoaway.cfg
c:\program files\soulseek\chatrooms.cfg
c:\program files\soulseek\chatui.cfg
c:\program files\soulseek\dlbans.cfg
c:\program files\soulseek\extensions.cfg
c:\program files\soulseek\hotlist.cfg
c:\program files\soulseek\ignores.cfg
c:\program files\soulseek\login.cfg
c:\program files\soulseek\message.wav
c:\program files\soulseek\pchat.cfg
c:\program files\soulseek\port.cfg
c:\program files\soulseek\queue.cfg
c:\program files\soulseek\queue2.cfg
c:\program files\soulseek\rcmnd.cfg
c:\program files\soulseek\Readme.txt
c:\program files\soulseek\save.cfg
c:\program files\soulseek\search.cfg
c:\program files\soulseek\shared.cfg
c:\program files\soulseek\slsk.exe
c:\program files\soulseek\ticker.cfg
c:\program files\soulseek\transfersview.cfg
c:\program files\soulseek\ui.cfg
c:\program files\soulseek\uninstall.exe
c:\program files\soulseek\userinfo.cfg
c:\program files\soulseek\usernotes.cfg
c:\program files\soulseek\wishlist.cfg

.
((((((((((((((((((((((((( Files Created from 2010-03-14 to 2010-04-14 )))))))))))))))))))))))))))))))
.

2010-04-13 23:31 . 2010-04-13 23:31 -------- d-----w- c:\documents and settings\Michele Falone\Tracing
2010-04-04 08:24 . 2010-04-04 08:24 388096 ----a-r- c:\documents and settings\Guy Falone\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-04 08:24 . 2010-04-04 20:41 -------- d-----w- c:\program files\TrendMicro
2010-04-02 20:03 . 2010-04-02 20:03 -------- d-----w- c:\windows\system32\log
2010-04-02 20:02 . 2010-04-14 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2010-04-02 00:27 . 2010-04-02 00:27 -------- d-----w- c:\documents and settings\Guy Falone\Local Settings\Application Data\WMTools Downloaded Files
2010-03-30 00:58 . 2010-03-30 00:58 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-29 18:44 . 2010-04-07 19:49 439816 ----a-w- c:\documents and settings\Guy Falone\Application Data\Real\Update\setup3.10\setup.exe
2010-03-26 19:00 . 2010-03-26 19:00 41872 ----a-w- c:\windows\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 17:54 . 2009-11-11 01:49 79488 ----a-w- c:\documents and settings\Guy Falone\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-04-14 16:42 . 2007-08-27 05:32 138328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-14 16:42 . 2007-08-27 05:31 214816 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-13 23:32 . 2009-11-13 14:45 79488 ----a-w- c:\documents and settings\Michele Falone\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-04-13 21:37 . 2008-06-01 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-09 00:16 . 2007-11-01 01:49 -------- d-----w- c:\program files\Xfire
2010-04-01 09:55 . 2007-08-27 20:10 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-01 09:55 . 2007-08-27 20:10 152 --sh--r- c:\windows\system32\3767958B1C.sys
2010-03-30 00:58 . 2009-02-24 02:22 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-30 00:58 . 2007-11-01 01:49 -------- d-----w- c:\documents and settings\Guy Falone\Application Data\Xfire
2010-03-29 03:36 . 2009-10-06 04:16 -------- d-----w- c:\documents and settings\Guy Falone\Application Data\vlc
2010-03-24 23:51 . 2007-11-03 05:17 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2010-03-14 00:23 . 2008-02-05 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2010-03-14 00:20 . 2010-03-14 00:20 -------- d-----w- c:\documents and settings\Michele Falone\Application Data\pdf995
2010-03-10 11:22 . 2007-08-28 05:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-10 06:15 . 2005-08-16 10:18 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 01:57 . 2007-10-13 15:37 50464 ----a-w- c:\documents and settings\Michele Falone\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-09 20:05 . 2007-08-27 20:10 50464 ----a-w- c:\documents and settings\Guy Falone\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-09 19:55 . 2010-03-09 19:50 -------- d-----w- c:\program files\Windows Live
2010-03-09 19:54 . 2010-03-09 19:54 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-03-09 19:53 . 2010-03-09 19:53 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-03-09 19:51 . 2010-03-09 19:51 -------- d-----w- c:\program files\Microsoft
2010-03-09 19:51 . 2010-03-09 19:51 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-03-07 17:25 . 2010-03-07 17:25 -------- d-----w- c:\documents and settings\Michele Falone\Application Data\TaxCut
2010-03-03 20:32 . 2010-03-03 20:31 19486488 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\US64016501xupd.exe
2010-02-25 06:24 . 2005-08-16 10:18 916480 ------w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2006-03-20 16:02 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 00:45 . 2006-03-20 16:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-24 00:44 . 2010-02-24 00:44 -------- d-----w- c:\program files\MGI
2010-02-23 20:58 . 2007-08-04 10:05 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-22 21:09 . 2010-02-22 21:09 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-19 15:36 . 2009-11-04 05:32 430592 ----a-w- c:\documents and settings\All Users\Application Data\5-Day Forecast\setup.exe
2010-02-18 08:21 . 2010-02-18 08:20 18205544 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\US60016401xupd.exe
2010-02-16 14:08 . 2005-08-16 10:18 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 04:59 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2005-08-16 10:18 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2005-08-16 10:18 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-03 00:56 . 2008-02-05 19:51 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2010-02-03 00:56 . 2008-02-05 19:51 249856 ----a-w- c:\windows\system32\pdfmona.dll
2010-02-02 23:57 . 2010-02-02 23:57 3741656 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Downloads\HRBlockCA.exe
2010-02-02 22:21 . 2010-02-02 22:20 16832384 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\US30026001xupd.exe
2008-03-16 06:02 . 2008-02-05 16:49 534 ----a-w- c:\program files\User.Ini
2007-12-17 15:30 . 2008-02-05 16:49 2933171 ----a-w- c:\program files\Olb.exe
2007-12-16 18:56 . 2008-02-05 16:49 93820 ----a-w- c:\program files\whatsnew.eng
2007-12-12 02:41 . 2008-02-05 16:49 61778 ----a-w- c:\program files\Internet.Lst
2007-12-06 18:09 . 2008-02-05 16:49 93892 ----a-w- c:\program files\whatsnew.eng.bak
2007-12-01 19:53 . 2008-02-05 16:49 92194 ----a-w- c:\program files\Messages.eng
2007-08-25 20:47 . 2008-02-05 16:49 28839 ------w- c:\program files\Install.Msg
2007-05-17 04:47 . 2008-02-05 16:49 234751 ----a-w- c:\program files\helpeng.chm
2007-01-28 21:06 . 2008-02-05 16:49 9865 ----a-w- c:\program files\Desktop.Idt
2006-12-25 21:42 . 2008-02-05 16:49 15360 ----a-w- c:\program files\Rapi.dll
2006-12-16 20:50 . 2008-02-05 16:49 69120 ----a-w- c:\program files\OlbDel.Exe
2005-07-29 18:18 . 2008-02-05 16:49 16438 ----a-w- c:\program files\Module.Lst
2005-01-19 17:21 . 2008-02-05 16:49 44330 ----a-w- c:\program files\Category.Lst
2004-04-09 15:27 . 2008-02-05 16:49 143635 ----a-w- c:\program files\TUTORENG.CHM
2004-02-18 23:58 . 2004-02-18 23:58 14246472 ------w- c:\program files\DVDXCopy_Platinum_v4.0.3.8_full_install.exe
2004-02-18 23:58 . 2004-02-18 23:58 130450 ------w- c:\program files\12.02 DVDXCopy Platinum 4.0.3.8.zip
2003-01-21 00:09 . 2008-02-05 16:49 25508 ----a-w- c:\program files\OLBGrk.TTF
2003-01-21 00:09 . 2008-02-05 16:49 22348 ----a-w- c:\program files\OLBHeb.TTF
2001-08-16 14:33 . 2008-02-05 16:49 5496 ----a-w- c:\program files\vireadme.eng
2000-01-09 14:35 . 2008-02-05 16:49 4204 ----a-w- c:\program files\dsp.wav
2000-01-09 14:35 . 2008-02-05 16:49 41972 ----a-w- c:\program files\std.wav
1999-11-30 13:38 . 2008-02-05 16:49 3978 ----a-w- c:\program files\titles.v6
1999-01-09 16:20 . 2008-02-05 16:49 2635 ----a-w- c:\program files\biblewin.exe
1998-09-28 17:41 . 2008-02-05 16:49 3888 ----a-w- c:\program files\paragrap.map
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-05-16 95536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-12 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-28 136600]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-17 106496]
"EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"EPSON Stylus CX4800 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-05-16 54576]
"5-Day Forecast"="c:\program files\5-Day Forecast\5-Day Forecast\5-Day Forecast.exe" [2009-07-29 876544]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-29 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2010-01-29 136744]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-20 24576]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-29 784912]
Register.lnk - c:\program files\AzureBay\AzureBay Screen Saver\Register.exe [2007-8-3 456704]
Wallpaper Changer.lnk - c:\program files\AzureBay\AzureBay Screen Saver\WPChanger.exe [2007-8-3 49664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 18:10 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Wolfenstein _ Enemy Territory\\ET.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\msn.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Cartoon Network\\Ben 10 Bounty Hunters\\RT_Multiplayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/20/2009 6:46 PM 135664]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [1/30/2009 8:58 PM 131072]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [1/30/2009 8:58 PM 79104]
.
Contents of the 'Scheduled Tasks' folder

2010-04-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-04-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-03 11:01]

2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 01:46]

2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 01:46]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: musicmatch.com\online
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumAct ... er=2,0,0,4
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://blog.naver.com/common/item/NaverAXGuide.cab
FF - ProfilePath - c:\documents and settings\Guy Falone\Application Data\Mozilla\Firefox\Profiles\klt2ugxs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\Guy Falone\Application Data\Mozilla\Firefox\Profiles\klt2ugxs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft Silverlight\3.0.50106.0\npctrl.1.0.20816.0.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Soulseek - c:\program files\Soulseek\uninstall.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2010-04-14 13:42:48
ComboFix-quarantined-files.txt 2010-04-14 20:42
ComboFix2.txt 2010-04-11 21:51

Pre-Run: 102,710,169,600 bytes free
Post-Run: 102,762,663,936 bytes free

- - End Of File - - 76A5CE07CE7E8A8234894FCC6B5FBA48
gumijagr
Regular Member
 
Posts: 17
Joined: April 4th, 2010, 4:43 pm

Re: Ok Here's my Hijack list I keep getting 2 trojan alerts

Unread postby Blade81 » April 15th, 2010, 1:18 pm

Good. I shall wait for Kaspersky report & fresh dds log.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware