Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Ok Here's my Hijack list I keep getting 2 trojan alerts

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Ok Here's my Hijack list I keep getting 2 trojan alerts

Unread postby gumijagr » April 15th, 2010, 8:05 pm

DDS (Ver_10-03-17.01) - NTFSx86
Run by Guy Falone at 17:02:07.56 on Thu 04/15/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.361 [GMT -7:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\5-Day Forecast\5-Day Forecast\5-Day Forecast.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Guy Falone\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [EPSON Stylus CX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [EPSON Stylus CX4800 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_FATIADA.EXE /P35 "EPSON Stylus CX4800 Series (Copy 1)" /O6 "USB001" /M "Stylus CX4800"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [5-Day Forecast] "c:\program files\5-day forecast\5-day forecast\5-Day Forecast.exe" /Startup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\register.lnk - c:\program files\azurebay\azurebay screen saver\Register.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wallpa~1.lnk - c:\program files\azurebay\azurebay screen saver\WPChanger.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: musicmatch.com\online
DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} - hxxp://ahnlabdownload.nefficient.co.kr/ ... aosmgr.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shoc ... wswaxf.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/tes ... eGames.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumAct ... er=2,0,0,4
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} - hxxp://fdl.msn.com/public/investor/v13/ticker.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://blog.naver.com/common/item/NaverAXGuide.cab
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\guyfal~1\applic~1\mozilla\firefox\profiles\klt2ugxs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\guy falone\application data\mozilla\firefox\profiles\klt2ugxs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.50106.0\npctrl.1.0.20816.0.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-3-9 54752]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-4-14 50192]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-4-14 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2010-4-14 335376]
R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2010-4-14 488768]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-4-14 648456]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2009-1-30 131072]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-1-30 79104]

=============== Created Last 30 ================

2010-04-14 23:18:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-14 21:11:11 52752 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-04-14 21:11:11 50192 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-04-14 21:11:11 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-14 21:10:06 0 d-----w- c:\program files\Trend Micro
2010-04-14 21:09:33 656648 ----a-w- c:\windows\system32\UfWSC.cpl
2010-04-14 21:09:22 66320 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-04-14 21:09:22 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2010-04-14 21:09:22 335376 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2010-04-14 21:09:22 225808 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2010-04-14 21:09:22 1223832 ----a-w- c:\windows\system32\drivers\vsapint.sys
2010-04-14 20:29:57 0 d-----w- C:\ComboFix
2010-04-11 21:25:15 0 d-sha-r- C:\cmdcons
2010-04-11 21:23:51 98816 ----a-w- c:\windows\sed.exe
2010-04-11 21:23:51 77312 ----a-w- c:\windows\MBR.exe
2010-04-11 21:23:51 261632 ----a-w- c:\windows\PEV.exe
2010-04-11 21:23:51 161792 ----a-w- c:\windows\SWREG.exe
2010-04-04 08:24:30 0 d-----w- c:\program files\TrendMicro
2010-04-02 20:03:17 0 d-----w- c:\windows\system32\log
2010-04-02 20:02:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Trend Micro
2010-03-30 00:58:47 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-26 19:00:50 41872 ----a-w- c:\windows\system32\xfcodec.dll

==================== Find3M ====================

2010-04-15 05:41:12 138328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-15 05:41:03 214816 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-14 23:17:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-01 09:55:36 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 18:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-17 16:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2010-02-03 00:56:21 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2010-02-03 00:56:21 249856 ----a-w- c:\windows\system32\pdfmona.dll
2008-03-16 06:02:50 534 ----a-w- c:\program files\User.Ini
2007-12-17 15:30:12 2933171 ----a-w- c:\program files\Olb.exe
2007-12-16 18:56:34 93820 ----a-w- c:\program files\whatsnew.eng
2007-12-12 02:41:32 61778 ----a-w- c:\program files\Internet.Lst
2007-12-06 18:09:04 93892 ----a-w- c:\program files\whatsnew.eng.bak
2007-12-01 19:53:20 92194 ----a-w- c:\program files\Messages.eng
2007-08-25 20:47:54 28839 ------w- c:\program files\Install.Msg
2007-05-17 04:47:34 234751 ----a-w- c:\program files\helpeng.chm
2007-01-28 21:06:44 9865 ----a-w- c:\program files\Desktop.Idt
2006-12-25 21:42:04 15360 ----a-w- c:\program files\Rapi.dll
2006-12-16 20:50:58 69120 ----a-w- c:\program files\OlbDel.Exe
2005-07-29 18:18:00 16438 ----a-w- c:\program files\Module.Lst
2005-01-19 17:21:26 44330 ----a-w- c:\program files\Category.Lst
2004-04-09 15:27:52 143635 ----a-w- c:\program files\TUTORENG.CHM
2004-02-18 23:58:52 14246472 ------w- c:\program files\DVDXCopy_Platinum_v4.0.3.8_full_install.exe
2004-02-18 23:58:04 130450 ------w- c:\program files\12.02 DVDXCopy Platinum 4.0.3.8.zip
2003-01-21 00:09:10 25508 ----a-w- c:\program files\OLBGrk.TTF
2003-01-21 00:09:10 22348 ----a-w- c:\program files\OLBHeb.TTF
2001-08-16 14:33:56 5496 ----a-w- c:\program files\vireadme.eng
2000-01-09 14:35:54 4204 ----a-w- c:\program files\dsp.wav
2000-01-09 14:35:50 41972 ----a-w- c:\program files\std.wav
1999-11-30 13:38:46 3978 ----a-w- c:\program files\titles.v6
1999-01-09 16:20:36 2635 ----a-w- c:\program files\biblewin.exe
1998-09-28 17:41:56 3888 ----a-w- c:\program files\paragrap.map
2008-08-25 21:57:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082520080826\index.dat

============= FINISH: 17:03:14.26 ===============
gumijagr
Regular Member
 
Posts: 17
Joined: April 4th, 2010, 4:43 pm
Advertisement
Register to Remove

Re: Ok Here's my Hijack list I keep getting 2 trojan alerts

Unread postby gumijagr » April 15th, 2010, 8:06 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/2/2007 11:51:05 PM
System Uptime: 4/15/2010 4:53:44 PM (1 hours ago)

Motherboard: Dell Inc. | | 0YC523
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 144 GiB total, 94.422 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP905: 1/16/2010 6:32:26 AM - System Checkpoint
RP906: 1/17/2010 3:38:16 PM - System Checkpoint
RP907: 1/18/2010 4:31:29 PM - System Checkpoint
RP908: 1/20/2010 2:38:01 AM - System Checkpoint
RP909: 1/21/2010 10:08:09 AM - System Checkpoint
RP910: 1/22/2010 3:00:17 AM - Software Distribution Service 3.0
RP911: 1/23/2010 3:00:15 AM - Software Distribution Service 3.0
RP912: 1/24/2010 3:25:41 AM - System Checkpoint
RP913: 1/25/2010 3:00:16 AM - Software Distribution Service 3.0
RP914: 1/26/2010 3:00:19 AM - Software Distribution Service 3.0
RP915: 1/27/2010 3:07:09 AM - System Checkpoint
RP916: 1/28/2010 12:34:46 PM - System Checkpoint
RP917: 1/29/2010 1:39:09 PM - System Checkpoint
RP918: 1/30/2010 2:31:34 PM - System Checkpoint
RP919: 1/30/2010 4:13:51 PM - Software Distribution Service 3.0
RP920: 1/31/2010 5:58:14 PM - System Checkpoint
RP921: 2/1/2010 3:00:14 AM - Software Distribution Service 3.0
RP922: 2/2/2010 3:49:53 AM - System Checkpoint
RP923: 2/2/2010 2:18:22 PM - Installed H&R Block Deluxe + Efile + State 2009.
RP924: 2/2/2010 3:57:47 PM - Installed H&R Block California 2009.
RP925: 2/2/2010 4:56:28 PM - Printer Driver PDF995 Printer Driver Installed
RP926: 2/3/2010 5:38:11 PM - System Checkpoint
RP927: 2/4/2010 7:56:40 PM - System Checkpoint
RP928: 2/5/2010 10:54:47 PM - System Checkpoint
RP929: 2/7/2010 12:20:03 AM - System Checkpoint
RP930: 2/8/2010 12:37:03 AM - System Checkpoint
RP931: 2/9/2010 1:38:06 AM - System Checkpoint
RP932: 2/10/2010 1:08:48 AM - Software Distribution Service 3.0
RP933: 2/11/2010 1:38:59 AM - System Checkpoint
RP934: 2/11/2010 3:00:15 AM - Software Distribution Service 3.0
RP935: 2/12/2010 3:47:19 AM - System Checkpoint
RP936: 2/13/2010 4:48:22 AM - System Checkpoint
RP937: 2/14/2010 5:49:54 AM - System Checkpoint
RP938: 2/15/2010 6:44:00 AM - System Checkpoint
RP939: 2/16/2010 7:44:45 AM - System Checkpoint
RP940: 2/17/2010 4:25:00 PM - System Checkpoint
RP941: 2/18/2010 4:47:55 PM - System Checkpoint
RP942: 2/19/2010 6:56:24 PM - System Checkpoint
RP943: 2/20/2010 3:00:14 AM - Software Distribution Service 3.0
RP944: 2/21/2010 3:08:25 AM - System Checkpoint
RP945: 2/22/2010 3:16:39 AM - System Checkpoint
RP946: 2/23/2010 3:00:21 AM - Software Distribution Service 3.0
RP947: 2/23/2010 12:58:13 PM - Installed Adobe Reader 9.3.
RP948: 2/23/2010 11:01:20 PM - Software Distribution Service 3.0
RP949: 2/24/2010 11:33:58 PM - System Checkpoint
RP950: 2/25/2010 3:00:26 AM - Software Distribution Service 3.0
RP951: 2/26/2010 3:33:56 AM - System Checkpoint
RP952: 2/27/2010 3:58:02 AM - System Checkpoint
RP953: 2/28/2010 6:11:47 AM - System Checkpoint
RP954: 3/1/2010 6:35:02 AM - System Checkpoint
RP955: 3/2/2010 3:00:16 AM - Software Distribution Service 3.0
RP956: 3/2/2010 1:05:07 PM - Software Distribution Service 3.0
RP957: 3/3/2010 1:43:12 PM - System Checkpoint
RP958: 3/4/2010 2:37:13 PM - System Checkpoint
RP959: 3/5/2010 11:10:37 PM - System Checkpoint
RP960: 3/7/2010 11:38:29 AM - System Checkpoint
RP961: 3/8/2010 3:00:18 AM - Software Distribution Service 3.0
RP962: 3/9/2010 3:00:21 AM - Software Distribution Service 3.0
RP963: 3/9/2010 11:53:42 AM - Installed Windows XP KB954708.
RP964: 3/9/2010 11:54:06 AM - Installed DirectX
RP965: 3/10/2010 3:00:20 AM - Software Distribution Service 3.0
RP966: 3/10/2010 8:20:01 PM - Software Distribution Service 3.0
RP967: 3/10/2010 10:01:10 PM - Software Distribution Service 3.0
RP968: 3/12/2010 1:18:29 AM - System Checkpoint
RP969: 3/12/2010 3:00:16 AM - Software Distribution Service 3.0
RP970: 3/13/2010 3:57:40 AM - System Checkpoint
RP971: 3/13/2010 4:48:52 PM - Software Distribution Service 3.0
RP972: 3/14/2010 7:35:09 PM - System Checkpoint
RP973: 3/15/2010 3:00:14 AM - Software Distribution Service 3.0
RP974: 3/16/2010 12:47:57 AM - Software Distribution Service 3.0
RP975: 3/17/2010 1:51:38 AM - System Checkpoint
RP976: 3/17/2010 3:00:15 AM - Software Distribution Service 3.0
RP977: 3/18/2010 3:15:34 AM - System Checkpoint
RP978: 3/19/2010 8:11:41 PM - System Checkpoint
RP979: 3/20/2010 3:00:16 AM - Software Distribution Service 3.0
RP980: 3/21/2010 3:26:45 AM - System Checkpoint
RP981: 3/22/2010 5:16:34 PM - System Checkpoint
RP982: 3/23/2010 3:00:15 AM - Software Distribution Service 3.0
RP983: 3/24/2010 12:51:51 AM - Software Distribution Service 3.0
RP984: 3/25/2010 12:54:33 AM - System Checkpoint
RP985: 3/25/2010 3:00:14 AM - Software Distribution Service 3.0
RP986: 3/27/2010 1:10:37 AM - Software Distribution Service 3.0
RP987: 3/28/2010 12:56:54 AM - Software Distribution Service 3.0
RP988: 3/29/2010 1:07:28 AM - System Checkpoint
RP989: 3/29/2010 1:10:22 AM - Software Distribution Service 3.0
RP990: 3/30/2010 2:28:44 AM - Software Distribution Service 3.0
RP991: 3/31/2010 3:00:22 AM - Software Distribution Service 3.0
RP992: 3/31/2010 9:49:25 AM - Software Distribution Service 3.0
RP993: 4/1/2010 2:35:39 AM - Software Distribution Service 3.0
RP994: 4/1/2010 3:00:17 AM - Software Distribution Service 3.0
RP995: 4/2/2010 1:03:18 AM - Software Distribution Service 3.0
RP996: 4/2/2010 12:45:06 PM - Software Distribution Service 3.0
RP997: 4/2/2010 1:01:59 PM - Installed Trend Micro Internet Security
RP998: 4/3/2010 3:00:25 AM - Software Distribution Service 3.0
RP999: 4/4/2010 1:24:29 AM - Installed HiJackThis
RP1000: 4/4/2010 1:30:45 AM - Software Distribution Service 3.0
RP1001: 4/4/2010 2:25:21 PM - Software Distribution Service 3.0
RP1002: 4/5/2010 10:30:44 AM - Software Distribution Service 3.0
RP1003: 4/6/2010 10:44:09 AM - Software Distribution Service 3.0
RP1004: 4/7/2010 12:09:08 PM - System Checkpoint
RP1005: 4/7/2010 1:06:28 PM - Software Distribution Service 3.0
RP1006: 4/8/2010 4:15:06 PM - System Checkpoint
RP1007: 4/9/2010 2:43:05 AM - Software Distribution Service 3.0
RP1008: 4/9/2010 10:40:22 AM - Software Distribution Service 3.0
RP1009: 4/10/2010 11:15:39 AM - Software Distribution Service 3.0
RP1010: 4/11/2010 11:51:42 AM - System Checkpoint
RP1011: 4/11/2010 12:46:13 PM - Software Distribution Service 3.0
RP1012: 4/11/2010 2:19:46 PM - Removed Trend Micro Internet Security
RP1013: 4/11/2010 2:55:23 PM - Installed Trend Micro Internet Security
RP1014: 4/11/2010 11:37:50 PM - Software Distribution Service 3.0
RP1015: 4/12/2010 11:51:33 PM - System Checkpoint
RP1016: 4/14/2010 10:07:05 AM - System Checkpoint
RP1017: 4/14/2010 10:39:09 AM - Software Distribution Service 3.0
RP1018: 4/14/2010 1:25:27 PM - Removed Trend Micro Internet Security
RP1019: 4/14/2010 2:10:04 PM - Installed Trend Micro Internet Security
RP1020: 4/14/2010 2:53:41 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP1021: 4/14/2010 2:54:43 PM - Removed Java(TM) 6 Update 11
RP1022: 4/14/2010 2:55:22 PM - Removed Java(TM) 6 Update 2
RP1023: 4/14/2010 2:55:59 PM - Removed Java(TM) 6 Update 5
RP1024: 4/14/2010 2:56:55 PM - Removed Java(TM) 6 Update 7
RP1025: 4/14/2010 4:17:40 PM - Installed Java(TM) 6 Update 19
RP1026: 4/15/2010 4:25:48 PM - System Checkpoint
RP1027: 4/15/2010 4:50:44 PM - SetPoint 4.80

==== Installed Programs ======================

??? ActiveX ???
5-Day Forecast
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
AGEIA PhysX v7.05.17
AhnLab Online Security
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
ATI Control Panel
ATI Display Driver
AzureBay Screen Saver
Ben 10 Alien Force Bounty Hunters
Bonjour
CDDRV_Installer
Conexant D850 56K V.9x DFVc Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Daum ActiveX ÄÁÆ®·Ñ - ??? ?????
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Games
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
Disney Pirates of the Caribbean Online
EarthLink setup files
EducateU
ELIcon
Enemy Territory - QUAKE Wars(TM)
Enemy Territory - QUAKE Wars(TM) 1.1 Patch
Enemy Territory - QUAKE Wars(TM) 1.1 Patch
EPSON CX 4200 4800 Guide
EPSON Printer Software
EPSON Scan
erLT
ESPNMotion
Garmin Communicator Plugin
Garmin USB Drivers
GemMaster Mystic
Get High Speed Internet!
Google Earth
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
H&R Block California 2009
H&R Block Deluxe + Efile + State 2009
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Insaniquarium Deluxe
Intel Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Intel(R) Quick Resume Technology Drivers
Intel® Viiv™
iTunes
Java Auto Updater
Java(TM) 6 Update 19
Junk Mail filter update
KhalInstallWrapper
Learn2 Player (Uninstall Only)
Logitech SetPoint
LucasArts' X-Wing vs. TIE Fighter
MGI PhotoSuite 8.1 (Remove Only)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Mozilla Firefox (3.6.3)
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Musicmatch for Windows Media Player
Musicmatch® Jukebox
NetWaiting
NetZeroInstallers
OLYMPUS Master 2
Online Bible 10.10.09
Otto
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
Picasa 3
Planetarium
QuickTime
RealPlayer
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
Search Assist
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Segoe UI
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
TaxCut California 2007
TaxCut California 2008
TaxCut Premium + State + Efile 2007
TaxCut Premium + State + Efile 2008
Trend Micro Internet Security
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Media Player
VLC media player 1.0.1
WebFldrs XP
WildTangent Games
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Wizard101
Wolfenstein - Enemy Territory
WordPerfect Office 12
Xfire (remove only)

==== Event Viewer Messages From Past Week ========

4/9/2010 11:59:07 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\D.
4/9/2010 10:45:16 AM, error: Service Control Manager [7034] - The Trend Micro Central Control Component service terminated unexpectedly. It has done this 1 time(s).
4/9/2010 10:34:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Trend Micro Personal Firewall service to connect.
4/9/2010 10:34:30 AM, error: Service Control Manager [7000] - The Trend Micro Personal Firewall service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/14/2010 12:15:47 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Trend Micro Proxy Service service to connect.
4/14/2010 12:15:47 AM, error: Service Control Manager [7000] - The Trend Micro Proxy Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/13/2010 11:39:23 PM, error: Service Control Manager [7023] - The iPod Service service terminated with the following error: Security must be initialized before any interfaces are marshalled or unmarshalled. It cannot be changed once initialized.

==== End Of File ===========================
gumijagr
Regular Member
 
Posts: 17
Joined: April 4th, 2010, 4:43 pm

Re: Ok Here's my Hijack list I keep getting 2 trojan alerts

Unread postby gumijagr » April 15th, 2010, 8:07 pm

I'll have to rerun it don't know where it went will take an hour or 2
gumijagr
Regular Member
 
Posts: 17
Joined: April 4th, 2010, 4:43 pm

Re: Ok Here's my Hijack list I keep getting 2 trojan alerts

Unread postby gumijagr » April 16th, 2010, 2:53 am

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, April 15, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, April 15, 2010 22:03:40
Records in database: 3949128
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\
I:\
J:\

Scan statistics:
Objects scanned: 147606
Threats found: 5
Infected objects found: 8
Suspicious objects found: 0
Scan duration: 06:05:40


File name / Threat / Threats count
C:\Documents and Settings\Guy Falone\Desktop\SetupGamevance.exe Infected: not-a-virus:AdWare.Win32.Gamevance.zf 1
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Qoobox\Quarantine\C\WINDOWS\ilozesec.dll.vir Infected: Trojan-Downloader.Win32.Mufanom.pnx 1
C:\Qoobox\Quarantine\C\WINDOWS\Wjejoqeviwecedul.dll.vir Infected: Trojan.Win32.Monder.cqqt 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1012\A0166769.dll Infected: Trojan-Downloader.Win32.Mufanom.pnx 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1012\A0166770.dll Infected: Trojan.Win32.Monder.cqqt 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP954\A0157088.exe Infected: not-a-virus:AdWare.Win32.Gamevance.aua 1

Selected area has been scanned.
gumijagr
Regular Member
 
Posts: 17
Joined: April 4th, 2010, 4:43 pm

Re: Ok Here's my Hijack list I keep getting 2 trojan alerts

Unread postby Blade81 » April 16th, 2010, 11:26 am

Hi,

Those bad items in system restore and qoobox folder will be removed when ComboFix is uninstalled and system restore resetted (instructions below). Other three findings can be ignored.


Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis



Now lets uninstall ComboFix:
  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK


Please download OTC and save it to desktop.
  • Double-click OTC.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.



UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. Click the start button (at the lower left hand corner of your screen)
    2. Click run
    3. In the dialog box, type services.msc
    4. hit enter, then locate dns client
    5. Highlight it, then double-click it.
    6. On the dropdown box, change the setting from automatic to manual.
    7. Click ok
  • Run Secunia vulnerability check here and fix its findings.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade 8)
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Ok Here's my Hijack list I keep getting 2 trojan alerts

Unread postby gumijagr » April 16th, 2010, 6:52 pm

:king: Your the King! thanks Blade. . .
no more warning signs and everything is fast no other problems. . . (other than lagging on enemy territory game site). have a great weekend! thanks so much!
gumijagr
Regular Member
 
Posts: 17
Joined: April 4th, 2010, 4:43 pm

Re: Ok Here's my Hijack list I keep getting 2 trojan alerts

Unread postby Blade81 » April 17th, 2010, 6:37 am

Since the issue appears to be resolved this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware