Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware infected explorer.exe

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware infected explorer.exe

Unread postby verticalslik » October 31st, 2007, 5:45 am

New here, and need some help. Ok, well I had some malware and I thought I got rid of it, well, I got rid of some, but now, at startup, explorer.exe does not start up, and if I try and run it from task manager, It gives me a Data Execution Prevention box saying it has to close explorer.exe. So heres the HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:34, on 2007-10-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\zjrsxplt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154258297\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.416.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfaem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfaem.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9132 bytes


Please help, thanks
verticalslik
Active Member
 
Posts: 6
Joined: October 31st, 2007, 5:39 am
Advertisement
Register to Remove

Unread postby Katana » November 2nd, 2007, 4:33 pm

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal
Copy/paste the the following file path into the window
C:\WINDOWS\system32\zjrsxplt.dll
Click Submit/Send File
Please post back, to let me know the results.

If Virustotal is too busy please try Jotti

VundoFix
Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Rename HJT
Please open your Hijack This folder ( C:\Program Files\Trend Micro\HijackThis)
  • Right click on Hijackthis.exe
  • Select Rename
  • Rename Hijack This to showme.exe
  • Double click showme
  • Click on the Do a system scan and save a log file button.

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • Virus Total report
  • VundoFix Log
  • A fresh HJT (showme) log
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby verticalslik » November 3rd, 2007, 5:07 am

Hello, I tried to analyse C:\WINDOWS\system32\zjrsxplt.dll but the site wouldnt load, but when I ran Vundofix, it removed that file.


VundoFix V6.5.11

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 6:39:15 PM 2007-11-02

Listing files found while scanning....

C:\windows\system32\ewnsxblx.dll
C:\windows\system32\mljhhff.dll
C:\WINDOWS\system32\zjrsxplt.dll

Beginning removal...

Attempting to delete C:\windows\system32\ewnsxblx.dll
C:\windows\system32\ewnsxblx.dll Has been deleted!

Attempting to delete C:\windows\system32\mljhhff.dll
C:\windows\system32\mljhhff.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\zjrsxplt.dll
C:\WINDOWS\system32\zjrsxplt.dll Has been deleted!

Performing Repairs to the registry.
Done!
__________________
HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:49:11 PM, on 2007-11-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\AOL\1154258297\ee\AOLSoftware.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtPSS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2A8C2C57-93A7-0675-5A40-098909C6F6CC} - C:\Program Files\Nxpxmceo\codnunjv.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {806E1CA8-2B65-45B5-B1D4-C42EF388E119} - C:\WINDOWS\system32\mljhhff.dll (file missing)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154258297\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vwbmzyfa] rundll32.exe "C:\Program Files\vwbmzyfa\zchopulw.dll",Init
O4 - HKLM\..\Run: [dazifgzi] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\dazifgzi.dll"
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [qhshwfev] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\qhshwfev.dll"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfaem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfaem.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3971597171
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - Unknown owner - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe (file missing)
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: HIPS Event Manager (UmxAgent) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (file missing)
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (file missing)
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (file missing)
O23 - Service: HIPS Policy Manager (UmxPol) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12696 bytes
_______________
Oh, and my explorer.exe problem is fixed, now it works, and doesnt crash. Now I can actually use my computer :D .
verticalslik
Active Member
 
Posts: 6
Joined: October 31st, 2007, 5:39 am

Unread postby Katana » November 3rd, 2007, 8:09 am

Something seems to have turned off your AV ??

CCleaner
Please download CCleaner from here to clean temp files from your computer.
  • Double click on the ccsetup.exe file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location.
  • Under Install Options, choose all the default settings
  • Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items. Click on Issues and make sure Registry Integrity is UNchecked!
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • After CCleaner has completed its process, click Exit.

Deckard's System Scanner
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

Kaspersky Online Scanner .

Go Here http://www.kaspersky.com/virusscanner

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Please post the Kaspersky report along with the two DSS reports in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby verticalslik » November 6th, 2007, 4:33 am

Ok, I tried to install the kaspersky virus scanner, but it would bring up the install dialog box but it wouldnt continue after that. After numorous times, it still wouldnt work. And also, I am having problems with Firefox, Whenever I try to login to sites, like here, and other forums and Myspace, it doesnt log in, it either gives me errors or says I never gave a login name or password. Heres the DSS reports

Main.txt
Deckard's System Scanner v20071014.68
Run by Tyler Eads on 2007-11-04 19:56:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2007-11-05 03:56:19 UTC - RP6 - Deckard's System Scanner Restore Point
5: 2007-11-02 13:34:07 UTC - RP5 - Software Distribution Service 3.0
4: 2007-11-02 10:26:05 UTC - RP4 - Software Distribution Service 3.0
3: 2007-11-02 10:14:59 UTC - RP3 - Software Distribution Service 3.0
2: 2007-11-02 03:09:39 UTC - RP2 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-11-02 02:25:20 UTC - RP1 - Last known good configuration


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Tyler Eads.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:20 PM, on 2007-11-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\AOL\1154258297\ee\AOLSoftware.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\update.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtPSS.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Downloads\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Tyler Eads.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2A8C2C57-93A7-0675-5A40-098909C6F6CC} - C:\Program Files\Nxpxmceo\codnunjv.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {806E1CA8-2B65-45B5-B1D4-C42EF388E119} - C:\WINDOWS\system32\mljhhff.dll (file missing)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154258297\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vwbmzyfa] rundll32.exe "C:\Program Files\vwbmzyfa\zchopulw.dll",Init
O4 - HKLM\..\Run: [dazifgzi] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\dazifgzi.dll"
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [qhshwfev] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\qhshwfev.dll"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfaem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfaem.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3971597171
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - Unknown owner - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe (file missing)
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: HIPS Event Manager (UmxAgent) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (file missing)
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (file missing)
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (file missing)
O23 - Service: HIPS Policy Manager (UmxPol) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12779 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071030-233321-163 O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\system32\winb2s32.dll (file missing)
backup-20071030-233346-291 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\zjrsxplt.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 KmxStart - c:\windows\system32\drivers\kmxstart.sys <Not Verified; CA; Host Intrusion Prevention System>
R1 KmxAgent - c:\windows\system32\drivers\kmxagent.sys <Not Verified; CA; Host Intrusion Prevention System>
R1 KmxFile - c:\windows\system32\drivers\kmxfile.sys <Not Verified; CA; Host Intrusion Prevention System>
R1 KmxFw - c:\windows\system32\drivers\kmxfw.sys <Not Verified; CA; Host Intrusion Prevention System>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.10.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0>
R2 KmxCF - c:\windows\system32\drivers\kmxcf.sys <Not Verified; CA; Host Intrusion Prevention System>
R2 KmxSbx - c:\windows\system32\drivers\kmxsbx.sys <Not Verified; CA; Host Intrusion Prevention System>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
R3 KmxCfg - c:\windows\system32\drivers\kmxcfg.sys <Not Verified; CA; Host Intrusion Prevention System>
R3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
R3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
R3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
R3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
R3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
R3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft(R) Windows NT(R) Operating System>

S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S1 SYMTDI - c:\windows\system32\drivers\symtdi.sys (file missing)
S3 SYMDNS - c:\windows\system32\drivers\symdns.sys (file missing)
S3 SymEvent - c:\program files\symantec\symevent.sys (file missing)
S3 SYMFW - c:\windows\system32\drivers\symfw.sys (file missing)
S3 SYMIDS - c:\windows\system32\drivers\symids.sys (file missing)
S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\ids-di~1\20071020.001\symidsco.sys (file missing)
S3 SYMNDIS - c:\windows\system32\drivers\symndis.sys (file missing)
S3 SYMREDRV - c:\windows\system32\drivers\symredrv.sys (file missing)
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 xnacc (Microsoft Common Controller For Windows Driver Service) - c:\windows\system32\drivers\xnacc.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 RMSvc (Media Center Extender Resource Monitor) - c:\windows\ehome\rmsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 WLANKEEPER (Intel(R) PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel(R) Corporation; SSO Service>

S2 Automatic LiveUpdate Scheduler - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" (file missing)
S2 ITMRTSVC (CA Pest Patrol Realtime Protection Service) - "c:\program files\ca\sharedcomponents\pprt\bin\itmrtsvc.exe" (file missing)
S2 SNDSrvc (Symantec Network Drivers Service) - "c:\program files\common files\symantec shared\sndsrvc.exe" (file missing)
S2 UmxAgent (HIPS Event Manager) - "c:\program files\ca\sharedcomponents\hipsengine\umxagent.exe" (file missing)
S2 UmxCfg (HIPS Configuration Interpreter) - "c:\program files\ca\sharedcomponents\hipsengine\umxcfg.exe" (file missing)
S2 UmxFwHlp (HIPS Firewall Helper) - "c:\program files\ca\sharedcomponents\hipsengine\umxfwhlp.exe" (file missing)
S2 UmxPol (HIPS Policy Manager) - "c:\program files\ca\sharedcomponents\hipsengine\umxpol.exe" (file missing)
S3 LiveUpdate - "c:\progra~1\symantec\liveup~1\lucoms~1.exe" (file missing)
S4 Bluetooth Hid Switch Service - "c:\program files\bluetooth\hidswitchservice\hidsw.exe" <Not Verified; Cambridge Silicon Radio; HID Switch Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-02 01:54:07 348 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job
2007-11-02 00:01:02 532 --a------ C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Tyler Eads at 12 01 AM.job
2007-11-01 23:36:25 274 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
2007-10-30 03:54:21 532 --a------ C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Tyler Eads at 04 54.job
2007-10-30 02:31:40 532 --a------ C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Tyler Eads at 02 19.job
2007-10-10 19:08:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-10-04 and 2007-11-04 -----------------------------

2007-11-04 19:52:24 0 dr-h----- C:\Documents and Settings\Tyler Eads\Recent
2007-11-04 19:42:58 0 d-------- C:\Program Files\CCleaner
2007-11-02 17:39:14 0 d-------- C:\VundoFix Backups
2007-11-02 03:17:47 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-02 03:09:54 0 d-------- C:\Program Files\Spyware Doctor
2007-11-02 03:09:54 0 d-------- C:\Documents and Settings\Tyler Eads\Application Data\PC Tools
2007-11-02 00:20:40 0 d-------- C:\Program Files\Uniblue
2007-11-01 23:13:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2007-11-01 23:13:46 0 d-------- C:\Documents and Settings\Tyler Eads\Application Data\Uniblue
2007-11-01 18:45:36 0 d-------- C:\d3dabb1bf483ac8fe72f23d1
2007-11-01 18:09:31 0 d-------- C:\WINDOWS\system32\fkmdvbtn
2007-11-01 18:09:23 106496 --a------ C:\Documents and Settings\All Users\Application Data\qhshwfev.dll
2007-11-01 18:08:56 0 d-------- C:\Program Files\SecCenter
2007-11-01 18:08:51 0 d-------- C:\Program Files\Nxpxmceo
2007-11-01 17:42:57 85056 --a------ C:\WINDOWS\system32\mmuctdds.dll
2007-11-01 17:39:56 76864 --a------ C:\WINDOWS\system32\vsuslwfw.dll
2007-11-01 17:37:17 75328 --a------ C:\WINDOWS\system32\rlpqbccd.exe <Not Verified; ; DDC>
2007-10-31 00:22:01 0 d-------- C:\WINDOWS\Prefetch
2007-10-30 23:13:53 0 d-------- C:\WINDOWS\setup.pss
2007-10-30 22:10:06 411075 ---hs---- C:\WINDOWS\system32\aycdd.ini2
2007-10-30 21:59:05 0 d-------- C:\Program Files\Common Files\Scanner
2007-10-30 21:58:59 0 d-------- C:\Program Files\LimeWire
2007-10-30 18:29:26 0 d-------- C:\Program Files\Trend Micro
2007-10-30 16:17:18 0 d-------- C:\WINDOWS\dell
2007-10-30 11:55:22 6500352 --a------ C:\Documents and Settings\Tyler Eads\ntuser.dat
2007-10-30 11:51:12 0 d-------- C:\WINDOWS\CAVTemp
2007-10-30 11:13:03 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2007-10-30 04:01:12 0 d-------- C:\Program Files\E404 Helper
2007-10-30 03:59:01 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
2007-10-30 03:58:32 21504 --a------ C:\WINDOWS\system32\aivskurq.dll <Not Verified; Microsoft; Windows Explorer cdrom optimizer>
2007-10-30 03:58:26 0 d-------- C:\Program Files\Kgebwyww
2007-10-30 03:58:20 0 d-------- C:\Program Files\vwbmzyfa
2007-10-30 03:58:08 104960 --a------ C:\WINDOWS\system32\drvvop.dll
2007-10-30 03:19:00 0 d-------- C:\WINDOWS\pss


-- Find3M Report ---------------------------------------------------------------

2007-11-02 03:09:42 0 d-------- C:\Documents and Settings\Tyler Eads\Application Data\Azureus
2007-11-01 18:33:31 0 d-------- C:\Program Files\themexp
2007-10-30 23:53:09 34380 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-10-30 21:59:03 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-30 21:59:00 0 d-------- C:\Program Files\Common Files
2007-10-30 11:45:28 0 d-------- C:\Program Files\Norton AntiVirus
2007-10-13 17:51:23 0 d-------- C:\Documents and Settings\Tyler Eads\Application Data\Adobe
2007-10-10 18:51:43 0 d-------- C:\Documents and Settings\Tyler Eads\Application Data\Apple Computer
2007-10-10 02:22:43 0 d-------- C:\Program Files\Azureus
2007-10-10 02:10:23 0 d-------- C:\Program Files\GemMaster
2007-10-10 02:10:15 0 d-------- C:\Program Files\GameSpy Arcade
2007-10-02 11:47:52 0 d-------- C:\Documents and Settings\Tyler Eads\Application Data\U3
2007-10-01 00:50:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-01 00:50:02 0 d-------- C:\Program Files\iPod
2007-09-12 02:50:52 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2007-09-12 02:39:56 0 d-------- C:\Program Files\BitComet
2007-09-06 02:34:04 0 d-------- C:\Program Files\iTunes
2007-09-06 02:32:12 0 d-------- C:\Program Files\Apple Software Update


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A8C2C57-93A7-0675-5A40-098909C6F6CC}]
2007-11-01 06:08 PM 106496 --a------ C:\Program Files\Nxpxmceo\codnunjv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{806E1CA8-2B65-45B5-B1D4-C42EF388E119}]
C:\WINDOWS\system32\mljhhff.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 03:04 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 01:44 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 01:41 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 01:45 PM]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 11:35 AM C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 08:56 AM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 05:29 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-05 10:05 PM]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 07:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 07:44 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-14 01:05 AM]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 03:16 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" []
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 08:28 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 08:28 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1154258297\ee\AOLSoftware.exe" [2006-04-20 09:10 AM]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 08:59 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-05 05:03 PM]
"vwbmzyfa"="C:\Program Files\vwbmzyfa\zchopulw.dll" [2007-10-30 03:58 AM]
"dazifgzi"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\dazifgzi.dll" []
"smgr"="mgrs.exe" []
"qhshwfev"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\qhshwfev.dll" []
"@"="" []
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" []
"capfaem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfaem.exe" []
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-09-20 02:43 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-05-31 05:37 PM]
"Aim6"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 11:57 AM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 08:05 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00 AM]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2007-08-16 08:03 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-11 10:45:00 PM]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 8:11:42 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-06-09 1:23:45 AM]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 6:55:40 PM]
HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 1:16:08 PM]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 1:16:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{806E1CA8-2B65-45B5-B1D4-C42EF388E119}"= C:\WINDOWS\system32\mljhhff.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2006-03-09 12:46 PM 73728 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awvvt.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e60bee22-f7a4-11db-8e40-0015c5165da6}]
AutoRun\command- H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef42f4cb-fa10-11db-8e41-0015c5165da6}]
AutoRun\command- G:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2007-11-04 19:58:57 ------------

extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel(R) CPU T2300 @ 1.66GHz
CPU 1: Genuine Intel(R) CPU T2300 @ 1.66GHz
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 1014.37 MiB / 487.95 MiB
Pagefile Memory (total/avail): 2441.22 MiB / 1848.95 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.95 MiB

C: is Fixed (NTFS) - 65.2 GiB total, 22.54 GiB free.
D: is Fixed (NTFS) - 21.86 GiB total, 21.77 GiB free.
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2100BH - 91.76 GiB - 4 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 65.2 GiB - C:
\PARTITION2 - Installable File System - 21.86 GiB - D:
\PARTITION3 - Unknown - 4.64 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\ehome\\ehshell.exe"="C:\\WINDOWS\\ehome\\ehshell.exe:LocalSubNet:Enabled:Media Center"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1154258297\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1154258297\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1154258297\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1154258297\\ee\\aim6.exe:*:Enabled:AIM"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\TYLERE~1\\LOCALS~1\\Temp\\win70.tmp.exe"="C:\\DOCUME~1\\TYLERE~1\\LOCALS~1\\Temp\\win70.tmp.exe:*:Enabled:win70.tmp"
"C:\\WINDOWS\\system32\\etlapyks.exe"="C:\\WINDOWS\\system32\\etl"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Tyler Eads\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MYCOMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Tyler Eads
LOGONSERVER=\\MYCOMPUTER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\TYLERE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\TYLERE~1\LOCALS~1\Temp
USERDOMAIN=MYCOMPUTER
USERNAME=Tyler Eads
USERPROFILE=C:\Documents and Settings\Tyler Eads
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Tyler Eads (admin)
MCX1
MCX2
MCX3
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support --> MsiExec.exe /I{373CDFEC-F0DE-4C40-81AB-EF64F6F2F948}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArmyOps --> MsiExec.exe /I{DDD15FCC-F655-471E-80D0-CD4810558501}
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
BitComet 0.93 --> C:\Program Files\BitComet\uninst.exe
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Broadcom Management Programs --> MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
CopySafe Plugin --> C:\PROGRA~1\Copysafe\UNWISE.EXE C:\PROGRA~1\Copysafe\INSTALL.LOG
Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0303B6A-C675-4102-95DA-C013625BFA99}\setup.exe" -l0x9 -removeonly
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Internet Service Offers Launcher --> MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iTunes --> MsiExec.exe /I{8610BEA1-FD76-4340-8326-7946DDC2EE7B}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
LimeWire PRO 4.12.3 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
Media Center Extender --> c:\WINDOWS\eHome\DvcConn.exe /uninstall
Media Center Extender --> MsiExec.exe /I{23FE964A-853B-4176-86D7-9E18B5CA1FC0}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft ActiveSync 4.0 --> MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MTA: Race for San Andreas - Server 1.1.1 --> C:\Program Files\MTA San Andreas\Server\Uninstall.exe
MTA: Race for San Andreas R1.0 --> C:\Program Files\MTA San Andreas\Uninstall.exe
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 7 Demo --> MsiExec.exe /I{C93369CB-B4E9-E095-9289-E6B5AE941033}
Palm --> MsiExec.exe /X{A005B38F-D5AB-4E35-93DD-9886E449FAF1}
PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Real Lives 2007 --> C:\Program Files\Educational Simulations\Real Lives\UnInstall_21355.exe
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
San Andreas Mod Installer --> "C:\WINDOWS\San Andreas Mod Installer\uninstall.exe" "/U:C:\Program Files\San Andreas Mod Installer\Uninstall\uninstall.xml"
San Andreas Mod Installer --> C:\WINDOWS\iun6002ev.exe "C:\Program Files\San Andreas Mod Installer\irunin.ini"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins001.exe /LOG
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TapTarget.com iSpin for PalmOS --> C:\WINDOWS\ctpu.exe -uC:\Program Files\TapTarget.com\iSpin\install.log -lC:\WINDOWS\ResENU.dll
Themexp.org File --> C:\PROGRA~1\themexp\THEMEX~1.ORG\UNWISE.EXE C:\PROGRA~1\themexp\THEMEX~1.ORG\INSTALL.LOG
Uniblue PowerSuite --> "C:\Program Files\Uniblue\unins000.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AE}
URL Assistant --> regsvr32 /u /s "c:\Program Files\BAE\BAE.dll"
Videora Xbox 360 Converter 2.25 --> C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB905589 --> "C:\WINDOWS\$NtUninstallKB905589$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Xbox 360 Controller for Windows --> "C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type12768 / Error
Event Submitted/Written: 11/04/2007 07:38:13 PM
Event ID/Source: 4098 / Media Center Extender Services
Event Description:
ERROR: Device Service Listener - The listener loop unexpectedly ended. Error code 0x00000000.

Event Record #/Type12766 / Warning
Event Submitted/Written: 11/02/2007 09:41:04 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}', feature 'WinNT_MergeModules', component '{B3A0C93F-E70F-45D0-B71C-1DBB74C12070}' failed. The resource 'C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAttachment.exe' does not exist.

Event Record #/Type12764 / Warning
Event Submitted/Written: 11/02/2007 09:41:03 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}', feature 'WinNT_MergeModules' failed during request for component '{2616CA4F-5BD8-47C2-B1AC-31C5D524EF2D}'

Event Record #/Type12763 / Warning
Event Submitted/Written: 11/02/2007 09:41:03 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}', feature 'WinNT_MergeModules', component '{B3A0C93F-E70F-45D0-B71C-1DBB74C12070}' failed. The resource 'C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAttachment.exe' does not exist.

Event Record #/Type12760 / Warning
Event Submitted/Written: 11/02/2007 09:40:50 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}', feature 'WinNT_MergeModules' failed during request for component '{2616CA4F-5BD8-47C2-B1AC-31C5D524EF2D}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type24093 / Error
Event Submitted/Written: 11/04/2007 07:38:45 PM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Event Record #/Type24089 / Error
Event Submitted/Written: 11/02/2007 09:42:18 PM
Event ID/Source: 14325 / WMPNetworkSvc
Event Description:
Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80004002'. In Windows Media Player, turn off media sharing, and then turn it back on.

Event Record #/Type24078 / Error
Event Submitted/Written: 11/02/2007 09:41:16 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The HIPS Policy Manager service depends on the HIPS Configuration Interpreter service which failed to start because of the following error:
%%3

Event Record #/Type24077 / Error
Event Submitted/Written: 11/02/2007 09:41:16 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The HIPS Configuration Interpreter service failed to start due to the following error:
%%3

Event Record #/Type24076 / Error
Event Submitted/Written: 11/02/2007 09:41:16 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1068" attempting to start the service UmxPol with arguments "-Service"
in order to run the server:
{4C89C3FD-5F94-4678-BBB5-F64759C3C54A}



-- End of Deckard's System Scanner: finished at 2007-11-04 19:58:57 ------------
verticalslik
Active Member
 
Posts: 6
Joined: October 31st, 2007, 5:39 am

Unread postby Katana » November 6th, 2007, 7:30 am

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Azureus
BitComet
LimeWire


I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also availablehere.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT use this whilst we are cleaning your machine.



Download and Run ComboFix
  • Download Combofix from one of the two links below :

    Download 1
    Download 2
  • Then double click combofix.exe & follow the prompts.
  • When finished, it will produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
ComboFix SHOULD NOT be used without supervision
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Malware infected explorer.exe

Unread postby verticalslik » November 15th, 2007, 5:42 pm

ComboFix 07-10-29.1 - Tyler Eads 2007-11-06 3:38:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.469 [GMT -8:00]
Running from: C:\Documents and Settings\Tyler Eads\Desktop\ComboFix.exe
.
/wow section - STAGE 8
/wow section - STAGE 10

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\qhshwfev.dll
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Tyler Eads\Favorites\Online Security Guide.lnk
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe.bak
C:\WINDOWS\system32\aycdd.ini2
C:\WINDOWS\system32\aycdd.tmp
C:\WINDOWS\system32\fkmdvbtn
C:\WINDOWS\system32\fkmdvbtn\bg1.gif
C:\WINDOWS\system32\fkmdvbtn\bgtop.gif
C:\WINDOWS\system32\fkmdvbtn\bottom1.gif
C:\WINDOWS\system32\fkmdvbtn\essentials.gif
C:\WINDOWS\system32\fkmdvbtn\fkmdvbtn1.exe
C:\WINDOWS\system32\fkmdvbtn\fkmdvbtn2.exe
C:\WINDOWS\system32\fkmdvbtn\fkmdvbtn3.exe
C:\WINDOWS\system32\fkmdvbtn\icon1.ico
C:\WINDOWS\system32\fkmdvbtn\install1.gif
C:\WINDOWS\system32\fkmdvbtn\left1.gif
C:\WINDOWS\system32\fkmdvbtn\li.gif
C:\WINDOWS\system32\fkmdvbtn\logo.gif
C:\WINDOWS\system32\fkmdvbtn\main.htm
C:\WINDOWS\system32\fkmdvbtn\mainframe.htm
C:\WINDOWS\system32\fkmdvbtn\reinstall1.gif
C:\WINDOWS\system32\fkmdvbtn\right1.gif
C:\WINDOWS\system32\fkmdvbtn\s1.htm
C:\WINDOWS\system32\fkmdvbtn\s2.htm
C:\WINDOWS\system32\fkmdvbtn\s3.htm
C:\WINDOWS\system32\fkmdvbtn\SMTop1.gif
C:\WINDOWS\system32\fkmdvbtn\SMTop2.gif
C:\WINDOWS\system32\fkmdvbtn\SMTop3.gif
C:\WINDOWS\system32\fkmdvbtn\SMTop4.gif
C:\WINDOWS\system32\fkmdvbtn\soft1_off.gif
C:\WINDOWS\system32\fkmdvbtn\soft1_off_ext.gif
C:\WINDOWS\system32\fkmdvbtn\soft1_on.gif
C:\WINDOWS\system32\fkmdvbtn\soft1_on_ext.gif
C:\WINDOWS\system32\fkmdvbtn\soft2_off.gif
C:\WINDOWS\system32\fkmdvbtn\soft2_off_ext.gif
C:\WINDOWS\system32\fkmdvbtn\soft2_on.gif
C:\WINDOWS\system32\fkmdvbtn\soft2_on_ext.gif
C:\WINDOWS\system32\fkmdvbtn\soft3_off.gif
C:\WINDOWS\system32\fkmdvbtn\soft3_off_ext.gif
C:\WINDOWS\system32\fkmdvbtn\soft3_on.gif
C:\WINDOWS\system32\fkmdvbtn\soft3_on_ext.gif
C:\WINDOWS\system32\fkmdvbtn\softbottom_off.gif
C:\WINDOWS\system32\fkmdvbtn\softbottom_on.gif
C:\WINDOWS\system32\fkmdvbtn\softleft_off.gif
C:\WINDOWS\system32\fkmdvbtn\softleft_on.gif
C:\WINDOWS\system32\fkmdvbtn\top1.gif
C:\WINDOWS\system32\fkmdvbtn\top2.gif
C:\WINDOWS\system32\fkmdvbtn\turnoff1.gif
C:\WINDOWS\system32\fkmdvbtn\turnon1.gif
C:\WINDOWS\system32\mmuctdds.dll
C:\WINDOWS\system32\rlpqbccd.exe
C:\WINDOWS\system32\sddtcumm.ini
C:\WINDOWS\system32\vsuslwfw.dll
C:\WINDOWS\system32\zjrsxplt.dllbox

.
((((((((((((((((((((((((( Files Created from 2007-10-06 to 2007-11-06 )))))))))))))))))))))))))))))))
.

2007-11-06 00:11 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-06 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-05 23:23 335 --a------ C:\WINDOWS\mozregistry.dat
2007-11-04 19:55 <DIR> d-------- C:\Deckard
2007-11-04 19:42 <DIR> d-------- C:\Program Files\CCleaner
2007-11-02 17:39 <DIR> d-------- C:\VundoFix Backups
2007-11-02 03:17 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-02 03:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-02 03:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-02 03:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-02 03:10 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-02 03:09 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-02 03:09 <DIR> d-------- C:\Documents and Settings\Tyler Eads\Application Data\PC Tools
2007-11-02 03:09 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-02 00:20 <DIR> d-------- C:\Program Files\Uniblue
2007-11-01 23:13 <DIR> d-------- C:\Documents and Settings\Tyler Eads\Application Data\Uniblue
2007-11-01 23:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2007-11-01 18:45 <DIR> d-------- C:\d3dabb1bf483ac8fe72f23d1
2007-11-01 18:08 <DIR> d-------- C:\Program Files\Nxpxmceo
2007-11-01 17:38 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2007-10-31 00:18 221,184 --a--c--- C:\WINDOWS\system32\dllcache\wmpns.dll
2007-10-31 00:18 73,728 --a--c--- C:\WINDOWS\system32\dllcache\ehresja.dll
2007-10-31 00:18 69,632 --a--c--- C:\WINDOWS\system32\dllcache\ehresko.dll
2007-10-31 00:18 69,632 --a--c--- C:\WINDOWS\system32\dllcache\ehresfr.dll
2007-10-31 00:18 69,632 --a--c--- C:\WINDOWS\system32\dllcache\ehresde.dll
2007-10-31 00:18 61,440 --a--c--- C:\WINDOWS\system32\dllcache\ehreschs.dll
2007-10-30 23:56 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2007-10-30 23:46 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-10-30 23:46 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2007-10-30 23:46 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2007-10-30 23:46 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-10-30 23:46 17,024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys
2007-10-30 23:46 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-10-30 23:45 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2007-10-30 23:45 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-10-30 23:31 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-10-30 23:31 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2007-10-30 23:31 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-10-30 23:31 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2007-10-30 21:59 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-10-30 21:58 <DIR> d-------- C:\Program Files\LimeWire
2007-10-30 18:29 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-30 16:17 <DIR> d-------- C:\WINDOWS\dell
2007-10-30 11:51 <DIR> d-------- C:\WINDOWS\CAVTemp
2007-10-30 11:17 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-30 11:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2007-10-30 04:01 <DIR> d-------- C:\Program Files\E404 Helper
2007-10-30 03:59 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
2007-10-30 03:58 <DIR> d-------- C:\Program Files\vwbmzyfa
2007-10-30 03:58 <DIR> d-------- C:\Program Files\Kgebwyww
2007-10-30 03:58 106,496 --a------ C:\Documents and Settings\All Users\Application Data\dazifgzi.dll.vir
2007-10-30 03:58 104,960 --a------ C:\WINDOWS\system32\drvvop.dll
2007-10-30 03:58 21,504 --a------ C:\WINDOWS\system32\aivskurq.dll
2007-10-30 03:19 <DIR> d-------- C:\WINDOWS\pss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-06 07:16 --------- d-----w C:\Documents and Settings\Tyler Eads\Application Data\Azureus
2007-11-03 01:43 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2007-11-03 01:43 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2007-11-03 01:43 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2007-11-03 01:43 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2007-11-03 01:43 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2007-11-03 01:43 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2007-11-03 01:43 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2007-11-03 01:43 34,834 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2007-11-02 02:33 --------- d-----w C:\Program Files\themexp
2007-10-31 05:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-30 19:45 --------- d-----w C:\Program Files\Norton AntiVirus
2007-10-30 13:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-11 02:51 --------- d-----w C:\Documents and Settings\Tyler Eads\Application Data\Apple Computer
2007-10-10 10:22 --------- d-----w C:\Program Files\Azureus
2007-10-10 10:10 --------- d-----w C:\Program Files\GemMaster
2007-10-10 10:10 --------- d-----w C:\Program Files\GameSpy Arcade
2007-10-03 09:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-10-02 19:47 --------- d-----w C:\Documents and Settings\Tyler Eads\Application Data\U3
2007-10-01 08:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-01 08:50 --------- d-----w C:\Program Files\iPod
2007-09-12 10:39 --------- d-----w C:\Program Files\BitComet
2007-09-06 10:34 --------- d-----w C:\Program Files\iTunes
2007-09-06 10:32 --------- d-----w C:\Program Files\Apple Software Update
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2006-06-16 03:10:41 88 --sha-r C:\WINDOWS\system32\874AF9924E.sys
2006-06-16 03:10:41 4,182 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A8C2C57-93A7-0675-5A40-098909C6F6CC}]
2007-11-01 18:08 106496 --a------ C:\Program Files\Nxpxmceo\codnunjv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{806E1CA8-2B65-45B5-B1D4-C42EF388E119}]
C:\WINDOWS\system32\mljhhff.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 03:04]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 13:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 13:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 13:45]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 11:35 C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 08:56]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 17:29]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-05 22:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 07:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 07:44]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-14 01:05]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 15:16]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" []
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 08:28]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 08:28]
"HostManager"="C:\Program Files\Common Files\AOL\1154258297\ee\AOLSoftware.exe" [2006-04-20 09:10]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 08:59]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-05 17:03]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" []
"capfaem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfaem.exe" []
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-09-20 14:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-05-31 17:37]
"Aim6"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 11:57]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2007-08-16 08:03]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-11 22:45:00]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 08:11:42]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-06-09 01:23:45]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 18:55:40]
HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 13:16:08]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 13:16:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{806E1CA8-2B65-45B5-B1D4-C42EF388E119}"= C:\WINDOWS\system32\mljhhff.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2006-03-09 12:46 73728 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys
S2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe"
S2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe"
S2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe"
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe -k QWAVE
S3 QWAVEDRV;QWAVE driver;C:\WINDOWS\system32\DRIVERS\qwavedrv.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef42f4cb-fa10-11db-8e41-0015c5165da6}]
AutoRun\command - G:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-10-11 03:08:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-30 10:31:40 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Tyler Eads at 02 19.job"
"2007-10-30 11:54:21 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Tyler Eads at 04 54.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
"2007-11-02 08:01:02 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Tyler Eads at 12 01 AM.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
"2007-11-02 07:36:25 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-11-02 09:54:07 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-06 03:48:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-06 3:51:18 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-30 03:13
.
--- E O F ---
verticalslik
Active Member
 
Posts: 6
Joined: October 31st, 2007, 5:39 am

Re: Malware infected explorer.exe

Unread postby Katana » November 15th, 2007, 6:25 pm

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    DirLook::
    C:\d3dabb1bf483ac8fe72f23d1
    C:\Program Files\E404 Helper
    
    File::
    C:\Documents and Settings\All Users\Application Data\dazifgzi.dll.vir
    C:\WINDOWS\system32\drvvop.dll
    C:\WINDOWS\system32\aivskurq.dll
    C:\WINDOWS\system32\dpqaqlqx.bin
    C:\WINDOWS\system32\mljhhff.dll
    
    Folder::
    C:\Program Files\vwbmzyfa
    C:\Program Files\Kgebwyww
    C:\Program Files\Nxpxmceo
    
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A8C2C57-93A7-0675-5A40-098909C6F6CC}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{806E1CA8-2B65-45B5-B1D4-C42EF388E119}]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{806E1CA8-2B65-45B5-B1D4-C42EF388E119}"=-
    

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Please can you post a fresh HJT log as well
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Malware infected explorer.exe

Unread postby verticalslik » November 15th, 2007, 10:25 pm

ComboFix 07-11-08.1 - Tyler Eads 2007-11-15 17:14:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.258 [GMT -8:00]
Running from: C:\Documents and Settings\Tyler Eads\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tyler Eads\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\All Users\Application Data\dazifgzi.dll.vir
C:\WINDOWS\system32\aivskurq.dll
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\drvvop.dll
C:\WINDOWS\system32\mljhhff.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\dazifgzi.dll.vir
C:\Program Files\Kgebwyww
C:\Program Files\Kgebwyww\hnmoilri.dll
C:\Program Files\Nxpxmceo
C:\Program Files\Nxpxmceo\codnunjv.dll
C:\Program Files\vwbmzyfa
C:\Program Files\vwbmzyfa\zchopulw.dll
C:\WINDOWS\system32\aivskurq.dll
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\drvvop.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-16 to 2007-11-16 )))))))))))))))))))))))))))))))
.

2007-11-06 00:11 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-06 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-05 23:23 335 --a------ C:\WINDOWS\mozregistry.dat
2007-11-04 19:42 <DIR> d-------- C:\Program Files\CCleaner
2007-11-02 03:17 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-02 03:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-02 03:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-02 03:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-02 03:10 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-02 03:09 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-02 03:09 <DIR> d-------- C:\Documents and Settings\Tyler Eads\Application Data\PC Tools
2007-11-02 03:09 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-02 00:20 <DIR> d-------- C:\Program Files\Uniblue
2007-11-01 23:13 <DIR> d-------- C:\Documents and Settings\Tyler Eads\Application Data\Uniblue
2007-11-01 23:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2007-11-01 18:45 <DIR> d-------- C:\d3dabb1bf483ac8fe72f23d1
2007-11-01 17:38 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2007-10-31 00:18 221,184 --a--c--- C:\WINDOWS\system32\dllcache\wmpns.dll
2007-10-31 00:18 73,728 --a--c--- C:\WINDOWS\system32\dllcache\ehresja.dll
2007-10-31 00:18 69,632 --a--c--- C:\WINDOWS\system32\dllcache\ehresko.dll
2007-10-31 00:18 69,632 --a--c--- C:\WINDOWS\system32\dllcache\ehresfr.dll
2007-10-31 00:18 69,632 --a--c--- C:\WINDOWS\system32\dllcache\ehresde.dll
2007-10-31 00:18 61,440 --a--c--- C:\WINDOWS\system32\dllcache\ehreschs.dll
2007-10-30 23:56 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2007-10-30 23:46 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-10-30 23:46 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2007-10-30 23:46 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2007-10-30 23:46 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-10-30 23:46 17,024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys
2007-10-30 23:46 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-10-30 23:45 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2007-10-30 23:45 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-10-30 23:31 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-10-30 23:31 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2007-10-30 23:31 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-10-30 23:31 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2007-10-30 21:59 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-10-30 21:58 <DIR> d-------- C:\Program Files\LimeWire
2007-10-30 18:29 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-30 16:17 <DIR> d-------- C:\WINDOWS\dell
2007-10-30 11:51 <DIR> d-------- C:\WINDOWS\CAVTemp
2007-10-30 11:17 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-30 11:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2007-10-30 04:01 <DIR> d-------- C:\Program Files\E404 Helper
2007-10-30 03:19 <DIR> d-------- C:\WINDOWS\pss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-16 01:23 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2007-11-16 01:23 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2007-11-16 01:23 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2007-11-16 01:23 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2007-11-16 01:23 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2007-11-16 01:23 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2007-11-16 01:23 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2007-11-16 01:23 34,834 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2007-11-16 01:21 --------- d-----w C:\Documents and Settings\Tyler Eads\Application Data\Azureus
2007-11-02 02:33 --------- d-----w C:\Program Files\themexp
2007-10-31 05:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-30 19:45 --------- d-----w C:\Program Files\Norton AntiVirus
2007-10-30 13:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-11 02:51 --------- d-----w C:\Documents and Settings\Tyler Eads\Application Data\Apple Computer
2007-10-10 10:22 --------- d-----w C:\Program Files\Azureus
2007-10-10 10:10 --------- d-----w C:\Program Files\GemMaster
2007-10-10 10:10 --------- d-----w C:\Program Files\GameSpy Arcade
2007-10-03 09:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-10-02 19:47 --------- d-----w C:\Documents and Settings\Tyler Eads\Application Data\U3
2007-10-01 08:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-01 08:50 --------- d-----w C:\Program Files\iPod
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2006-06-16 03:10:41 88 --sha-r C:\WINDOWS\system32\874AF9924E.sys
2006-06-16 03:10:41 4,182 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\d3dabb1bf483ac8fe72f23d1 ----

2007-09-27 22:19 95864 --a------ C:\d3dabb1bf483ac8fe72f23d1\mrtstub.exe
2007-09-27 22:19 18089592 --a------ C:\d3dabb1bf483ac8fe72f23d1\mrt.exe

---- Directory of C:\Program Files\E404 Helper ----

2007-11-05 23:29 15872 --a------ C:\Program Files\E404 Helper\e404.v1.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 03:04]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 13:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 13:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 13:45]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 11:35 C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 08:56]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 17:29]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-05 22:05]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 07:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 07:44]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-14 01:05]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 15:16]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" []
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 08:28]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 08:28]
"HostManager"="C:\Program Files\Common Files\AOL\1154258297\ee\AOLSoftware.exe" [2006-04-20 09:10]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 08:59]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-05 17:03]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" []
"capfaem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfaem.exe" []
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-09-20 14:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-05-31 17:37]
"Aim6"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 11:57]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2007-08-16 08:03]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-11 22:45:00]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 08:11:42]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-06-09 01:23:45]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 18:55:40]
HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 13:16:08]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 13:16:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys
S2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe"
S2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe"
S2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe"
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe -k QWAVE
S3 QWAVEDRV;QWAVE driver;C:\WINDOWS\system32\DRIVERS\qwavedrv.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef42f4cb-fa10-11db-8e41-0015c5165da6}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-10-11 03:08:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-30 10:31:40 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Tyler Eads at 02 19.job"
"2007-10-30 11:54:21 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Tyler Eads at 04 54.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
"2007-11-02 08:01:02 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Tyler Eads at 12 01 AM.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
"2007-11-12 08:36:18 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-11-02 09:54:07 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-15 17:27:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-15 17:29:48 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-06 03:51
C:\ComboFix3.txt ... 2007-10-30 03:13
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:26 PM, on 11/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\AOL\1154258297\ee\AOLSoftware.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtPSS.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Spyware Doctor\update.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154258297\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfaem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfaem.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3971597171
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - Unknown owner - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe (file missing)
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: HIPS Event Manager (UmxAgent) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (file missing)
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (file missing)
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (file missing)
O23 - Service: HIPS Policy Manager (UmxPol) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12150 bytes
verticalslik
Active Member
 
Posts: 6
Joined: October 31st, 2007, 5:39 am

Re: Malware infected explorer.exe

Unread postby Katana » November 16th, 2007, 6:52 am

Those logs look good :)

You need to check your AntiVirus, it is not showing as being active

Please try the Kaspersky scan again
How are things running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Malware infected explorer.exe

Unread postby verticalslik » November 16th, 2007, 7:56 am

katana wrote:Those logs look good :)

You need to check your AntiVirus, it is not showing as being active

Please try the Kaspersky scan again
How are things running now ?

Things are running much better, thank you :D . But I am still having some problems with Firefox, I still cant log into sites. I've reinstalled it a couple times, but no luck, I can figure it out :?:
verticalslik
Active Member
 
Posts: 6
Joined: October 31st, 2007, 5:39 am

Re: Malware infected explorer.exe

Unread postby Katana » November 16th, 2007, 10:31 am

You need to use IE for the Kaspersky scan
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Malware infected explorer.exe

Unread postby Katana » November 21st, 2007, 2:03 pm

Do you still need any help ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Malware infected explorer.exe

Unread postby Gary R » December 4th, 2007, 11:56 am

Due to lack of response this topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Gary R
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 297 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware