Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

System is a mess, incomplete malware removal, I'm frustrated

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

System is a mess, incomplete malware removal, I'm frustrated

Unread postby scrappymomtotwins » January 31st, 2009, 5:27 pm

I had some malware on my system, and I thought I killed it. But my system is still running like sludge (and yes, I do regular cleanup/maintenance on it). For example this little bugger wtp1uim3.exe keeps popping up in my running processes, even though it is NOT showing in my current Hijack This log (see below). When it pops up, it doesn't do anything except kill whatever program I am working in (ie if I am playing a game, it minimizes the game and sends me to the desktop). It's VERY annoying. In addition, all my browsers crash whenever I used them and use the new Yahoo Mail (some sort of java problem?) I'm at my wits end, almost ready to just reformat the hard drive and start over but I really would like to avoid that (I don't have the time for this mess!!)

I don't have a restore point that would allow rollback.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:09:34 PM, on 2009-01-31
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java1\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\DOCUME~1\Marilyn\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java1\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\Marilyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Documents and Settings\Marilyn\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SANYO\XactiScreenCapture\SetClip.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla FirefoxNEWNEW\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\WINDOWS\wordpad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mg1.mail.yahoo.com/dc/launch? ... unl26aja7i
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java1\jre6\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java1\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java1\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java1\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [Wootalyzer] C:\Program Files\Wootalyzer\woot.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Marilyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Marilyn\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: Xacti Screen Capture 1.1.lnk = ?
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/sc ... ecubes.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Scrabble%20Journey/Images/stg_drm.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8800795000
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.24.15/ttinst.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.disneyphotopass.com/software ... oader4.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{D47619F5-5B58-4738-BB14-BE74EE193C6D}: NameServer = 208.67.222.222,208.67.220.220
O21 - SSODL: MgeHAOIGVXOBx - {40871FF3-EA2D-B559-007A-1B5669D992CB} - C:\WINDOWS\system32\ddsa.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java1\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 16300 bytes

TIA.
scrappymomtotwins
Regular Member
 
Posts: 17
Joined: January 31st, 2009, 4:58 pm
Advertisement
Register to Remove

Re: System is a mess, incomplete malware removal, I'm frustrated

Unread postby km2357 » February 12th, 2009, 3:35 pm

Hello and welcome to Malware Removal.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh HiJackThis Log
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3204
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: System is a mess, incomplete malware removal, I'm frustrated

Unread postby scrappymomtotwins » February 12th, 2009, 4:19 pm

Hi Kim,

Here's my most recent HiJack This Log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:18:38 PM, on 2009-02-12
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java1\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\DOCUME~1\Marilyn\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java1\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\Marilyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Documents and Settings\Marilyn\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\SANYO\XactiScreenCapture\SetClip.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla FirefoxNEWNEW\firefox.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mg1.mail.yahoo.com/dc/launch? ... unl26aja7i
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java1\jre6\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java1\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java1\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java1\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [Wootalyzer] C:\Program Files\Wootalyzer\woot.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Marilyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Marilyn\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: Xacti Screen Capture 1.1.lnk = ?
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/sc ... ecubes.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Scrabble%20Journey/Images/stg_drm.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8800795000
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.24.15/ttinst.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.disneyphotopass.com/software ... oader4.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{D47619F5-5B58-4738-BB14-BE74EE193C6D}: NameServer = 208.67.222.222,208.67.220.220
O21 - SSODL: MgeHAOIGVXOBx - {40871FF3-EA2D-B559-007A-1B5669D992CB} - C:\WINDOWS\system32\ddsa.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java1\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 16762 bytes
scrappymomtotwins
Regular Member
 
Posts: 17
Joined: January 31st, 2009, 4:58 pm

Re: System is a mess, incomplete malware removal, I'm frustrated

Unread postby km2357 » February 13th, 2009, 3:59 am

Hi and its km, not kim. :)

Step # 1: Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.


Step # 2 Upload Files

Go to Jotti
Copy the following line into the white textbox:
C:\WINDOWS\system32\ddsa.dll
Click Submit.
Please post the results of this scan to this thread.

If Jotti is busy, Go to VirusTotal and scan the file(s) there.


In your next post/reply, I need to see the following:

1. Jotti/Virustotal Results
2. Uninstall List
3. A fresh HiJackThis Log
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3204
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: System is a mess, incomplete malware removal, I'm frustrated

Unread postby scrappymomtotwins » February 13th, 2009, 9:18 am

1. Uninstall List:

3ivx D4 4.5.1 Decoder (remove only)
ACDSee for PENTAX 3.0
Acrobat.com
Acrobat.com
Acronis True Image Home
Adobe AIR
Adobe AIR
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Premiere Elements 4.0 Templates
Adobe Reader 9
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
Advanced Attachments Processor
AI RoboForm (All Users)
Andrea VoiceCenter
Apple Mobile Device Support
Apple Software Update
ArtRage 2 Starter Edition
ASCOM Platform 5.0a
Bejeweled 1.23
Bejeweled 2 Deluxe
Bejeweled Deluxe 1.862
Bejeweled Twist 1.0
BlackBerry Desktop Software 4.2
BlackBerry Desktop Software 4.2
Bluetooth Software
Bonjour
Bookworm Adventures Deluxe 1.0
BookWorm Deluxe 1.03
Broadcom Management Programs
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon EOS 5D WIA Driver
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Canon EOS-1Ds Mark II WIA Driver
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.0
Canon Utilities EOS Utility
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities WFT-E1/E2 Utility
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
Chuzzle Christmas Edition 1.01
Chuzzle Deluxe 1.01
Conexant HDA D110 MDC V.92 Modem
Corel Paint Shop Pro Photo X2
Corel Paint Shop Pro Photo XI
Corel Snapfire Plus
Coupon Printer for Windows
Creative Audio Pack
Creative Delights Companion
Creative Lettering Super Combo
Creative MediaSource 5
Cricut DesignStudio
DAZzle
Dell Game Console
Dell Support 3.2.1
Dell Wireless WLAN Card
DellConnect
Digital Content Portal
Digital Line Detect
Disney Toontown Online
Disney's Toontown Online
Documentation & Support Launcher
Dynomite Deluxe 2.71
Excel Compare Data in Two Tables Software 7.0
Family Tree Maker 2005
Font Xplorer 1.2.2
FontAgent Pro 3.0rc1
Forté Agent
FotoFusionV4
FotoSlate 4
Free Font Renamer 1.3
Games, Music, & Photos Launcher
GenSmarts
Google Base Store Connector
Google Calendar Sync
Google Desktop
Google Earth
Google Video Uploader
HijackThis 2.0.2
Hot Item Finder
Hotfix for Windows Internet Explorer 7 (KB947864)
hp deskjet 9600 series
I8kfanGUI V3.1
Inkscape 0.46
Intel(R) PROSet/Wireless Software
iTunes
Java(TM) 6 Update 11
Logitech Harmony Remote Software 7
Magellan RoadMate Tools
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
MediaDirect
MediaScouter
MediaScouter 2.0
MediaScouter Desktop Download Tool
MediaScouter Desktop Download Tool 2.1
MemoryMixer 2.0
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Suite Anniversary Edition
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! for Windows XP
Microsoft Plus! Photo Story 2 LE
Microsoft Pocket Streets for Pocket PC
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets and Trips 2005 with USB GPS
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Works 6-9 Converter
mIWA
mLogView
mMHouse
MobileMe Control Panel
Modem Helper
Monopoly
MONOPOLY CASINO Vegas Edition
Monopoly Tycoon
MouseTrack
Mozilla Firefox (3.0.6)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
mWlsSafe
mWMI
mXML
MyTypeArtist
mZConfig
NetWaiting
Network Stumbler 0.4.0 (remove only)
NVIDIA Drivers
OpenAL
Outlook Attachment and Picture Extractor 1.72
OutlookAddinSetup
Pac-Man World 2
PayPal Plug-In
Pdf995
Personal Ancestral File 5
Personal Ancestral File Companion 5.2
PopCap Browser Plugin
Prospector
Puzzle Quest
QuickSet
QuickTime
RealPlayer Basic
Remote Control USB Driver
RootsMagic 3.0
Safari
SCAL Lib It Up 1.001
SCRABBLE
SCRABBLE Blast (remove only)
Scrabble Journey
Scrapbook MAX! Trial
Scrubbles
SearchAssist
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Smilebox
SocketScan Software
Sonic Copy Module
Sonic DLA
Sonic Express Labeler
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Data
Sonic Update Manager
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
SpeedFan (remove only)
Sure Cuts A Lot 1.016
Synaptics Pointing Device Driver
Text Twist
The Font Thing
The Master Genealogist Silver Edition
Time Zone Data Update Tool for Microsoft Office Outlook
Trend Micro PC-cillin Internet Security 14
Trend Micro PC-cillin Internet Security 14
Trillian
Tweak UI
Unix Utilities for Yahoo! Widgets
URL Assistant
Vertus Bling! It 1.0.7
Viewpoint Media Player
WildTangent Web Driver
Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows Mobile Daylight Saving Time 2007 Updates
Windows Search 4.0
Windows XP Service Pack 3
Winkflash Transporter
WinRAR archiver
WinSCP 3.8.2
Wootalyzer!
Word Travels
Xacti Screen Capture 1.1
Yahoo! Music Jukebox
Yahoo! Widgets
scrappymomtotwins
Regular Member
 
Posts: 17
Joined: January 31st, 2009, 4:58 pm

Re: System is a mess, incomplete malware removal, I'm frustrated

Unread postby scrappymomtotwins » February 13th, 2009, 10:08 am

I'm workng on the jotti request--been in "uploading" for almost 45 minutes now, no results. Ditto VirusTotal.
scrappymomtotwins
Regular Member
 
Posts: 17
Joined: January 31st, 2009, 4:58 pm

Re: System is a mess, incomplete malware removal, I'm frustrated

Unread postby scrappymomtotwins » February 13th, 2009, 10:37 am

How long are Jotti & VirusTotal supoosed to take? Both were in Upload mode for close to an hour without returning results. Then the laptop crashed, so now I've had to start them both all over from scratch.
scrappymomtotwins
Regular Member
 
Posts: 17
Joined: January 31st, 2009, 4:58 pm

Re: System is a mess, incomplete malware removal, I'm frustrated

Unread postby km2357 » February 13th, 2009, 3:51 pm

scrappymomtotwins wrote:How long are Jotti & VirusTotal supoosed to take? Both were in Upload mode for close to an hour without returning results. Then the laptop crashed, so now I've had to start them both all over from scratch.


It shouldn't take that long at all. It should take no more than 3-5 minutes max to get a result. Something may be blocking that file from being uploaded or it could be too large to be uploaded. Do you recognize the ddsa.dll file?



Step # 1 Remove Viewpoint Media Player

You have Viewpoint Media Player installed on your system. This program is not malware but it is foistware in that it is usually installed without the user's knowledge or approval, and for this reason I recommend you remove it. If you actually use this program, I recommend you try using safe and free alternatives such as VLC Media Player.
To remove, open Start->Control Panel->Add/Remove Programs find Viewpoint Media Player and select Remove.


Step # 2 Remove WildTangent

I see you are using Wild Tangent. It is not malware, but is sometimes thought to bring malware along. Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although it’s not technically considered spyware, it does have built in components to update itself and gather information about the computer system including
  • Operating System Version
  • CPU Type and Speed
  • Memory Amount
    Video Card type and Driver Version
  • Sound Card type and Driver Version
  • DirectX Version
    Location that the Web Driver was installed from
  • It is also a MAJOR resource hog.

For more information, see WildTangent Removal Instructions and Help and Inside Wild Tangent-Delivering High-End 3-D Content To A Web Site Near You.
Unless you are an extremely avid games player, I recommend you uninstall Wild Tangent: To uninstall Wild Tangent:
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight WildTangent Web Driver, click Remove.
  • Close the Add or Remove Programs and the Control Panel windows.


Step # 3: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please include C:\ComboFix.txt and a fresh HiJackThis Log in your next reply.

Use multiple posts if you can't fit everything into one post.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3204
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: System is a mess, incomplete malware removal, I'm frustrated

Unread postby scrappymomtotwins » February 13th, 2009, 4:23 pm

OK, I left Jotti and Virus Total uploading when i left 5 hours ago. I just got home NEITHER shows as completed/uploaded. Is it supposed to take this long??
scrappymomtotwins
Regular Member
 
Posts: 17
Joined: January 31st, 2009, 4:58 pm

Re: System is a mess, incomplete malware removal, I'm frustrated

Unread postby scrappymomtotwins » February 13th, 2009, 4:28 pm

I have a ddsa.dll file in my System32 directory. It's 15KB and has a date of 2007-09-13 on it. But I cannot get it uploaded to either of those sites, at least not via Firefox. I am going to try a different browser.

We play Wild Tangent games on this system. They won't run without the Wild Tangent driver.
scrappymomtotwins
Regular Member
 
Posts: 17
Joined: January 31st, 2009, 4:58 pm

Re: System is a mess, incomplete malware removal, I'm frustrated

Unread postby scrappymomtotwins » February 13th, 2009, 4:31 pm

Something is def. blocking jotti and virus--when I try it via IE, the minute i hit SUBMIT on either one I get
Internet Explorer cannot display the webpage

Most likely causes:
You are not connected to the Internet.
The website is encountering problems.
There might be a typing error in the address.

What you can try:
Check your Internet connection. Try visiting another website to make sure you are connected.

Retype the address.

Except, of course, I AM connected to the internet just fine and dandy for any other website. I even completely removed my anti-virus, took out the firewall, made sure windows firewall is off, checked my HOSTS and DNS file. All clear. Yet I cannot get that dll uploded to either of those sites via ANY web browser.
scrappymomtotwins
Regular Member
 
Posts: 17
Joined: January 31st, 2009, 4:58 pm

Re: System is a mess, incomplete malware removal, I'm frustrated

Unread postby scrappymomtotwins » February 13th, 2009, 10:54 pm

OK, i gave up on ddsa.dll in system32. I copied it to another directory and then tried uploading it to Jotti. Worked like a charm and it's an infected MESS.


Service
Service load: 0% 100%

File: ddsa.dll
Status: INFECTED/MALWARE
MD5: 46f25f6194d88a5b8d1bd59a7d0d2ae5
Packers detected: UPX

Scanner results
Scan taken on 14 Feb 2009 02:52:25 (GMT)
A-Squared Found Trojan-Proxy.Win32.Agent.DF!IK
AntiVir Found TR/Crypt.ULPM.Gen
ArcaVir Found Trojan.Proxy.Agent.Df
Avast Found Win32:Small-DKF
AVG Antivirus Found Proxy.JBZ
BitDefender Found Trojan.Proxy.Agent.DF
ClamAV Found Trojan.Proxy-1359
CPsecure Found Troj.Proxy.W32.Agent.d
Dr.Web Found Trojan.DownLoader.6332
F-Prot Antivirus Found W32/Virtumonde.Q.gen!Eldorado
F-Secure Anti-Virus Found Trojan-Proxy.Win32.Agent.df
G DATA Found nothing
Ikarus Found Trojan-Proxy.Win32.Agent.DF
Kaspersky Anti-Virus Found Trojan-Proxy.Win32.Agent.df
NOD32 Found a variant of Win32/TrojanProxy.Agent.DK
Norman Virus Control Found W32/Agent.VVV
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/Generic-A
VirusBuster Found Trojan.Agent.CKYO
VBA32 Found Trojan.DownLoader.6332

So how do i clean this?
scrappymomtotwins
Regular Member
 
Posts: 17
Joined: January 31st, 2009, 4:58 pm

Re: System is a mess, incomplete malware removal, I'm frustrated

Unread postby scrappymomtotwins » February 13th, 2009, 10:57 pm

Here's what VirusTotal says:

File ddsa.dll received on 10.17.2008 20:21:16 (CET)
Current status: finished
Result: 33/36 (91.67%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 - - Win-Trojan/Agent.14848.AE
AntiVir - - TR/Crypt.ULPM.Gen
Authentium - - -
Avast - - Win32:Small-DKF
AVG - - Proxy.JBZ
BitDefender - - Trojan.Proxy.Agent.DF
CAT-QuickHeal - - TrojanProxy.Agent.df
ClamAV - - Trojan.Proxy-1359
DrWeb - - Trojan.DownLoader.6332
eSafe - - Win32.Agent.df
eTrust-Vet - - Win32/Donise!generic
Ewido - - Proxy.Agent.df
F-Prot - - W32/Virtumonde.Q.gen!Eldorado
F-Secure - - Trojan-Proxy.Win32.Agent.df
Fortinet - - W32/Agent.DF!tr
GData - - Trojan.Proxy.Agent.DF
Ikarus - - Trojan-Proxy.Win32.Agent.DF
K7AntiVirus - - -
Kaspersky - - Trojan-Proxy.Win32.Agent.df
McAfee - - Generic Proxy.e
Microsoft - - TrojanProxy:Win32/Agent
NOD32 - - a variant of Win32/TrojanProxy.Agent.DK
Norman - - W32/Agent.VVV
Panda - - Adware/CWS.Searchmeup
PCTools - - Trojan-Proxy.Agent.Df
Prevx1 - - Cloaked Malware
Rising - - Trojan.Proxy.Agent.mu
SecureWeb-Gateway - - Trojan.Crypt.ULPM.Gen
Sophos - - Mal/Generic-A
Sunbelt - - Trojan-Proxy.Win32.Agent.df
Symantec - - Downloader.Trojan
TheHacker - - Trojan/Proxy.Agent.df
TrendMicro - - TROJ_Generic
VBA32 - - Trojan.DownLoader.6332
ViRobot - - -
VirusBuster - - Trojan.Agent.CKYO
Additional information
MD5: 46f25f6194d88a5b8d1bd59a7d0d2ae5
SHA1: cf92c3a4ff0b9b60e80048fb5b6ae7dee18e1513
SHA256: 1b04837e049004341214b94541e1d484d8e42f76b8f486f3187a2baede79bad2
SHA512: e1ef93c7f4cab72aa3bbd2277d77fcf47f53a913432e0184cbcd570e6903cb809e397df801b665353df7b87539ea598cd25ce8a47f469dd801d00a3482c91ab0
scrappymomtotwins
Regular Member
 
Posts: 17
Joined: January 31st, 2009, 4:58 pm

Re: System is a mess, incomplete malware removal, I'm frustrated

Unread postby scrappymomtotwins » February 13th, 2009, 11:00 pm

Latest Hijack THis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:19 PM, on 2009-02-13
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java1\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\DOCUME~1\Marilyn\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java1\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\Marilyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Documents and Settings\Marilyn\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\SANYO\XactiScreenCapture\SetClip.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla FirefoxNEWNEW\firefox.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mg1.mail.yahoo.com/dc/launch? ... unl26aja7i
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java1\jre6\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java1\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java1\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java1\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [Wootalyzer] C:\Program Files\Wootalyzer\woot.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Marilyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Marilyn\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: Xacti Screen Capture 1.1.lnk = ?
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/sc ... ecubes.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Scrabble%20Journey/Images/stg_drm.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8800795000
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.24.15/ttinst.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.disneyphotopass.com/software ... oader4.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O21 - SSODL: MgeHAOIGVXOBx - {40871FF3-EA2D-B559-007A-1B5669D992CB} - C:\WINDOWS\system32\ddsa.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java1\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 16046 bytes
scrappymomtotwins
Regular Member
 
Posts: 17
Joined: January 31st, 2009, 4:58 pm

Re: System is a mess, incomplete malware removal, I'm frustrated

Unread postby scrappymomtotwins » February 13th, 2009, 11:26 pm

Here's the combofix log:
ComboFix 09-02-12.03 - Marilyn 2009-02-13 22:17:54.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2693 [GMT -5:00]
Running from: c:\downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 )))))))))))))))))))))))))))))))
.

2009-02-13 22:09 . 2009-02-13 22:09 <DIR> d-------- c:\documents and settings\Marilyn\Application Data\AVG8
2009-02-13 21:59 . 2009-02-13 21:59 <DIR> d-------- c:\program files\Trend Micro
2009-02-13 21:38 . 2009-02-13 21:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trend Micro
2009-02-04 17:32 . 2009-02-04 22:35 2,069,784 --a------ c:\windows\system32\AutoPartNt.exe
2009-02-04 17:32 . 2009-02-04 22:36 1,024 --a------ c:\windows\system32\AutoPartNt.let
2009-02-04 16:10 . 2009-02-04 16:10 <DIR> d-------- c:\documents and settings\Marilyn\Application Data\Acronis
2009-02-04 16:03 . 2009-02-04 16:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Acronis
2009-02-04 16:03 . 2009-02-04 16:03 971,552 --a------ c:\windows\system32\drivers\tdrpm174.sys
2009-02-04 16:03 . 2009-02-04 16:03 540,000 --a------ c:\windows\system32\drivers\timntr.sys
2009-02-04 16:03 . 2009-02-04 16:03 44,704 --a------ c:\windows\system32\drivers\tifsfilt.sys
2009-02-04 16:02 . 2009-02-04 16:02 <DIR> d-------- c:\program files\Common Files\Acronis
2009-02-04 16:02 . 2009-02-04 16:02 <DIR> d-------- c:\program files\Acronis
2009-02-04 16:02 . 2009-02-04 16:02 134,272 --a------ c:\windows\system32\drivers\snman380.sys
2009-01-31 16:43 . 2009-01-31 16:45 <DIR> d-------- C:\col3927
2009-01-31 16:41 . 2009-01-31 16:41 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-01-30 00:38 . 2008-04-13 19:12 214,528 --a------ c:\windows\wordpad.exe
2009-01-28 13:44 . 2009-01-28 13:44 <DIR> d-------- c:\documents and settings\Marilyn\Application Data\Windows Search
2009-01-26 19:22 . 2009-01-26 19:22 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-01-26 19:22 . 2009-01-26 19:22 <DIR> d-------- c:\documents and settings\Marilyn\Application Data\Windows Desktop Search
2009-01-26 19:21 . 2009-01-26 19:21 <DIR> d-------- c:\windows\system32\GroupPolicy
2009-01-26 19:21 . 2009-01-26 19:21 <DIR> d-------- c:\program files\Windows Desktop Search
2009-01-26 19:19 . 2008-03-07 12:02 192,000 --------- c:\windows\system32\dllcache\offfilt.dll
2009-01-26 19:19 . 2008-03-07 12:02 98,304 --------- c:\windows\system32\dllcache\nlhtml.dll
2009-01-26 19:19 . 2008-03-07 12:02 29,696 --------- c:\windows\system32\dllcache\mimefilt.dll
2009-01-16 00:42 . 2009-01-16 00:42 552 --a------ c:\windows\system32\d3d8caps.dat
2009-01-15 23:31 . 2009-01-15 23:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-15 23:31 . 2009-01-15 23:31 <DIR> d-------- c:\documents and settings\Marilyn\Application Data\Malwarebytes
2009-01-15 23:31 . 2009-01-15 23:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-15 23:31 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 23:31 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-14 17:29 . 2009-01-14 17:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-14 15:34 . 2009-01-14 15:35 <DIR> d-------- c:\documents and settings\Marilyn\Application Data\Kodak
2009-01-14 15:25 . 2009-01-14 15:25 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-01-14 15:18 . 2009-01-14 15:18 <DIR> d-------- c:\program files\SANYO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 02:42 --------- d-----w c:\program files\Mozilla FirefoxNEWNEW
2009-02-13 04:00 --------- d-----w c:\documents and settings\Marilyn\Application Data\Corel
2009-02-13 03:58 2,932 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-02-11 05:07 --------- d-----w c:\program files\PopCap Games
2009-01-28 20:05 --------- d-----w c:\documents and settings\All Users\Application Data\LumaPix
2009-01-28 17:43 1,109,745 ----a-w c:\windows\FotoFusionV4 Uninstaller.exe
2009-01-27 17:26 --------- d-----w c:\documents and settings\Marilyn\Application Data\ProspectorV5
2009-01-27 00:35 --------- d-----w c:\documents and settings\All Users\Application Data\WholeSecurity
2009-01-25 18:31 --------- d-----w c:\program files\Google
2009-01-25 18:09 --------- d-----w c:\program files\Feedback Forager 2
2009-01-25 18:02 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-17 02:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-16 06:35 --------- d-----w c:\program files\Bonjour
2009-01-14 20:26 --------- d-----w c:\program files\Common Files\Adobe
2009-01-14 20:18 118,520 ------w c:\windows\system32\pxinsi64.exe
2009-01-14 20:18 116,472 ------w c:\windows\system32\pxcpyi64.exe
2009-01-12 18:04 --------- d-----w c:\program files\CCleaner
2009-01-12 01:25 --------- d-----w c:\program files\Microsoft Works
2009-01-02 03:23 --------- d-----w c:\program files\restoration
2009-01-02 03:03 --------- d-----w c:\documents and settings\Marilyn\Application Data\ZoomBrowser EX
2009-01-01 22:44 --------- d-----w c:\documents and settings\Marilyn\Application Data\Apple Computer
2009-01-01 20:30 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-01-01 19:09 --------- d-----w c:\program files\Safari
2008-12-29 02:55 --------- d-----w c:\program files\Canon
2008-12-29 02:41 --------- d-----w c:\program files\Common Files\Canon
2008-12-26 22:49 --------- d-----w c:\documents and settings\Marilyn\Application Data\SanDisk
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-12-18 18:59 --------- d-----w c:\program files\iTunes
2008-12-18 18:59 --------- d-----w c:\program files\iPod
2008-12-18 18:59 --------- d-----w c:\program files\Common Files\Apple
2008-12-18 18:59 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-18 18:56 --------- d-----w c:\program files\QuickTime
2008-12-17 06:23 --------- d-----w c:\documents and settings\All Users\Application Data\PopCap Games
2008-12-12 16:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 16:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-06 05:32 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-11 02:30 726,008 ----a-w c:\documents and settings\Marilyn\gotomypc_437.exe
2008-05-08 14:57 56,912 ----a-w c:\documents and settings\Marilyn\g2mdlhlpx.exe
2007-02-20 19:43 722,176 ----a-w c:\documents and settings\Marilyn\gotomypc_428.exe
2007-01-27 19:15 563,712 ----a-w c:\documents and settings\Marilyn\gotomypc_370.exe
2008-08-28 14:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082820080829\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"Wootalyzer"="c:\program files\Wootalyzer\woot.exe" [2008-06-27 392192]
"Google Update"="c:\documents and settings\Marilyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-30 133104]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-12-20 160592]
"SansaDispatch"="c:\documents and settings\Marilyn\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2008-12-26 79872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7561216]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-29 29744]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"SunJavaUpdateSched"="c:\program files\Java1\jre6\bin\jusched.exe" [2008-12-06 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-01-20 4359280]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-01-20 960536]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-20 377232]
"NVHotkey"="nvHotkey.dll" [2006-05-01 c:\windows\system32\nvhotkey.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 c:\windows\stsystra.exe]
"MBMon"="CTMBHA.DLL" [2006-06-29 c:\windows\system32\CTMBHA.DLL]
"NvMediaCenter"="NvMCTray.dll" [2006-05-01 c:\windows\system32\nvmctray.dll]
"nwiz"="nwiz.exe" [2006-05-01 c:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-12-20 160592]

c:\documents and settings\Marilyn\Start Menu\Programs\Startup\
Xacti Screen Capture 1.1.lnk - c:\documents and settings\Marilyn\Application Data\Microsoft\Installer\{37327654-EBF7-410C-9161-C24D68E02753}\_E47B9B72500055712D025F.exe [2009-01-14 128198]
Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2007-07-20 2913584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-07 24576]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"MgeHAOIGVXOBx"= {40871FF3-EA2D-B559-007A-1B5669D992CB} - c:\windows\system32\ddsa.dll [2007-09-13 14848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec_dec.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Marilyn^Start Menu^Programs^Startup^eFax 4.4.lnk]
path=c:\documents and settings\Marilyn\Start Menu\Programs\Startup\eFax 4.4.lnk
backup=c:\windows\pss\eFax 4.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Marilyn^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Marilyn\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 10:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-11-07 14:16 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
--a------ 2007-10-30 18:52 16200 c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]
--a------ 2008-07-31 18:40 95744 c:\program files\eFax Messenger 4.4\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWITOOLBOX]
--a------ 2003-09-12 01:49 290816 c:\program files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speed Typing]
--a------ 2002-12-12 13:18 101376 c:\program files\Invention Pilot\Speed Typing\STyping.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
--------- 2006-02-16 10:20 1118208 c:\program files\Creative\VoiceCenter\AndreaVC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-05-01 15:46 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
--a------ 2004-12-22 12:40 24576 c:\windows\MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2009-02-04 134272]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [2009-02-04 971552]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2007-08-17 14464]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2006-12-07 29744]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9df06e4c-946d-11db-8733-0018dea9c101}]
\Shell\AutoRun\command - e:\system\viewer\Viewer.exe
\Shell\View your videos\command - e:\system\viewer\Viewer.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-13 c:\windows\Tasks\At1.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-13 c:\windows\Tasks\At10.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-13 c:\windows\Tasks\At11.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-13 c:\windows\Tasks\At12.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-13 c:\windows\Tasks\At13.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-13 c:\windows\Tasks\At14.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-13 c:\windows\Tasks\At15.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-13 c:\windows\Tasks\At16.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-13 c:\windows\Tasks\At17.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-11 c:\windows\Tasks\At18.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-11 c:\windows\Tasks\At19.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-13 c:\windows\Tasks\At2.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-11 c:\windows\Tasks\At20.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-11 c:\windows\Tasks\At21.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-13 c:\windows\Tasks\At22.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-14 c:\windows\Tasks\At23.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-13 c:\windows\Tasks\At24.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-13 c:\windows\Tasks\At25.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-13 c:\windows\Tasks\At26.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-12 c:\windows\Tasks\At27.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-12 c:\windows\Tasks\At28.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-12 c:\windows\Tasks\At29.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-12 c:\windows\Tasks\At3.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-12 c:\windows\Tasks\At30.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-12 c:\windows\Tasks\At31.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-12 c:\windows\Tasks\At32.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-12 c:\windows\Tasks\At33.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-13 c:\windows\Tasks\At34.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-13 c:\windows\Tasks\At35.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-13 c:\windows\Tasks\At36.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-13 c:\windows\Tasks\At37.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-13 c:\windows\Tasks\At38.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-13 c:\windows\Tasks\At39.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-12 c:\windows\Tasks\At4.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-13 c:\windows\Tasks\At40.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-13 c:\windows\Tasks\At41.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-11 c:\windows\Tasks\At42.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-11 c:\windows\Tasks\At43.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-11 c:\windows\Tasks\At44.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-11 c:\windows\Tasks\At45.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-13 c:\windows\Tasks\At46.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-14 c:\windows\Tasks\At47.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-13 c:\windows\Tasks\At48.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-12 c:\windows\Tasks\At5.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-12 c:\windows\Tasks\At6.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-12 c:\windows\Tasks\At7.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-12 c:\windows\Tasks\At8.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-12 c:\windows\Tasks\At9.job
- c:\windows\system32\wtP1uim3.exe []

2009-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4059619053-719020414-4232555224-1006.job
- c:\documents and settings\Marilyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-30 15:54]

2007-11-14 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe []
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe
MSConfigStartUp-DesktopTakeover - c:\program files\DesktopTakeover\Desktop Takeover Wallpaper Changer.exe
MSConfigStartUp-eFax 4 - c:\program files\eFax Messenger 4.2\J2GDllCmd.exe
MSConfigStartUp-lphc7wfj0ee91 - c:\windows\system32\lphc7wfj0ee91.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe


.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://us.mg1.mail.yahoo.com/dc/launch? ... unl26aja7i
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\Marilyn\Application Data\Mozilla\Firefox\Profiles\2jh3ozjn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\PayPal\PayPal Plug-In\components\PayPalPlugin.dll
FF - plugin: c:\documents and settings\Marilyn\Application Data\Mozilla\Firefox\Profiles\2jh3ozjn.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\Marilyn\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Java1\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java1\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-13 22:20:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\Marilyn\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_content&?%

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-13 22:24:28
ComboFix-quarantined-files.txt 2009-02-14 03:24:23

Pre-Run: 204,293,656,576 bytes free
Post-Run: 204,332,335,104 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

358 --- E O F --- 2009-02-13 22:06:04
scrappymomtotwins
Regular Member
 
Posts: 17
Joined: January 31st, 2009, 4:58 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 117 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware