Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Popups and browser-multipliers making my life miserable

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Popups and browser-multipliers making my life miserable

Unread postby Crunchyhippo » February 5th, 2008, 9:31 am

I keep getting promos for different peddlers popping up all the time, and often my browser just inexplicably starts multiplying - usually to over 60 browsers before it grinds to a halt. I've run McAfee, Spybot, Ad-Aware, and Windows Defender (some multiple times at full scan) to no avail.

Can someone please help?

I'm posting my log below.


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:35:52 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Defender\MSASCui .exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Documents and Settings\Jeff\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {696D8C1E-7039-40c8-9C66-07D9D2A2D00D} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\xwvomjea.dll
O2 - BHO: (no name) - {D4576C73-52BD-4401-B966-5A128C4433D4} - C:\WINDOWS\system32\ssqronk.dll (file missing)
O2 - BHO: (no name) - {ED441413-AC03-4012-B463-04A845AF57E5} - C:\WINDOWS\system32\ssqrr.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [e032b96b] rundll32.exe "C:\WINDOWS\system32\qsttutgt.dll",b
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting .exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O20 - Winlogon Notify: ssqronk - ssqronk.dll (file missing)
O20 - Winlogon Notify: xwvomjea - C:\WINDOWS\SYSTEM32\xwvomjea.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7277 bytes
Crunchyhippo
Regular Member
 
Posts: 46
Joined: February 5th, 2008, 9:11 am
Location: Florida
Advertisement
Register to Remove

Re: Popups and browser-multipliers making my life miserable

Unread postby Simon V. » February 6th, 2008, 7:26 am

Hello, and welcome to the forum.

My name is Simon V., and I'll be glad to help you with your computer problems.

Step 1

You're running an older version of HijackThis. Please download and install the newest:

Download HJTInstall.exe to your desktop.

  • Doubleclick HJTInstall.exe to install HijackThis.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in Notepad. Save it to a convenient location.

Don't use the AnalyseThis button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Step 2

Please download and install CCleaner.

Open CCleaner. On the Windows tab, leave the default options alone.

  • On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
  • Click on the Run Cleaner button at the bottom right hand corner.
  • When the cleaner has completed, click Tools in the Left Pane.
  • Verify that Uninstall is highlighted in color, or click on it.
  • In the lower right, click Save to Text File.
  • Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
  • You can leave the filename as install.txt.
  • Click Save, then exit Ccleaner.

Step 3

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofi ... e-combofix

Post the log from ComboFix (C:\Combofix.txt) when you've accomplished that, along with a new HijackThis log and the CCleaner Uninstall List (install.txt)
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: Popups and browser-multipliers making my life miserable

Unread postby Crunchyhippo » February 6th, 2008, 3:08 pm

I don't know if the post I just tried to make made it or not. I apologize if I'm reposting the same one - but here are the results of your requests. Thanks!


Combofix

ComboFix 08-02.05.3 - Jeff 2008-02-06 13:34:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.126 [GMT -5:00]
Running from: C:\Documents and Settings\Jeff\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\xwvomjea.dll
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ckqrfywx.dll
C:\WINDOWS\system32\cmecyhpp.ini
C:\WINDOWS\system32\fxusnonm.dll
C:\WINDOWS\system32\krgnvkxv.dll
C:\WINDOWS\system32\nyiybqtu.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pphycemc.dll
C:\WINDOWS\system32\qsttutgt.dll
C:\WINDOWS\system32\rrqss.ini
C:\WINDOWS\system32\rrqss.ini2
C:\WINDOWS\system32\sdbhkwbw.dll
C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\sykberfs.dll
C:\WINDOWS\system32\tgtuttsq.ini
C:\WINDOWS\system32\tnommnsx.dll
C:\WINDOWS\system32\ujoaljsw.ini
C:\WINDOWS\system32\utqbyiyn.ini
C:\WINDOWS\system32\valqpaia.dll
C:\WINDOWS\system32\wbwkhbds.ini
C:\WINDOWS\system32\xwvomjea.dll
C:\WINDOWS\system32\xwvomjea.dllbox

.
((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))
.

2008-02-06 13:24 . 2008-02-06 13:24 <DIR> d-------- C:\Program Files\CCleaner
2008-02-05 19:26 . 2008-02-05 19:26 3,490 --a------ C:\WINDOWS\system32\lawemmax.dll
2008-02-05 19:24 . 2008-02-05 19:24 3,483 --a------ C:\WINDOWS\system32\sxltqqmt.dll
2008-02-05 11:42 . 2008-02-05 11:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-03 18:16 . 2008-02-06 13:47 2,880 --a------ C:\WINDOWS\system32\Config.MPF
2008-02-03 18:07 . 2007-06-25 10:57 171,240 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-02-03 18:07 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-02-03 18:07 . 2007-06-25 14:54 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-02-03 18:07 . 2007-06-25 10:57 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-02-03 18:07 . 2007-06-25 10:57 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-02-03 18:07 . 2007-06-25 10:57 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-02-03 18:04 . 2008-02-03 18:07 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-02-03 18:03 . 2008-02-03 18:12 <DIR> d-------- C:\Program Files\McAfee
2008-02-03 03:25 . 2008-02-03 17:06 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-02 21:17 . 2008-02-03 17:34 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-02 21:17 . 2008-02-03 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-02 20:46 . 2008-02-02 20:46 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-02 20:46 . 2008-02-02 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-02 19:59 . 2008-02-02 19:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-02 17:13 . 2008-02-02 17:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2008-02-02 17:09 . 2008-02-02 17:09 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-02-02 17:06 . 2005-10-06 18:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-02-01 19:35 . 2008-02-02 17:08 <DIR> d-------- C:\Program Files\Avast4
2008-02-01 18:33 . 2008-02-01 18:33 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-01 18:33 . 2008-02-01 18:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-01 07:32 . 2008-02-01 07:32 <DIR> d-------- C:\Documents and Settings\Tess\Application Data\Spyware Terminator
2008-01-31 22:52 . 2008-02-01 17:49 <DIR> d-------- C:\Program Files\Crawler
2008-01-31 21:28 . 2008-02-02 19:05 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-31 20:39 . 2008-02-03 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-31 20:22 . 2008-01-31 20:25 3,856 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-31 20:12 . 2008-01-31 20:14 <DIR> d-------- C:\Documents and Settings\Jeff\.housecall6.6
2008-01-27 17:35 . 2008-01-27 17:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-01-12 11:58 . 2008-01-12 12:13 <DIR> d-------- C:\Program Files\President Bush
2008-01-11 18:01 . 2008-02-03 18:13 114,688 --a------ C:\WINDOWS\system32\igfxpers .exe
2008-01-11 18:01 . 2008-02-03 18:59 94,208 --a------ C:\WINDOWS\system32\igfxtray .exe
2008-01-11 18:01 . 2008-02-03 18:13 77,824 --a------ C:\WINDOWS\system32\hkcmd .exe
2008-01-11 17:28 . 2008-02-02 21:14 <DIR> d-------- C:\WINDOWS\system32\edcA01
2008-01-11 17:28 . 2008-01-11 17:28 <DIR> d-------- C:\Temp\Ryuan1
2008-01-11 17:28 . 2008-01-11 17:28 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 18:41 --------- d-----w C:\Program Files\Windows Defender
2008-02-06 18:34 --------- d-----w C:\Program Files\NetWaiting
2008-02-04 00:53 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\OLD59.tmp
2008-02-03 23:59 --------- d-----w C:\Program Files\QuickTime
2008-02-03 23:03 --------- d-----w C:\Program Files\McAfee.com
2008-02-03 22:23 --------- d-----w C:\Program Files\DellSupport
2008-02-03 00:57 --------- d--ha-w C:\Documents and Settings\All Users\Application Data\GTek
2008-02-01 03:11 --------- d-----w C:\Program Files\Google
2008-01-05 21:42 --------- d-----w C:\Documents and Settings\Jeff\Application Data\AdobeUM
2007-12-30 02:17 --------- d-----w C:\Program Files\Acoustica Spin It Again
2007-12-30 02:17 --------- d-----w C:\Program Files\Acoustica Shared Effects
2007-12-18 01:19 --------- d-----w C:\Documents and Settings\Tess\Application Data\Jasc Software Inc
2007-12-11 01:26 --------- d-----w C:\Program Files\ExtractNow
2007-12-08 23:32 --------- d-----w C:\Program Files\SemSim 640-801 CCNA Exams
2006-07-19 00:58 36,856 ----a-w C:\Documents and Settings\Tess\Application Data\GDIPFONTCACHEV1.DAT
.
Code: Select all
<pre>
----a-w           135,168 2008-02-01 12:30:25  C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent .exe
----a-w            53,248 2008-02-03 23:13:08  C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
----a-w            86,016 2008-02-01 00:38:49  C:\Program Files\Dell\Media Experience\DMXLauncher .exe
----a-w           610,304 2008-02-03 23:51:45  C:\Program Files\Dell\QuickSet\quickset  .exe
----a-w           610,304 2008-02-03 23:51:47  C:\Program Files\Dell\QuickSet\quickset .exe
----a-w           460,784 2008-02-01 12:30:22  C:\Program Files\DellSupport\DSAgnt .exe
----a-w            32,881 2008-02-03 23:13:07  C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe
----a-w           212,992 2008-02-03 23:55:51  C:\Program Files\McAfee.com\Agent\mcupdate .exe
----a-w           212,992 2008-02-03 23:55:52  C:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXE
----a-w           212,992 2008-02-03 23:55:53  C:\Program Files\McAfee.com\Agent\MCUPDA~2 .EXE
----a-w           212,992 2008-02-03 23:55:53  C:\Program Files\McAfee.com\Agent\MCUPDA~3 .EXE
----a-w           212,992 2008-02-03 23:55:54  C:\Program Files\McAfee.com\Agent\MCUPDA~4 .EXE
----a-w         1,694,208 2008-02-02 01:08:06  C:\Program Files\Messenger\msmsgs .exe
----a-w            53,248 2008-02-01 00:38:47  C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask .exe
----a-w           131,072 2008-02-01 00:38:44  C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray .exe
----a-w            98,304 2008-02-04 00:41:03  C:\Program Files\QuickTime\qttask                             .exe
----a-w            98,304 2008-02-03 23:58:05  C:\Program Files\QuickTime\qttask                            .exe
----a-w            98,304 2008-02-04 00:41:03  C:\Program Files\QuickTime\qttask                           .exe
----a-w            98,304 2008-02-04 00:41:03  C:\Program Files\QuickTime\qttask                          .exe
----a-w            98,304 2008-02-04 00:41:04  C:\Program Files\QuickTime\qttask                         .exe
----a-w            98,304 2008-02-04 00:41:04  C:\Program Files\QuickTime\qttask                        .exe
----a-w            98,304 2008-02-04 00:41:05  C:\Program Files\QuickTime\qttask                       .exe
----a-w            98,304 2008-02-04 00:41:05  C:\Program Files\QuickTime\qttask                      .exe
----a-w            98,304 2008-02-04 00:41:05  C:\Program Files\QuickTime\qttask                     .exe
----a-w            98,304 2008-02-04 00:41:06  C:\Program Files\QuickTime\qttask                    .exe
----a-w            98,304 2008-02-04 00:41:06  C:\Program Files\QuickTime\qttask                   .exe
----a-w            98,304 2008-02-04 00:41:07  C:\Program Files\QuickTime\qttask                  .exe
----a-w            98,304 2008-02-04 00:41:07  C:\Program Files\QuickTime\qttask                 .exe
----a-w            98,304 2008-02-04 00:41:07  C:\Program Files\QuickTime\qttask                .exe
----a-w            98,304 2008-02-04 00:41:08  C:\Program Files\QuickTime\qttask               .exe
----a-w            98,304 2008-02-04 00:41:08  C:\Program Files\QuickTime\qttask              .exe
----a-w            98,304 2008-02-04 00:41:08  C:\Program Files\QuickTime\qttask             .exe
----a-w            98,304 2008-02-04 00:41:09  C:\Program Files\QuickTime\qttask            .exe
----a-w            98,304 2008-02-04 00:41:09  C:\Program Files\QuickTime\qttask           .exe
----a-w            98,304 2008-02-04 00:41:09  C:\Program Files\QuickTime\qttask          .exe
----a-w            98,304 2008-02-04 00:41:10  C:\Program Files\QuickTime\qttask         .exe
----a-w            98,304 2008-02-04 00:41:10  C:\Program Files\QuickTime\qttask        .exe
----a-w            98,304 2008-02-04 00:41:11  C:\Program Files\QuickTime\qttask       .exe
----a-w            98,304 2008-02-04 00:41:11  C:\Program Files\QuickTime\qttask      .exe
----a-w            98,304 2008-02-04 00:41:11  C:\Program Files\QuickTime\qttask     .exe
----a-w            98,304 2008-02-04 00:41:12  C:\Program Files\QuickTime\qttask    .exe
----a-w            98,304 2008-02-04 00:41:12  C:\Program Files\QuickTime\qttask   .exe
----a-w            98,304 2008-02-04 00:41:12  C:\Program Files\QuickTime\qttask  .exe
----a-w            98,304 2008-02-04 00:41:13  C:\Program Files\QuickTime\qttask .exe
----a-w         1,460,560 2008-02-03 22:11:06  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w           729,178 2008-02-03 23:13:03  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w           866,584 2008-02-06 18:20:08  C:\Program Files\Windows Defender\MSASCui .exe
----a-w            77,824 2008-02-03 23:13:02  C:\WINDOWS\system32\hkcmd .exe
----a-w           114,688 2008-02-03 23:13:04  C:\WINDOWS\system32\igfxpers .exe
----a-w            94,208 2008-02-03 23:59:35  C:\WINDOWS\system32\igfxtray .exe
</pre>



Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:55, on 2008-02-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\NetWaiting\netWaiting .exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssqrr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [e032b96b] rundll32.exe "C:\WINDOWS\system32\yvvpxudd.dll",b
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting .exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 6254 bytes


CC Cleaner


Acoustica Effects Pack
Ad-Aware 2007
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
AOLIcon
Broadcom Management Programs
CCleaner (remove only)
Conexant HDA D110 MDC V.92 Modem
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell System Restore
Dell Wireless WLAN Card
DellSupport
Digital Line Detect
EarthLink setup files
ExtractNow
Get High Speed Internet!
Google Earth
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Intel(R) Graphics Media Accelerator Driver for Mobile
Internal Network Card Power Management
Internet Explorer Default Page
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Kaspersky Online Scanner
Learn2 Player (Uninstall Only)
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Office XP Standard for Students and Teachers
Microsoft Office XP Web Components
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Modem Helper
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
MyWay Search Assistant
Netscape Communicator 4.79
NetWaiting
NetZeroInstallers
Photo Click
PowerDVD 5.5
QuickSet
QuickTime
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spin It Again
Synaptics Pointing Device Driver
The Print Shop Premier Edition 5.0
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Viewpoint Media Player
WebFldrs XP
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WordPerfect Office 12
Crunchyhippo
Regular Member
 
Posts: 46
Joined: February 5th, 2008, 9:11 am
Location: Florida

Re: Popups and browser-multipliers making my life miserable

Unread postby Simon V. » February 6th, 2008, 5:35 pm

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System

Image

Download the file & save it as it's originally named, next to ComboFix.exe.

Image

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: Popups and browser-multipliers making my life miserable

Unread postby Crunchyhippo » February 7th, 2008, 6:12 pm

Well, I was unable to produce a log after I dropped the Microsoft update on Combofix. I got a popup error "CFScript Name Error: Were you trying to run CFScript? The name, CFSCRIPT appears to be incorrectly spelt."
Crunchyhippo
Regular Member
 
Posts: 46
Joined: February 5th, 2008, 9:11 am
Location: Florida

Re: Popups and browser-multipliers making my life miserable

Unread postby Simon V. » February 9th, 2008, 6:14 am

Crunchyhippo wrote:Well, I was unable to produce a log after I dropped the Microsoft update on Combofix. I got a popup error "CFScript Name Error: Were you trying to run CFScript? The name, CFSCRIPT appears to be incorrectly spelt."

I'm sorry for the delay.

Please do the following -

Delete Combofix.exe and this folder: C:\Combofix\.

Then download Combofix from one of the links below -

Link 1
Link 2
Link 3

Then follow the instructions in my last post regarding the installation of the recovery console.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: Popups and browser-multipliers making my life miserable

Unread postby Crunchyhippo » February 9th, 2008, 8:37 am

Here are the contents of the requested log file. Many thanks.


WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
Crunchyhippo
Regular Member
 
Posts: 46
Joined: February 5th, 2008, 9:11 am
Location: Florida

Re: Popups and browser-multipliers making my life miserable

Unread postby Simon V. » February 9th, 2008, 8:42 am

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

That's looking good. You can reboot if you wish to do so.

I now notice that you haven't posted the full Combofix report. Please post the contents of this file: C:\Combofix.txt.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: Popups and browser-multipliers making my life miserable

Unread postby Crunchyhippo » February 9th, 2008, 10:03 am

I ran Combofix again, and it scanned the system. It looked like it pulled up about a dozen items which it deleted; then it rebooted the system and did something after rebooting, but it never produced any kind of log for me to print or copy.

I also got this error when booting back up:

"Error loading C:\WINDOWS/system32/doawdpmi.dll - The specified module could not be found."

McAfee also allegedly finds two or three trojans while booting up (I didn't get their names) just like last time, which it says it deletes, which is nice, but it's still troubling that this process leaves trojans to be deleted every time I turn the computer on. I'm also posting a new HijackThis log for you to check if you need to. Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:56, on 2008-02-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\NetWaiting\netWaiting .exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssqrr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [e032b96b] rundll32.exe "C:\WINDOWS\system32\doawdpmi.dll",b
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting .exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 6187 bytes
Crunchyhippo
Regular Member
 
Posts: 46
Joined: February 5th, 2008, 9:11 am
Location: Florida

Re: Popups and browser-multipliers making my life miserable

Unread postby Simon V. » February 9th, 2008, 10:10 am

Please look whether this file exists: C:\Combofix.txt

If so, please post its contents. Do not run Combofix again.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: Popups and browser-multipliers making my life miserable

Unread postby Crunchyhippo » February 9th, 2008, 4:04 pm

Here are the contents of the file.

ComboFix 08-02.05.3 - Jeff 2008-02-09 8:44:11.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.99 [GMT -5:00]
Running from: C:\Documents and Settings\Jeff\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\dduxpvvy.ini
C:\WINDOWS\system32\doawdpmi.dll
C:\WINDOWS\system32\fgbqqrpm.dll
C:\WINDOWS\system32\gkaoooqp.ini
C:\WINDOWS\system32\impdwaod.ini
C:\WINDOWS\system32\mobexwqb.dll
C:\WINDOWS\system32\pepoyhgt.dll
C:\WINDOWS\system32\pqoooakg.dll
C:\WINDOWS\system32\rrqss.ini
C:\WINDOWS\system32\rrqss.ini2
C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\yvvpxudd.dll
.
---- Previous Run -------
.
C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\xwvomjea.dll
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ckqrfywx.dll
C:\WINDOWS\system32\cmecyhpp.ini
C:\WINDOWS\system32\fxusnonm.dll
C:\WINDOWS\system32\krgnvkxv.dll
C:\WINDOWS\system32\nyiybqtu.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pphycemc.dll
C:\WINDOWS\system32\qsttutgt.dll
C:\WINDOWS\system32\rrqss.ini
C:\WINDOWS\system32\rrqss.ini2
C:\WINDOWS\system32\sdbhkwbw.dll
C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\sykberfs.dll
C:\WINDOWS\system32\tgtuttsq.ini
C:\WINDOWS\system32\tnommnsx.dll
C:\WINDOWS\system32\ujoaljsw.ini
C:\WINDOWS\system32\utqbyiyn.ini
C:\WINDOWS\system32\valqpaia.dll
C:\WINDOWS\system32\wbwkhbds.ini
C:\WINDOWS\system32\xwvomjea.dll
C:\WINDOWS\system32\xwvomjea.dllbox

.
((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.

2008-02-09 07:32 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-02-09 07:25 . 2008-02-09 07:25 <DIR> d-------- C:\ComboFix2
2008-02-06 13:24 . 2008-02-06 13:24 <DIR> d-------- C:\Program Files\CCleaner
2008-02-05 19:26 . 2008-02-05 19:26 3,490 --a------ C:\WINDOWS\system32\lawemmax.dll
2008-02-05 19:24 . 2008-02-05 19:24 3,483 --a------ C:\WINDOWS\system32\sxltqqmt.dll
2008-02-05 11:42 . 2008-02-05 11:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-03 18:16 . 2008-02-09 08:02 3,050 --a------ C:\WINDOWS\system32\Config.MPF
2008-02-03 18:07 . 2007-06-25 10:57 171,240 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-02-03 18:07 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-02-03 18:07 . 2007-06-25 14:54 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-02-03 18:07 . 2007-06-25 10:57 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-02-03 18:07 . 2007-06-25 10:57 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-02-03 18:07 . 2007-06-25 10:57 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-02-03 18:04 . 2008-02-03 18:07 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-02-03 18:03 . 2008-02-03 18:12 <DIR> d-------- C:\Program Files\McAfee
2008-02-03 03:25 . 2008-02-03 17:06 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-02 21:17 . 2008-02-03 17:34 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-02 21:17 . 2008-02-03 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-02 20:46 . 2008-02-02 20:46 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-02 20:46 . 2008-02-02 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-02 19:59 . 2008-02-02 19:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-02 17:13 . 2008-02-02 17:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2008-02-02 17:09 . 2008-02-02 17:09 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-02-02 17:06 . 2005-10-06 18:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-02-01 19:35 . 2008-02-02 17:08 <DIR> d-------- C:\Program Files\Avast4
2008-02-01 18:33 . 2008-02-01 18:33 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-01 18:33 . 2008-02-01 18:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-01 07:32 . 2008-02-01 07:32 <DIR> d-------- C:\Documents and Settings\Tess\Application Data\Spyware Terminator
2008-01-31 22:52 . 2008-02-01 17:49 <DIR> d-------- C:\Program Files\Crawler
2008-01-31 21:28 . 2008-02-02 19:05 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-31 20:39 . 2008-02-03 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-31 20:22 . 2008-01-31 20:25 3,856 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-31 20:12 . 2008-01-31 20:14 <DIR> d-------- C:\Documents and Settings\Jeff\.housecall6.6
2008-01-27 17:35 . 2008-01-27 17:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-01-12 11:58 . 2008-01-12 12:13 <DIR> d-------- C:\Program Files\President Bush
2008-01-11 18:01 . 2008-02-03 18:13 114,688 --a------ C:\WINDOWS\system32\igfxpers .exe
2008-01-11 18:01 . 2008-02-03 18:59 94,208 --a------ C:\WINDOWS\system32\igfxtray .exe
2008-01-11 18:01 . 2008-02-03 18:13 77,824 --a------ C:\WINDOWS\system32\hkcmd .exe
2008-01-11 17:28 . 2008-02-02 21:14 <DIR> d-------- C:\WINDOWS\system32\edcA01
2008-01-11 17:28 . 2008-01-11 17:28 <DIR> d-------- C:\Temp\Ryuan1
2008-01-11 17:28 . 2008-01-11 17:28 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
Crunchyhippo
Regular Member
 
Posts: 46
Joined: February 5th, 2008, 9:11 am
Location: Florida

Re: Popups and browser-multipliers making my life miserable

Unread postby Simon V. » February 9th, 2008, 4:06 pm

That log looks a little short, are that all of the contents of the Combofix.txt file?
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: Popups and browser-multipliers making my life miserable

Unread postby Crunchyhippo » February 9th, 2008, 5:53 pm

Yes, that's the entire file. It's the Combofix file listed in Notepad, which is a text file.
Crunchyhippo
Regular Member
 
Posts: 46
Joined: February 5th, 2008, 9:11 am
Location: Florida

Re: Popups and browser-multipliers making my life miserable

Unread postby Simon V. » February 9th, 2008, 6:35 pm

Hi :)

Step 1

Please copy and paste the text in the code box into Notepad (Go to Start > Run, type Notepad and hit Enter)

Code: Select all
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"
for %%g in (
"C:\WINDOWS\system32\lawemmax.dll"
"C:\WINDOWS\system32\sxltqqmt.dll"
) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
for %%g in (
"C:\WINDOWS\system32\edcA01"
"C:\Temp\Ryuan1"
"%systemdrive%\VundoFix Backups"
%systemdrive%\Deckard
%systemdrive%\Qoobox
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!
nircmd wait 7000
del %0


Go to File > Save As:. Save the file as "Fix.bat" (Including the quotes)

Double-click on Fix.bat to run the file.

If a Notepad file pops up, save it to a convenient location.

Step 2

Please download Deckard's System Scanner (DSS) and save it to your desktop.

  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, Deckard's System Scanner will open two Notepad files: main.txt and extra.txt - please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply, along with the contents of the Notepad file if it popped up after running Fix.bat.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: Popups and browser-multipliers making my life miserable

Unread postby Crunchyhippo » February 9th, 2008, 10:31 pm

Ok - here are the two combined logs: main.txt and extra.txt. I hope it helps.


Deckard's System Scanner v20071014.68
Run by Jeff on 2008-02-09 21:23:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
49: 2008-02-10 02:23:07 UTC - RP155 - Deckard's System Scanner Restore Point
48: 2008-02-09 13:52:38 UTC - RP154 - Last known good configuration
47: 2008-02-09 13:52:24 UTC - RP153 - ComboFix created restore point
46: 2008-02-09 13:52:24 UTC - RP152 - Software Distribution Service 3.0
45: 2008-02-09 13:52:23 UTC - RP151 - Last known good configuration


-- First Restore Point --
1: 2008-02-09 13:52:05 UTC - RP107 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as Jeff.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24, on 2008-02-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\NetWaiting\netWaiting .exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\Documents and Settings\Jeff\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jeff.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssqrr.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13472530-E35E-4BBF-A619-24C7E7B5EB1E} - C:\WINDOWS\system32\ssqrr.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {696D8C1E-7039-40c8-9C66-07D9D2A2D00D} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: {a7256dd4-4699-af3b-fb84-5165f914241e} - {e142419f-5615-48bf-b3fa-99644dd6527a} - C:\WINDOWS\system32\pepoyhgt.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [e032b96b] rundll32.exe "C:\WINDOWS\system32\doawdpmi.dll",b
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting .exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O20 - Winlogon Notify: ssqronk - ssqronk.dll (file missing)
O20 - Winlogon Notify: xwvomjea - xwvomjea.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7045 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>

S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-09 09:26:05 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-02-03 18:12:19 348 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-02-03 18:12:19 356 --a------ C:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2008-01-09 and 2008-02-09 -----------------------------

2008-02-09 08:51:54 447 --ahs---- C:\WINDOWS\system32\rrqss.ini2
2008-02-09 08:51:40 329728 --a------ C:\WINDOWS\system32\ssqrr.dll
2008-02-09 07:32:01 0 d-------- C:\cmdcons
2008-02-09 07:25:02 0 d-------- C:\ComboFix2
2008-02-06 13:32:37 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-06 13:32:37 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-06 13:32:37 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-06 13:32:37 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-06 13:29:22 0 dr-h----- C:\Documents and Settings\Jeff\Recent
2008-02-06 13:24:46 0 d-------- C:\Program Files\CCleaner
2008-02-05 11:42:07 0 d-------- C:\Program Files\Trend Micro
2008-02-03 18:04:09 0 d-------- C:\Program Files\Common Files\McAfee
2008-02-03 18:03:59 0 d-------- C:\Program Files\McAfee
2008-02-03 03:25:27 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-02-02 21:17:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-02 20:46:34 0 d-------- C:\Program Files\Lavasoft
2008-02-02 20:46:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-02 19:59:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-02 17:13:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2008-02-02 17:12:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-02-02 17:09:42 0 d---s---- C:\Documents and Settings\Administrator\UserData
2008-02-02 17:06:16 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-02-02 17:06:16 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-02-02 17:06:16 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-02-02 17:06:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-02-02 17:06:16 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-02-02 17:06:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-02-02 17:06:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-02-02 17:06:15 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-02-02 17:06:15 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-02-02 17:06:15 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-02-02 17:06:15 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-02-02 17:06:15 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-02-02 17:06:14 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-02-02 17:06:14 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-02-02 17:06:14 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-02-02 17:06:14 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-02-02 17:06:14 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-02-01 19:35:09 0 d-------- C:\Program Files\Avast4
2008-02-01 18:33:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-01 18:33:12 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-01 07:32:41 0 d-------- C:\Documents and Settings\Tess\Application Data\Spyware Terminator
2008-01-31 22:52:24 0 d-------- C:\Program Files\Crawler
2008-01-31 21:28:00 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-31 20:39:03 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-31 20:22:46 3856 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-31 20:12:16 0 d-------- C:\Documents and Settings\Jeff\.housecall6.6
2008-01-27 17:35:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-01-12 11:58:24 0 d-------- C:\Program Files\President Bush
2008-01-11 17:28:19 0 d-------- C:\Temp


-- Find3M Report ---------------------------------------------------------------

2008-02-09 08:51:52 0 d-------- C:\Program Files\NetWaiting
2008-02-06 13:41:05 0 d-------- C:\Program Files\Windows Defender
2008-02-03 18:59:39 0 d-------- C:\Program Files\QuickTime
2008-02-03 18:04:09 0 d-------- C:\Program Files\Common Files
2008-02-03 18:03:55 0 d-------- C:\Program Files\McAfee.com
2008-02-03 17:23:20 0 d-------- C:\Program Files\DellSupport
2008-02-01 19:27:45 0 d-------- C:\Program Files\Messenger
2008-01-31 22:11:29 0 d-------- C:\Program Files\Google
2008-01-05 16:42:02 0 d-------- C:\Documents and Settings\Jeff\Application Data\AdobeUM
2007-12-29 21:17:57 0 d-------- C:\Program Files\Acoustica Spin It Again
2007-12-29 21:17:52 0 d-------- C:\Program Files\Acoustica Shared Effects
2007-12-10 20:26:32 0 d-------- C:\Program Files\ExtractNow


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13472530-E35E-4BBF-A619-24C7E7B5EB1E}]
2008-02-09 08:51 329728 --a------ C:\WINDOWS\system32\ssqrr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e142419f-5615-48bf-b3fa-99644dd6527a}]
C:\WINDOWS\system32\pepoyhgt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" []
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" []
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" []
"SigmatelSysTrayApp"="stsystra.exe" [2005-08-23 23:42 C:\WINDOWS\stsystra.exe]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" []
"combofix"="C:\WINDOWS\system32\kmd.exe" []
"e032b96b"="C:\WINDOWS\system32\doawdpmi.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting .exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-10-06 18:25:21]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqronk]
ssqronk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xwvomjea]
xwvomjea.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqrr

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\DellSupport\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
"C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe




-- End of Deckard's System Scanner: finished at 2008-02-09 21:25:27 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) M processor 1.40GHz
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 503.37 MiB / 185.98 MiB
Pagefile Memory (total/avail): 1228.73 MiB / 927.96 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1950.48 MiB

C: is Fixed (NTFS) - 34.23 GiB total, 21.7 GiB free.
D: is CDROM (CDFS)
E: is Removable (FAT)

\\.\PHYSICALDRIVE0 - SAMSUNG MP0402H - 37.26 GiB - 3 partitions
\PARTITION0 - Unknown - 15.66 MiB
\PARTITION1 (bootable) - Installable File System - 34.23 GiB - C:
\PARTITION2 - Unknown - 3 GiB

\\.\PHYSICALDRIVE1 - Memorex Flashdrive 601B USB Device - 470.65 MiB - 1 partition
\PARTITION0 (bootable) - Win95 w/Extended Int 13 - 477.36 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jeff\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOBBS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jeff
LOGONSERVER=\\HOBBS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jeff\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jeff\LOCALS~1\Temp
USERDOMAIN=HOBBS
USERNAME=Jeff
USERPROFILE=C:\Documents and Settings\Jeff
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Jeff (admin)
Tess (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acoustica Effects Pack --> C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Broadcom Management Programs --> MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Picture Studio v3.0 --> MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
Dell Wireless WLAN Card --> C:\WINDOWS\system32\BCMWLU00.exe verbose
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
ExtractNow --> "C:\Program Files\ExtractNow\unins000.exe"
Get High Speed Internet! --> MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Internal Network Card Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Jasc Paint Shop Photo Album 5 --> MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Pro Studio, Dell Editon --> MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Office XP Standard for Students and Teachers --> MsiExec.exe /I{913D0409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Web Components --> MsiExec.exe /I{90260409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
MyWay Search Assistant --> MsiExec.exe /X{E7559288-223B-453C-9F06-340E3BE21E39}
Netscape Communicator 4.79 --> C:\WINDOWS\cd32.exe 4.79 (en)
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Photo Click --> MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spin It Again --> C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Print Shop Premier Edition 5.0 --> C:\WINDOWS\uninst.exe -f"C:\The Print Shop Products\The Print Shop Premier Edition 5.0\DeIsL1.isu" -c"C:\The Print Shop Products\The Print Shop Premier Edition 5.0\psfinst.dll"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}


-- Application Event Log -------------------------------------------------------

Event Record #/Type1448 / Error
Event Submitted/Written: 02/09/2008 09:26:02 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
mptelemetry8024402cendsearchsearch1.1.1593.0mpsigdwn.dll1.1.1593.0windows defenderNILNILNIL

Event Record #/Type1443 / Warning
Event Submitted/Written: 02/09/2008 08:49:25 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1422 / Warning
Event Submitted/Written: 02/06/2008 02:10:51 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1417 / Warning
Event Submitted/Written: 02/06/2008 01:45:39 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1416 / Error
Event Submitted/Written: 02/06/2008 01:36:44 PM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
mptelemetry8024402cendsearchsearch1.1.1593.0mpsigdwn.dll1.1.1593.0windows defenderNILNILNIL



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type14689 / Error
Event Submitted/Written: 02/09/2008 08:51:27 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.

Event Record #/Type14676 / Error
Event Submitted/Written: 02/09/2008 08:47:28 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The combofix service failed to start due to the following error:
%%1053

Event Record #/Type14675 / Error
Event Submitted/Written: 02/09/2008 08:47:28 AM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the combofix service to connect.

Event Record #/Type14621 / Warning
Event Submitted/Written: 02/09/2008 07:55:53 AM / 02/09/2008 07:55:56 AM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "BCMWLTRY Windows Application"

Event Record #/Type14597 / Warning
Event Submitted/Written: 02/09/2008 07:15:04 AM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\2005-FEB on the network \Device\NetBT_Tcpip_{8F5A4394-9B57-41AE-8311-CDEE6786D630}.
The data is the error code.



-- End of Deckard's System Scanner: finished at 2008-02-09 21:25:27 ------------
Crunchyhippo
Regular Member
 
Posts: 46
Joined: February 5th, 2008, 9:11 am
Location: Florida
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 324 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware