Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Webcry And I Have No Access To Tabs In Ie


  • Please log in to reply
9 replies to this topic

#1 diminishedrespon

diminishedrespon

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:18 AM

Posted 24 October 2007 - 02:41 AM

All search attempts have been bombarded by webcry.com, I have tried your suggested methods to remove viruses and other infections and still the problem persists, Also around the same time, my tabs in Internet Explorer are completely gone, I can not access them from the File menu, and Internet Options Tab settings are futile, they do not appear at all, as if non-existent. Also important, since following your prescribed method to remove the threats, when the laptop is turned on and the desktop is loading-up I receive error messages: C:\ProgramData\tgjibaxs.dll and C:\ProgramData\fmxkpony.dll and something about RegSvr32.dll files. Please help and Thank you for any future suggestions and advices.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:05 AM, on 10/24/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\sttray.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {02C1F370-4FA1-AACF-21C6-05DCF76D84B1} - C:\Program Files\mvhhpluo\dlmfuhph.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [fmxkpony] regsvr32 /u "C:\ProgramData\fmxkpony.dll"
O4 - HKLM\..\Run: [tgjibaxs] regsvr32 /u "C:\ProgramData\tgjibaxs.dll"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: bw+0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 21837 bytes

BC AdBot (Login to Remove)

 


m

#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:18 AM

Posted 13 November 2007 - 03:08 PM

Hi diminishedrespon, :thumbsup:

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience. :blink:

P.S. Please copy/paste the log into this thread using the Add Reply button.

#3 diminishedrespon

diminishedrespon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:18 AM

Posted 14 November 2007 - 02:11 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:28 AM, on 11/14/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\sttray.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {02C1F370-4FA1-AACF-21C6-05DCF76D84B1} - C:\Program Files\mvhhpluo\dlmfuhph.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Janice\AppData\Local\Temp\HSPERF~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Janice\AppData\Local\Temp\HSPERF~1.SH! (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: bw+0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {414AE8BA-9F1A-4F4E-BD4F-794750E03233} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 22649 bytes


In addition, my Vista desktop wallpaper is missing, only solid colours are showing, no pics to graphics. Thanks for the help Falu.

#4 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:18 AM

Posted 16 November 2007 - 03:58 AM

Hi diminishedrespon, :thumbsup:

Welcome to BleepingComputer Forums and thanks again for your patience.

Go through the instructions so you know what you're supposed to do. It may be more practical to print the instructions since you will disconnect from the internet.

1. You have Trojan.Win32.Obfuscated.gx on your computer.

.... can severely compromise system security. Such risks may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware. These risks may also collect and transmit personally identifiable information (PII) without your consent and severely degrade the performance and stability of your computer.


If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable.

2. We need to disable your Real-time Protection as it may interfere with the fixes that we need to make.

> Windows defender:

Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

> Teatimer:

Run Spybot S&D, go to the Mode menu and select Advanced Mode;
On the left hand side choose Tools > Resident;
Uncheck Resident Teatimer and click Ok (close Spybot).

3. Download ATF Cleaner by Atribune. Do not run it yet.

4. Reboot and as the computer starts up, just before Windows starts to load, tap the F8 key a few times and then choose Safe Mode from the menu that will appear.

5. Run HijackThis, click Scan and checkmark the following entries:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {02C1F370-4FA1-AACF-21C6-05DCF76D84B1} - C:\Program Files\mvhhpluo\dlmfuhph.dll


Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

6. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete the following folder in bold:

C:\Program Files\mvhhpluo

Let me know if you had problems with this step.

7. Double-click ATF-Cleaner.exe to run the program. You should be the adminstrator of thiscomputer.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

8. You have Logitech Desktop Messenger installed on your computer.
Once a week, when connected to the internet, Logitech Desktop Messenger will automatically connect with Logitech servers to see if there are any new messages for you. It performs this check during idle time to avoid slowing down other applications that may be accessing the Internet.
If there is a message on the server, then Logitech Desktop Messenger will download the message utilizing bandwidth that would otherwise be unused. After the message is downloaded, Logitech Desktop Messenger will wait for one minute of keyboard and mouse inactivity before displaying the message on your screen. I suggest doing all updates yourself and removing this application!
This will not affect any other Logitech software or hardware in any way.

Click on start, then control panel, and then double-click on add/remove programs.
From within add/remove program uninstall the following if they exist by double-clicking on the following entry:

Logitech Desktop Messenger

9. Reboot to go back into normal mode.

10. Download Deckard's System Scanner and save it to your Desktop.

* Double click dss.exe and follow the prompts.
* When finished, it will produce a log for you.
* Post the contents of that log in your next reply.
* Using Windows Explorer (to get there right-click your Start button and go to "Explore"), navigate to the C:\Deckard\System Scanner folder. You will find two logs in the folder, main.txt and extra.txt.
* Open the main.txt log in Notepad
* Also Copy and Paste its contents in a reply.

11. You're using an outdated version of Java (latest one is Java Runtime Environment (JRE) 6u3). Older versions have vulnerabilities that malware can use to infect your system. Please update and remove the older versions. Do the following:
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    It should have next icon next to it: Posted Image
    Select it and click Remove.
  • Then Download and install the newest version from here:

    Java Runtime Environment (JRE) 6u3
12. Run the F-Secure Online Scanner, beta version for Vista!!
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

13.

In addition, my Vista desktop wallpaper is missing, only solid colours are showing, no pics to graphics.


Unfortunately I couldn't check the following instructions.

In control panel go to "ease of access center"
Next, choose "Make it easier to focus on tasks"
Under "Reading" see if "Remove background images" box is checked.
If it is, uncheck it and that should get your desktop wallpaper back.

Please post the F-Secure report together with DSS main/extra logs.

#5 diminishedrespon

diminishedrespon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:18 AM

Posted 16 November 2007 - 10:52 PM

This is the DSS main log:


Deckard's System Scanner v20071014.68
Run by Janice on 2007-11-16 19:25:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
10: 2007-11-16 04:41:40 UTC - RP83 - Windows Update
9: 2007-11-14 07:45:28 UTC - RP82 - Windows Update
8: 2007-11-09 02:01:23 UTC - RP81 - Windows Update
7: 2007-11-06 21:19:45 UTC - RP80 - Windows Backup
6: 2007-11-06 21:09:25 UTC - RP79 - Windows Update


-- First Restore Point --
1: 2007-11-02 03:43:59 UTC - RP73 - Logitech QuickCam v11.50.1145


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Janice.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:05 PM, on 11/16/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\sttray.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\taskeng.exe
C:\Users\Janice\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Janice.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Janice\AppData\Local\Temp\HSPERF~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Janice\AppData\Local\Temp\HSPERF~1.SH! (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10189 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071023-015602-144 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
backup-20071023-015602-369 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20071023-015602-621 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
backup-20071023-015602-704 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
backup-20071023-015602-879 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20071023-015602-935 O3 - Toolbar: The optnet - {B02534D7-8D91-49BE-A864-97DFB8E0BAB4} - C:\Windows\optnet.dll (file missing)
backup-20071023-015602-972 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
backup-20071106-000133-593 O4 - HKLM\..\Run: [fmxkpony] regsvr32 /u "C:\ProgramData\fmxkpony.dll"
backup-20071106-000133-824 O4 - HKLM\..\Run: [tgjibaxs] regsvr32 /u "C:\ProgramData\tgjibaxs.dll"
backup-20071116-190600-353 O2 - BHO: (no name) - {02C1F370-4FA1-AACF-21C6-05DCF76D84B1} - C:\Program Files\mvhhpluo\dlmfuhph.dll
backup-20071116-190600-532 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20071116-190600-636 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 AvgWFP (AVG7 Firewall Driver x86) - c:\windows\system32\drivers\avgwfp.sys
R3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 STacSV (SigmaTel Audio Service) - c:\windows\system32\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>

S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-01 01:00:02 368 --a------ C:\Windows\Tasks\McQcTask.job
2007-08-26 09:13:59 402 --a------ C:\Windows\Tasks\EasyShare Registration Task.job
2007-08-03 05:15:37 366 --a------ C:\Windows\Tasks\McDefragTask.job


-- Files created between 2007-10-16 and 2007-11-16 -----------------------------

2007-11-05 14:47:02 0 d-------- C:\Windows\system32\vmm32
2007-11-04 00:37:20 0 d-------- C:\Users\All Users\ATI
2007-10-25 23:37:32 0 d-------- C:\Windows\system32\EXP
2007-10-25 23:02:15 0 d-------- C:\Program Files\IrfanView
2007-10-25 22:47:51 47104 --a------ C:\Windows\system32\drivers\avgwfp.sys
2007-10-25 22:47:35 0 d-------- C:\Users\All Users\Grisoft
2007-10-25 22:47:35 0 d-------- C:\Users\All Users\avg7
2007-10-24 01:53:25 0 d-------- C:\Windows\Internet Logs
2007-10-23 13:56:24 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-10-23 11:48:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-23 01:46:33 0 d-------- C:\Program Files\Trend Micro
2007-10-22 22:58:34 0 d-------- C:\Users\All Users\Yahoo! Companion
2007-10-22 22:41:01 0 d--h----- C:\Users\All Users\yahoo!
2007-10-22 22:39:09 0 d-------- C:\Windows\cache
2007-10-18 01:03:32 34304 --a------ C:\Windows\nmcuninstall.exe
2007-10-18 01:03:31 322048 --a------ C:\Windows\hstsys.dll
2007-10-18 01:03:31 294400 --a------ C:\Windows\hostctrl.dll
2007-10-18 00:41:08 0 d--h----- C:\TEMP


-- Find3M Report ---------------------------------------------------------------

2007-11-16 19:11:21 0 d-------- C:\Program Files\Logitech
2007-11-16 18:08:06 0 d-------- C:\Program Files\McAfee
2007-11-16 08:30:39 0 d-------- C:\Users\Janice\AppData\Roaming\AVG7
2007-11-15 14:46:29 0 d-------- C:\Users\Janice\AppData\Roaming\LimeWire
2007-11-14 01:46:03 0 d-------- C:\Program Files\Windows Mail
2007-11-13 02:00:59 3250 --a------ C:\Users\Janice\AppData\Roaming\wklnhst.dat
2007-11-05 14:47:02 0 d-------- C:\Program Files\Dell
2007-11-04 11:42:00 0 d-------- C:\Program Files\Google
2007-11-01 21:46:58 0 d-------- C:\Program Files\Common Files\logishrd
2007-11-01 21:43:56 0 d-------- C:\Program Files\Common Files\Logitech
2007-10-23 11:48:47 0 d-------- C:\Program Files\Common Files
2007-10-22 22:58:34 0 d-------- C:\Users\Janice\AppData\Roaming\Yahoo!
2007-10-22 22:40:55 0 d-------- C:\Program Files\Yahoo!
2007-10-15 20:37:00 0 d-------- C:\Users\Janice\AppData\Roaming\Google
2007-10-06 22:31:49 0 d-------- C:\Users\Janice\AppData\Roaming\Adobe
2007-10-04 10:54:50 0 d-------- C:\Program Files\LimeWire
2007-10-01 09:15:37 0 d-------- C:\Users\Janice\AppData\Roaming\ATI
2007-09-30 23:31:11 0 d-------- C:\Program Files\iolis
2007-08-30 12:58:38 174 --ahs---- C:\Program Files\desktop.ini
2007-08-24 18:08:24 1275392 --a------ C:\Windows\system32\msxml4.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP 2>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [08/03/2007 12:22 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/27/2007 06:35 PM]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [03/21/2007 01:33 PM]
"SigmatelSysTrayApp"="sttray.exe" [03/06/2007 02:37 PM C:\Windows\sttray.exe]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 10:37 AM]
"@"="" []
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [01/17/2007 04:30 PM]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [04/16/2007 03:10 PM]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [03/16/2007 04:20 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/03/2007 05:06 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [10/25/2007 10:55 PM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 04:33 PM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [10/25/2007 04:37 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 03:45 PM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 08:59 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Janice\AppData\Local\Temp\HSPERF~1.SH!

C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wkcalrem.LNK - C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [06/05/2006 3:18:54 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [09/23/2005 9:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [08/03/2007 4:45:38 AM]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [08/03/2007 4:53:31 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=–-”w(Æ‘wD«º
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceActiveDesktopOn"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
"NoActiveDesktopChanges"=0 (0x0)
"NoSaveSettings"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 10/25/2007 10:47 PM 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7359 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-11-16 19:28:57 ------------



This is the DSS extra log:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Basic (build 6000)
Architecture: X86; Language: English

CPU 0: AMD Turion™ 64 X2 Mobile Technology TL-56
Percentage of Memory in Use: 34%
Physical Memory (total/avail): 1917.53 MiB / 1257.57 MiB
Pagefile Memory (total/avail): 4057 MiB / 3040.53 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.84 MiB

C: is Fixed (NTFS) - 136.49 GiB total, 112.67 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 6.57 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST9160821AS ATA Device - 149.05 GiB - 4 partitions
\PARTITION0 - Unknown - 62.72 MiB
\PARTITION1 - Installable File System - 10 GiB - D:
\PARTITION2 (bootable) - Installable File System - 136.49 GiB - C:
\PARTITION3 - Extended w/Extended Int 13 - 2.5 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: McAfee Personal Firewall v (McAfee)
AV: AVG 7.5.503 v7.5.503 (Grisoft)
AV: McAfee VirusScan v (McAfee)
AS: McAfee VirusScan v (McAfee)
AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.) Disabled Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Janice\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JANICE-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Janice
LOCALAPPDATA=C:\Users\Janice\AppData\Local
LOGONSERVER=\\JANICE-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4802
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Janice\AppData\Local\Temp
TMP=C:\Users\Janice\AppData\Local\Temp
USERDOMAIN=Janice-PC
USERNAME=Janice
USERPROFILE=C:\Users\Janice
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Janice


-- Add/Remove Programs ---------------------------------------------------------

Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
AOL Install --> MsiExec.exe /I{2357B8BC-88C9-4A72-818C-050CC4EB0778}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x9
ATI PCI Express (3GIO) Filter Driver --> C:\Program Files\InstallShield Installation Information\{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}\Setup.exe -runfromtemp -l0x0009 -removeonly
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Broadcom Management Programs --> MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
ccc-Branding --> MsiExec.exe /I{4F5A53E6-3CBE-44D7-91AD-2E535348484F}
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
Dell DataSafe Online --> MsiExec.exe /I{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}
Dell Resource CD --> MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Support Center --> MsiExec.exe /I{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}
Dell System Customization Wizard --> MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
Dell Touchpad --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
EarthLink Setup Files --> MsiExec.exe /X{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}
Games, Music, & Photos Launcher --> MsiExec.exe /I{3E25E350-949F-4DB7-8288-2A60E018B4C1}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Internet Service Offers Launcher --> MsiExec.exe /I{CCFF1E13-77A2-4032-8B12-7566982A27DF}
Iolis --> C:\PROGRA~1\iolis\UNWISE.EXE C:\PROGRA~1\iolis\INSTALL.LOG
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LG GSM PC Components --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB8251EE-C86B-410D-83B2-1E28E9DE2C2B}\setup.exe" -l0x9
LG USB Modem Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 -removeonly
LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Legacy USB Camera Driver Package --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\10.00.1438\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"legacyqcam_10.00" /clone_wait /hide_progress
Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Logitech QuickCam Driver Package --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
MediaDirect --> C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
Product Documentation Launcher --> MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
QuickSet --> MsiExec.exe /I{7F0C4457-8E64-491B-8D7B-991504365D1E}
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
UMVPLStandalone --> MsiExec.exe /X{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
wallpapersinteractivosdownload --> C:\Windows\WEB\Wallpaper\wallpapersinteractivosdownload dir\uninstall.exe
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\Windows\cache\YINSTH~1.DLL
Yahoo! Music Jukebox --> MsiExec.exe /X{7C49EA42-5647-4051-84C2-E6404F25A931}
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type16861 / Error
Event Submitted/Written: 11/16/2007 07:13:41 PM
Event ID/Source: 5007 / WerSvc
Event Description:
The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Event Record #/Type16847 / Success
Event Submitted/Written: 11/16/2007 07:13:11 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type16846 / Success
Event Submitted/Written: 11/16/2007 07:13:06 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type16839 / Success
Event Submitted/Written: 11/16/2007 07:12:47 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type16829 / Warning
Event Submitted/Written: 11/16/2007 07:11:44 PM
Event ID/Source: 6000 / Wlclntfy
Event Description:
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type32978 / Error
Event Submitted/Written: 11/16/2007 07:13:58 PM
Event ID/Source: 10010 / DCOM
Event Description:
{C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}

Event Record #/Type32873 / Error
Event Submitted/Written: 11/16/2007 07:12:19 PM
Event ID/Source: 6 / ACPI
Event Description:
IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 7, function 0.
Please contact your system vendor for technical assistance.

Event Record #/Type32872 / Error
Event Submitted/Written: 11/16/2007 07:12:19 PM
Event ID/Source: 6 / ACPI
Event Description:
IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 5, function 0.
Please contact your system vendor for technical assistance.

Event Record #/Type32868 / Error
Event Submitted/Written: 11/16/2007 07:05:25 PM
Event ID/Source: 10005 / DCOM
Event Description:
1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Event Record #/Type32867 / Error
Event Submitted/Written: 11/16/2007 07:05:08 PM
Event ID/Source: 10005 / DCOM
Event Description:
1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}



-- End of Deckard's System Scanner: finished at 2007-11-16 19:28:57 ------------


This is the F-Secure report:

Scanning Report
Friday, November 16, 2007 20:19:21 - 22:40:30
Computer name: JANICE-PC
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\


--------------------------------------------------------------------------------

Result: 1 malware found
Zlob.gen94 (virus)
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20071116-190600-353.DLL (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 38513
System: 0
Not scanned: 0
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 1
Submitted: 1
Files not scanned:

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-11-15
F-Secure AVP: 7.0.171, 2007-11-16
F-Secure Orion: 1.2.37, 2007-11-16
F-Secure Blacklight: 1.0.64
F-Secure Pegasus: 1.19.0, 2007-10-14
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD LSP MAP MHT MIF PHP POT WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.




Thank you so much Falu....
But unfortunately my "remove background images" box was already unchecked, and still the problem that i have no desktop wallpaper still persists.
Thanks anyhow...

#6 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:18 AM

Posted 19 November 2007 - 05:49 AM

Hi diminishedrespon, :thumbsup:

1. To begin with, your logs show tat you have your internal Windows Firewall enabled. Next to that there is McAfee Personal Firewall v (McAfee) on your computer allthough not with real-time protection enabled.

Since the Windows Firewall only blocks incoming traffic I would recommend to use a third party firewall, such as McAfee, which blocks both. If you agree disable Windows Firewall.

For a tutorial on Firewalls click: Understanding and Using Firewalls!

2. Do you know what this is:

wallpapersinteractivosdownload --> C:\Windows\WEB\Wallpaper\wallpapersinteractivosdownload dir\uninstall.exe

3. Download ATF Cleaner by Atribune. Do not run it yet.

4. We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

You may re-enable it again when your computer is clean.

5. It's probably best to safe/print those instructions for use in safe mode, since you will not have access to this site at that time.

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
5) Select your normal user account.

6. Run HijackThis, click Scan and checkmark the following entries:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =


Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

7. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete the following files in bold if they exist:

C:\Windows\nmcuninstall.exe
C:\Windows\hstsys.dll
C:\Windows\hostctrl.dll

Let me know if you had problems with this step.

8. Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

9. In the attachment you see a fixd.reg; right-click it to download it to your desktop. Next doubleclick the file to run it.

10. Reboot to go back into normal mode.

11. You're using an outdated version of Java (latest one is Java Runtime Environment (JRE) 6u3). Older versions have vulnerabilities that malware can use to infect your system. Please update and remove the older versions. Do the following:
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    It should have next icon next to it: Posted Image
    Select it and click Remove.
  • Then Download and install the newest version from here:

    Java Runtime Environment (JRE) 6u3
Please post a fresh HijackThis log and don't forget the information I asked for. How are things running now?

Attached Files

  • Attached File  fixd.reg   132bytes   9 downloads


#7 diminishedrespon

diminishedrespon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:18 AM

Posted 20 November 2007 - 12:41 PM

Hi Falu, :thumbsup:

In regards to No. 2, C:\Windows\WEB\Wallpaper\wallpapersinteractivosdownload dir\uninstall.exe

This was from when I wanted to download an interactive wallpaper for my desktop background, and a Windows theme Glass-nature thing,
anyways the whole thing went bad, and i think that it was at this time that my laptop started to have the problems- it started with the Spy Shredder thing which I mistakenly clicked on. Also I had deleted the WEB folder which contained the pics when I had attempted to download the wallpaper. Maybe this was a bad move.

In regards to No. 7, I successfully deleted C:\Windows\nmcunistall.exe, but C:\Windows\hstsys.dll and C:\Windows\hostctrl.dll does not exist. So I guess we're good there.

Additional Info.
It seems the following from the Hijack This scan will not delete:

RO-HKLM\Software\Microsoft\InternetExplorer\Search, SearchAssistant=
RO-HKLM\Software\Microsoft\InternetExplorer\Search, CustomizeSearch=

Also, Congratulations to both of us my wallpaper is back, Yeah!! thank you very much Falu.

In addition,
My C: drive's free space would gradually decrease on its own almost everyday. I did some system cleaning once before and got about 120 GB of space free, now I have about 108 and nothing much has been downloaded. What could be the problem here.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:00 PM, on 11/20/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\sttray.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Janice\AppData\Local\Temp\HSPERF~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Janice\AppData\Local\Temp\HSPERF~1.SH! (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10695 bytes

#8 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:18 AM

Posted 23 November 2007 - 06:20 AM

Hi diminishedrespon, :thumbsup:

1. To begin with: how about the firewall issue I mentioned in my last post? Please don't be neglective since a quality firewall is very essential for the safe use of your computer while on the internet.

2.

In regards to No. 7, I successfully deleted C:\Windows\nmcunistall.exe, but C:\Windows\hstsys.dll and C:\Windows\hostctrl.dll does not exist.


Make sure you can view all files. Click Start >My Computer > Tools > Folder Options >View. Check "Show hidden files and folders", uncheck "Hide protected operating system files" and "Hide extensions for known file types". Click "Apply to all folders" >Apply then OK.

Now check if you can find these files:

C:\Windows\hstsys.dll
C:\Windows\hostctrl.dll

and folder and get rid of them:

C:\Windows\WEB\Wallpaper\wallpapersinteractivosdownload dir

Next hide your files again:

Open Windows Explorer >Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is unchecked. Also check "Hide protected operating system files" and tick "Hide extensions for known file types" . Now click "Apply to all folders", >Apply then OK.

Let me know how this went.

3.

RO-HKLM\Software\Microsoft\InternetExplorer\Search, SearchAssistant=
RO-HKLM\Software\Microsoft\InternetExplorer\Search, CustomizeSearch=


Don't worry about these two since they're not malware or related, so let them be; they'll do no harm at all.

4.

My C: drive's free space would gradually decrease on its own almost everyday. I did some system cleaning once before and got about 120 GB of space free, now I have about 108 and nothing much has been downloaded. What could be the problem here.


It could be malware related allthough not proven yet. Normally it refers to more activity on/of the computer and often things change quicker than we users think. Let's wait and see what the tools come up with. If negative you may ask around at the Software and Hardware Subforums.

5. Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

6. Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

So please post the WinPfind report along with the Smitfraud report and a fresh HijackThis log.

#9 diminishedrespon

diminishedrespon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:18 AM

Posted 02 December 2007 - 05:10 PM

Hi Falu,
Sorry I took so long to reply was swamped with work literally!
Anyways..

I am a bit unclear about the firewall issue, what is it exactly that I should do or not to, or what to download, or change a setting or stop using a particular virus software...I'm clueless

In regards to No 2. I followed the procedure but the files seem as if they just no longer exist.

I will read about and look into the decreasing memory problem as well.

With that said here are the Logs you asked for:


SmitFraudFix v2.253

Scan done at 16:21:53.64, 12/02/2007
Run from C:\Users\Janice\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\Dwm.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\sttray.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 legal-at-spybot.info
127.0.0.1 www.legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Janice


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Janice\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Janice\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 440x 10/100 Integrated Controller
DNS Server Search Order: 10.0.0.138

HKLM\SYSTEM\CCS\Services\Tcpip\..\{017AC627-100E-4152-970C-0A2BBDC3E9A1}: DhcpNameServer=10.0.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0B1F2412-D25A-4AA5-B3F9-E44607984D9E}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2549F154-E5AD-4773-B8EB-3822CE4E379B}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{017AC627-100E-4152-970C-0A2BBDC3E9A1}: DhcpNameServer=10.0.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0B1F2412-D25A-4AA5-B3F9-E44607984D9E}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2549F154-E5AD-4773-B8EB-3822CE4E379B}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS2\Services\Tcpip\..\{017AC627-100E-4152-970C-0A2BBDC3E9A1}: DhcpNameServer=10.0.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0B1F2412-D25A-4AA5-B3F9-E44607984D9E}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2549F154-E5AD-4773-B8EB-3822CE4E379B}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\..\{017AC627-100E-4152-970C-0A2BBDC3E9A1}: DhcpNameServer=10.0.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0B1F2412-D25A-4AA5-B3F9-E44607984D9E}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2549F154-E5AD-4773-B8EB-3822CE4E379B}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



The WinPfind Log:

WinPFind3 logfile created on: 12/02/2007 4:27:47 PM
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Users\Janice\Desktop\WinPFind3u\
Windows Vista ™ Home Basic (Version = 6.0.6000)
Internet Explorer (Version = 7.0.6000.16546)

1.87 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 59.26% Memory free
3.96 Gb Paging File | 2.81 Gb Available in Paging File | 70.86% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.49 Gb Total Space | 106.80 Gb Free Space | 78.25% Space Free
Drive D: | 10.00 Gb Total Space | 6.57 Gb Free Space | 65.68% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: JANICE-PC
Current User Name: Janice
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr = ]
ati2evxx.exe -> %System32%\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4162 | Size = 565248 bytes | Modified Date = 03/21/2007 12:01:32 AM | Attr = ]
ati2evxx.exe -> %System32%\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4162 | Size = 565248 bytes | Modified Date = 03/21/2007 12:01:32 AM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 10/25/2007 10:55:14 PM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.497 | Size = 579072 bytes | Modified Date = 10/25/2007 10:55:16 PM | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.494 | Size = 406528 bytes | Modified Date = 10/25/2007 10:55:18 PM | Attr = ]
avgrssvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 10/25/2007 10:47:38 PM | Attr = ]
avgrssvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 10/25/2007 10:47:38 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 10/25/2007 10:47:46 PM | Attr = ]
bcmwltry.exe -> %System32%\BCMWLTRY.EXE -> Dell Inc. [Ver = 4.102.15.61 | Size = 1724416 bytes | Modified Date = 03/21/2007 1:33:42 PM | Attr = ]
cocimanager.exe -> %CommonProgramFiles%\logishrd\LQCVFX\COCIManager.exe -> Logitech Inc. [Ver = 11.5.0.1169 | Size = 407824 bytes | Modified Date = 10/25/2007 4:32:58 PM | Attr = ]
communications_helper.exe -> %CommonProgramFiles%\logishrd\LComMgr\Communications_Helper.exe -> [Ver = | Size = 563984 bytes | Modified Date = 10/25/2007 4:33:22 PM | Attr = ]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> Avanquest Software [Ver = 1, 0, 0, 2 | Size = 50688 bytes | Modified Date = 11/03/2006 5:02:14 PM | Attr = ]
dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 03/15/2007 11:09:36 AM | Attr = ]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.703.15317 | Size = 1862144 bytes | Modified Date = 08/03/2007 5:06:50 AM | Attr = ]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.703.15317 | Size = 1862144 bytes | Modified Date = 08/03/2007 5:06:50 AM | Attr = ]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.703.15317 | Size = 1862144 bytes | Modified Date = 08/03/2007 5:06:50 AM | Attr = ]
hwapi.exe -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.3.105.0 | Size = 540776 bytes | Modified Date = 02/13/2007 12:09:12 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/15/2007 1:10:54 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/15/2007 1:11:04 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 09/25/2007 1:11:36 AM | Attr = ]
lvcomser.exe -> %CommonProgramFiles%\logishrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.5.1158 | Size = 186904 bytes | Modified Date = 10/19/2007 1:17:28 PM | Attr = ]
lvcomser.exe -> %CommonProgramFiles%\logishrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.5.1158 | Size = 186904 bytes | Modified Date = 10/19/2007 1:17:28 PM | Attr = ]
lvprcsrv.exe -> %CommonProgramFiles%\logishrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.5.0.1158 | Size = 141848 bytes | Modified Date = 10/19/2007 1:19:22 PM | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 566872 bytes | Modified Date = 01/05/2007 3:21:16 PM | Attr = ]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 361560 bytes | Modified Date = 01/05/2007 3:22:12 PM | Attr = ]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,2,108,0 | Size = 2213416 bytes | Modified Date = 03/09/2007 4:36:10 AM | Attr = ]
mcods.exe -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 362064 bytes | Modified Date = 01/16/2007 5:03:36 PM | Attr = ]
mcpromgr.exe -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 493144 bytes | Modified Date = 01/05/2007 3:21:40 PM | Attr = ]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 1,2,138,0 | Size = 353368 bytes | Modified Date = 04/12/2007 9:33:42 AM | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.2.116.x86 | Size = 144960 bytes | Modified Date = 06/25/2007 10:56:42 AM | Attr = ]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,2,131,0 | Size = 643664 bytes | Modified Date = 01/25/2007 5:01:58 PM | Attr = ]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.2.122.0 | Size = 841256 bytes | Modified Date = 06/19/2007 8:55:24 AM | Attr = ]
mps.exe -> %ProgramFiles%\McAfee\MPS\mps.exe -> McAfee, Inc. [Ver = 9.2.134.0 | Size = 906792 bytes | Modified Date = 04/18/2007 2:08:06 PM | Attr = ]
mpsevh.exe -> %ProgramFiles%\McAfee\MPS\mpsevh.exe -> McAfee, Inc. [Ver = 9.2.134.0 | Size = 304680 bytes | Modified Date = 04/18/2007 2:08:10 PM | Attr = ]
mskagent.exe -> %ProgramFiles%\McAfee\MSK\mskagent.exe -> McAfee Inc. [Ver = 8.2.125.0 | Size = 152144 bytes | Modified Date = 01/17/2007 4:30:24 PM | Attr = ]
msksrver.exe -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee Inc. [Ver = 8.2.125.0 | Size = 29264 bytes | Modified Date = 01/17/2007 4:30:34 PM | Attr = ]
pcmservice.exe -> %ProgramFiles%\Dell\MediaDirect\PCMService.exe -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 184320 bytes | Modified Date = 04/16/2007 3:10:26 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3 | Size = 286720 bytes | Modified Date = 11/14/2007 11:43:10 PM | Attr = ]
quickcam.exe -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe -> [Ver = | Size = 2178832 bytes | Modified Date = 10/25/2007 4:37:32 PM | Attr = ]
quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 8, 0, 11, 0 | Size = 1125088 bytes | Modified Date = 02/20/2007 12:01:12 PM | Attr = ]
redirsvc.exe -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,3,109,0 | Size = 256096 bytes | Modified Date = 03/08/2007 3:42:42 PM | Attr = ]
sbcssvc.exe -> %ProgramFiles%\Sunbelt Software\CounterSpy\SBCSSvc.exe -> Sunbelt Software [Ver = 2.2.1156.0 | Size = 788976 bytes | Modified Date = 08/27/2007 12:09:12 PM | Attr = ]
sbcstray.exe -> %ProgramFiles%\Sunbelt Software\CounterSpy\SBCSTray.exe -> Sunbelt Software [Ver = 2.2.1156.0 | Size = 698864 bytes | Modified Date = 08/27/2007 12:09:14 PM | Attr = ]
sdwinsec.exe -> %ProgramFiles%\Spybot - Search & Destroy\SDWinSec.exe -> Safer Networking Ltd. [Ver = 1, 0, 0, 8 | Size = 600912 bytes | Modified Date = 08/31/2007 4:46:18 PM | Attr = ]
searchprotection.exe -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 06/08/2007 8:59:38 AM | Attr = ]
stacsv.exe -> %System32%\stacsv.exe -> SigmaTel, Inc. [Ver = 1.0.5407.0 nd575 cp1 | Size = 90112 bytes | Modified Date = 03/06/2007 2:38:28 PM | Attr = ]
sttray.exe -> %SystemRoot%\sttray.exe -> SigmaTel, Inc. [Ver = 1.0.5407.0 nd575 cp1 | Size = 303104 bytes | Modified Date = 03/06/2007 2:37:30 PM | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 9.1.18.6 27Apr07 | Size = 857648 bytes | Modified Date = 04/27/2007 6:35:28 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 9:19:46 AM | Attr = ]
wkcalrem.exe -> %CommonProgramFiles%\microsoft shared\Works Shared\WkCalRem.exe -> Microsoft® Corporation [Ver = 8.05.0818.0 | Size = 21504 bytes | Modified Date = 06/05/2006 3:18:54 AM | Attr = ]
wltray.exe -> %System32%\WLTRAY.EXE -> Dell Inc. [Ver = 4.102.15.61 | Size = 1548288 bytes | Modified Date = 03/21/2007 1:33:44 PM | Attr = ]
wltrysvc.exe -> %System32%\WLTRYSVC.EXE -> [Ver = | Size = 24064 bytes | Modified Date = 03/21/2007 1:33:44 PM | Attr = ]
xaudio.exe -> %System32%\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.00 | Size = 386560 bytes | Modified Date = 08/04/2006 6:39:20 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr = ]
(Ati External Event Utility) Ati External Event Utility [Win32_Own | Auto | Running] -> %System32%\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4162 | Size = 565248 bytes | Modified Date = 03/21/2007 12:01:32 AM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 10/25/2007 10:55:14 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 10/25/2007 10:47:46 PM | Attr = ]
(AvgCoreSvc) AVG7 Resident Shield Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 10/25/2007 10:47:38 PM | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.494 | Size = 406528 bytes | Modified Date = 10/25/2007 10:55:18 PM | Attr = ]
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> -> File not found
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> -> File not found
(DPS) Diagnostic Policy Service [Win32_Shared | Unknown | Running] -> -> File not found
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 9 | Size = 70656 bytes | Modified Date = 03/19/2007 11:44:44 AM | Attr = ]
(Emproxy) McAfee E-mail Proxy [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\McAfee\EmProxy\emproxy.exe -> McAfee, Inc. [Ver = 11,2,214,0 | Size = 341328 bytes | Modified Date = 10/05/2007 5:33:26 PM | Attr = ]
(GoogleDesktopManager) GoogleDesktopManager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.703.15317 | Size = 1862144 bytes | Modified Date = 08/03/2007 5:06:50 AM | Attr = ]
(gpsvc) Group Policy Client [Win32_Shared | Unknown | Running] -> -> File not found
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 2:24:18 AM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/15/2007 1:10:54 PM | Attr = ]
(LVCOMSer) LVCOMSer [Win32_Own | Auto | Running] -> %CommonProgramFiles%\logishrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.5.1158 | Size = 186904 bytes | Modified Date = 10/19/2007 1:17:28 PM | Attr = ]
(LVPrcSrv) Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\logishrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.5.0.1158 | Size = 141848 bytes | Modified Date = 10/19/2007 1:19:22 PM | Attr = ]
(LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\logishrd\SrvLnch\SrvLnch.exe -> Logitech Inc. [Ver = 11.5.0.1158 | Size = 141848 bytes | Modified Date = 10/19/2007 1:21:16 PM | Attr = ]
(McAfee HackerWatch Service) McAfee HackerWatch Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.3.105.0 | Size = 540776 bytes | Modified Date = 02/13/2007 12:09:12 PM | Attr = ]
(mcmispupdmgr) McAfee Update Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\MSC\mcupdmgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 689752 bytes | Modified Date = 01/05/2007 3:22:18 PM | Attr = ]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 361560 bytes | Modified Date = 01/05/2007 3:22:12 PM | Attr = ]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,2,108,0 | Size = 2213416 bytes | Modified Date = 03/09/2007 4:36:10 AM | Attr = ]
(McODS) McAfee Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 362064 bytes | Modified Date = 01/16/2007 5:03:36 PM | Attr = ]
(mcpromgr) McAfee Protection Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 493144 bytes | Modified Date = 01/05/2007 3:21:40 PM | Attr = ]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 1,2,138,0 | Size = 353368 bytes | Modified Date = 04/12/2007 9:33:42 AM | Attr = ]
(McRedirector) McAfee Redirector Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,3,109,0 | Size = 256096 bytes | Modified Date = 03/08/2007 3:42:42 PM | Attr = ]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> -> File not found
(McSysmon) McAfee SystemGuards [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,2,131,0 | Size = 643664 bytes | Modified Date = 01/25/2007 5:01:58 PM | Attr = ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.2.122.0 | Size = 841256 bytes | Modified Date = 06/19/2007 8:55:24 AM | Attr = ]
(MPS9) McAfee Privacy Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPS\mps.exe -> McAfee, Inc. [Ver = 9.2.134.0 | Size = 906792 bytes | Modified Date = 04/18/2007 2:08:06 PM | Attr = ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> -> File not found
(MSK80Service) McAfee SpamKiller Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee Inc. [Ver = 8.2.125.0 | Size = 29264 bytes | Modified Date = 01/17/2007 4:30:34 PM | Attr = ]
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Unknown | Running] -> -> File not found
(SBCSSvc) Sunbelt CounterSpy Antispyware [Win32_Own | Auto | Running] -> %ProgramFiles%\Sunbelt Software\CounterSpy\SBCSSvc.exe -> Sunbelt Software [Ver = 2.2.1156.0 | Size = 788976 bytes | Modified Date = 08/27/2007 12:09:12 PM | Attr = ]
(SBSDWSCService) SBSD Security Center Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spybot - Search & Destroy\SDWinSec.exe -> Safer Networking Ltd. [Ver = 1, 0, 0, 8 | Size = 600912 bytes | Modified Date = 08/31/2007 4:46:18 PM | Attr = ]
(SCardSvr) Smart Card [Win32_Shared | Unknown | Stopped] -> -> File not found
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> -> File not found
(STacSV) SigmaTel Audio Service [Win32_Own | Auto | Running] -> %System32%\stacsv.exe -> SigmaTel, Inc. [Ver = 1.0.5407.0 nd575 cp1 | Size = 90112 bytes | Modified Date = 03/06/2007 2:38:28 PM | Attr = ]
(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> File not found
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Running] -> -> File not found
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> -> File not found
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %System32%\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe -> File not found
(XAudioService) XAudioService [Win32_Own | Auto | Running] -> %System32%\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.00 | Size = 386560 bytes | Modified Date = 08/04/2006 6:39:20 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.497 | Size = 579072 bytes | Modified Date = 10/25/2007 10:55:16 PM | Attr = ]
Broadcom Wireless Manager UI -> %System32%\WLTRAY.EXE -> Dell Inc. [Ver = 4.102.15.61 | Size = 1548288 bytes | Modified Date = 03/21/2007 1:33:44 PM | Attr = ]
ECenter -> %SystemDrive%\DELL\E-Center\EULALauncher.exe -> [Ver = 1.0.2489.24404 | Size = 17920 bytes | Modified Date = 03/16/2007 4:20:42 AM | Attr = ]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.703.15317 | Size = 1862144 bytes | Modified Date = 08/03/2007 5:06:50 AM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 3, 20, 100, 1123 | Size = 81920 bytes | Modified Date = 10/03/2006 10:37:04 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/15/2007 1:11:04 PM | Attr = ]
LogitechCommunicationsManager -> %CommonProgramFiles%\logishrd\LComMgr\Communications_Helper.exe -> [Ver = | Size = 563984 bytes | Modified Date = 10/25/2007 4:33:22 PM | Attr = ]
LogitechQuickCamRibbon -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe -> [Ver = | Size = 2178832 bytes | Modified Date = 10/25/2007 4:37:32 PM | Attr = ]
MskAgentexe -> %ProgramFiles%\McAfee\MSK\mskagent.exe -> McAfee Inc. [Ver = 8.2.125.0 | Size = 152144 bytes | Modified Date = 01/17/2007 4:30:24 PM | Attr = ]
PCMService -> %ProgramFiles%\Dell\MediaDirect\PCMService.exe -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 184320 bytes | Modified Date = 04/16/2007 3:10:26 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3 | Size = 286720 bytes | Modified Date = 11/14/2007 11:43:10 PM | Attr = ]
SBCSTray -> %ProgramFiles%\Sunbelt Software\CounterSpy\SBCSTray.exe -> Sunbelt Software [Ver = 2.2.1156.0 | Size = 698864 bytes | Modified Date = 08/27/2007 12:09:14 PM | Attr = ]
SigmatelSysTrayApp -> %SystemRoot%\sttray.exe -> SigmaTel, Inc. [Ver = 1.0.5407.0 nd575 cp1 | Size = 303104 bytes | Modified Date = 03/06/2007 2:37:30 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 09/25/2007 1:11:36 AM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 9.1.18.6 27Apr07 | Size = 857648 bytes | Modified Date = 04/27/2007 6:35:28 PM | Attr = ]
Windows Defender -> MSASCui.exe -> File not found
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 03/15/2007 11:09:36 AM | Attr = ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 03/30/2006 3:45:08 PM | Attr = R ]
YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 06/08/2007 8:59:38 AM | Attr = ]
< Common Startup > -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup ->
%AllUsersAppData%\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 09/23/2005 9:05:26 PM | Attr = ]
%AllUsersAppData%\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> Avanquest Software [Ver = 1, 0, 0, 2 | Size = 50688 bytes | Modified Date = 11/03/2006 5:02:14 PM | Attr = ]
%AllUsersAppData%\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk -> %SystemRoot%\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe -> Macrovision Corporation [Ver = 12.0.58849 | Size = 45056 bytes | Modified Date = 08/03/2007 4:53:32 AM | Attr = R ]
< User Startup > -> C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup ->
%UserAppData%\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK -> %CommonProgramFiles%\microsoft shared\Works Shared\WkCalRem.exe -> Microsoft® Corporation [Ver = 8.05.0818.0 | Size = 21504 bytes | Modified Date = 06/05/2006 3:18:54 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
avgwlntf -> %System32%\avgwlntf.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.446 | Size = 9216 bytes | Modified Date = 10/25/2007 10:47:58 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoChangingWallpaper -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoCloseDragDropBands -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoMovingBands -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispCPL -> 0 ->
< HOSTS File > (208869 bytes) -> C:\Windows\System32\drivers\etc\Hosts ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.google.com/ig/dell?hl=en&cl...amp;ibd=5070803 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://www.google.com/ig/dell?hl=en&cl...amp;ibd=5070803 ->
HKCU: Local Page -> C:\Windows\system32\blank.htm ->
HKCU: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 09/05/2007 3:48:58 PM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 01/12/2006 7:38:22 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 09/25/2007 1:11:34 AM | Attr = ]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\VirusScan\scriptcl.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.13.3.2.116.x86 | Size = 67136 bytes | Modified Date = 06/25/2007 10:57:44 AM | Attr = ]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKLM] -> %ProgramFiles%\BAE\BAE.dll [CBrowserHelperObject Object] -> Dell Inc. [Ver = 1.2.0.3 | Size = 98304 bytes | Modified Date = 03/16/2007 4:20:26 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 09/05/2007 3:48:58 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 09/25/2007 1:11:34 AM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{017AC627-100E-4152-970C-0A2BBDC3E9A1} -> (Dell Wireless 1505 Draft 802.11n WLAN Mini-Card) ->
{0B1F2412-D25A-4AA5-B3F9-E44607984D9E} -> (Broadcom 440x 10/100 Integrated Controller) ->
{2549F154-E5AD-4773-B8EB-3822CE4E379B} -> (Thomson ST Remote NDIS Device) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
about -> Reg Data - Key not found -> File not found
dvd -> Reg Data - Key not found -> File not found
its -> Reg Data - Key not found -> File not found
mhtml -> Reg Data - Key not found -> File not found
ms-its -> Reg Data - Key not found -> File not found
tv -> Reg Data - Key not found -> File not found
vbscript -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->


[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 11/29/2007 1:02:54 PM | Attr = HS]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 11/16/2007 7:24:49 PM | Attr = ]
diagerr.xml -> %SystemRoot%\diagerr.xml -> [Ver = | Size = 1905 bytes | Created Date = 11/04/2007 12:09:17 PM | Attr = ]
diagwrn.xml -> %SystemRoot%\diagwrn.xml -> [Ver = | Size = 1905 bytes | Created Date = 11/04/2007 12:09:17 PM | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 11/16/2007 7:25:27 PM | Attr = ]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 176311297 bytes | Created Date = 11/15/2007 2:40:24 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 11/15/2007 2:41:17 PM | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 12/02/2007 4:20:41 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 11/20/2007 12:48:06 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 11/20/2007 12:48:07 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 11/20/2007 12:48:06 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 11/20/2007 12:48:06 PM | Attr = ]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.3 | Size = 49152 bytes | Created Date = 11/14/2007 11:43:22 PM | Attr = ]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.3 | Size = 65536 bytes | Created Date = 11/14/2007 11:43:22 PM | Attr = ]
SBFC.dat -> %System32%\SBFC.dat -> [Ver = | Size = 0 bytes | Created Date = 11/19/2007 11:38:08 PM | Attr = ]
SBRC.dat -> %System32%\SBRC.dat -> [Ver = | Size = 0 bytes | Created Date = 11/19/2007 11:38:08 PM | Attr = ]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 12/02/2007 4:20:40 PM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 12/02/2007 4:20:40 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 12/02/2007 4:20:40 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 12/02/2007 4:20:41 PM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3174 bytes | Created Date = 12/02/2007 4:22:01 PM | Attr = ]
VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 12/02/2007 4:20:42 PM | Attr = ]
vmm32 -> %System32%\vmm32 -> [Folder | Created Date = 11/05/2007 2:47:02 PM | Attr = ]
wlan.tmf -> %System32%\wlan.tmf -> [Ver = | Size = 1655289 bytes | Created Date = 11/14/2007 1:48:25 AM | Attr = ]
WS2Fix.exe -> %System32%\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 12/02/2007 4:20:42 PM | Attr = ]
hosts.20071107-231622.backup -> %System32%\drivers\etc\hosts.20071107-231622.backup -> [Ver = | Size = 192981 bytes | Created Date = 11/07/2007 11:16:22 PM | Attr = R ]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 11/29/2007 1:08:52 PM | Attr = HS]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 11/16/2007 7:24:50 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 11/29/2007 1:07:42 PM | Attr = R ]
ProgramData -> %AllUsersAppData% -> [Folder | Modified Date = 11/29/2007 1:04:02 PM | Attr = H ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 11/30/2007 9:15:08 AM | Attr = HS]
Windows -> %SystemRoot% -> [Folder | Modified Date = 11/30/2007 9:04:06 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 67584 bytes | Modified Date = 12/02/2007 4:02:52 PM | Attr = S]
diagerr.xml -> %SystemRoot%\diagerr.xml -> [Ver = | Size = 1905 bytes | Modified Date = 11/05/2007 2:31:22 PM | Attr = ]
diagwrn.xml -> %SystemRoot%\diagwrn.xml -> [Ver = | Size = 1905 bytes | Modified Date = 11/05/2007 2:31:22 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 11/23/2007 2:17:04 AM | Attr = S]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 11/16/2007 7:25:28 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 11/23/2007 11:02:52 PM | Attr = R S]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 12/02/2007 4:08:16 PM | Attr = ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 11/29/2007 1:08:52 PM | Attr = HS]
Logs -> %SystemRoot%\Logs -> [Folder | Modified Date = 11/06/2007 3:18:54 PM | Attr = ]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 176311297 bytes | Modified Date = 11/30/2007 9:02:46 AM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 11/30/2007 9:02:52 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 11/29/2007 11:40:28 AM | Attr = ]
System32 -> %System32% -> [Folder | Modified Date = 12/02/2007 4:22:04 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 12/02/2007 4:27:44 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 172 bytes | Modified Date = 11/16/2007 7:11:22 PM | Attr = ]
winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 11/14/2007 2:01:04 AM | Attr = ]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 368 bytes | Modified Date = 12/01/2007 1:00:04 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 12/02/2007 4:02:58 PM | Attr = H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %System32%\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3456 bytes | Modified Date = 12/02/2007 4:03:00 PM | Attr = H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %System32%\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3456 bytes | Modified Date = 12/02/2007 4:03:00 PM | Attr = H ]
catroot -> %System32%\catroot -> [Folder | Modified Date = 11/29/2007 12:59:06 PM | Attr = ]
catroot2 -> %System32%\catroot2 -> [Folder | Modified Date = 12/02/2007 1:01:54 AM | Attr = ]
Config.MPF -> %System32%\Config.MPF -> [Ver = | Size = 14397 bytes | Modified Date = 12/02/2007 4:04:00 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 11/29/2007 1:08:04 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 272128 bytes | Modified Date = 11/24/2007 12:42:32 AM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 11/05/2007 3:18:00 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 108526 bytes | Modified Date = 12/02/2007 4:08:18 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 623342 bytes | Modified Date = 12/02/2007 4:08:18 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 716948 bytes | Modified Date = 12/02/2007 4:08:16 PM | Attr = ]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.3 | Size = 49152 bytes | Modified Date = 11/14/2007 11:43:22 PM | Attr = ]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.3 | Size = 65536 bytes | Modified Date = 11/14/2007 11:43:22 PM | Attr = ]
SBFC.dat -> %System32%\SBFC.dat -> [Ver = | Size = 0 bytes | Modified Date = 11/19/2007 11:38:10 PM | Attr = ]
SBRC.dat -> %System32%\SBRC.dat -> [Ver = | Size = 0 bytes | Modified Date = 11/19/2007 11:38:10 PM | Attr = ]
Tasks -> %System32%\Tasks -> [Folder | Modified Date = 12/02/2007 4:20:30 PM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3174 bytes | Modified Date = 12/02/2007 4:22:04 PM | Attr = ]
umstartup.etl -> %System32%\umstartup.etl -> [Ver = | Size = 82944 bytes | Modified Date = 11/05/2007 9:53:50 PM | Attr = ]
vmm32 -> %System32%\vmm32 -> [Folder | Modified Date = 11/05/2007 2:47:06 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 11/14/2007 1:55:50 AM | Attr = ]
WDI -> %System32%\WDI -> [Folder | Modified Date = 11/10/2007 1:02:32 AM | Attr = ]
wlan.tmf -> %System32%\wlan.tmf -> [Ver = | Size = 1655289 bytes | Modified Date = 11/14/2007 1:48:26 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 11/07/2007 11:16:24 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
File scan skipped for file %SystemRoot%\MEMORY.DMP -> File size too big (176311297 bytes) ->
Thawte Consulting , -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.35a | Size = 63144 bytes | Modified Date = 11/30/2006 12:06:26 PM | Attr = ]
Thawte Consulting , -> %System32%\pxcpyi64.exe -> Sonic Solutions [Ver = 1.00.35a | Size = 114856 bytes | Modified Date = 11/30/2006 12:06:26 PM | Attr = ]
Thawte Consulting , -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 62632 bytes | Modified Date = 11/30/2006 12:06:28 PM | Attr = ]
Thawte Consulting , -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 115880 bytes | Modified Date = 11/30/2006 12:06:30 PM | Attr = ]
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 04/27/2006 4:49:30 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 08/29/2006 6:43:54 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 01/09/2006 9:36:06 AM | Attr = ]
UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 12/01/2006 5:20:34 AM | Attr = ]
UPX! , UPX0 , -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Modified Date = 09/05/2007 11:22:24 PM | Attr = ]
UPX! , UPX0 , -> %System32%\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Modified Date = 10/03/2007 11:36:46 PM | Attr = ]
Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 6.0.5411.0 | Size = 493400 bytes | Modified Date = 06/22/2006 3:40:28 PM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 10/25/2007 10:55:08 PM | Attr = ]
abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts -> [Ver = | Size = 208869 bytes | Modified Date = 11/07/2007 11:16:24 PM | Attr = R ]
abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts.20071107-231622.backup -> [Ver = | Size = 192981 bytes | Modified Date = 10/23/2007 2:13:22 PM | Attr = R ]

< End of report >




And the Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:07:00 PM, on 12/02/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\sttray.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Janice\AppData\Local\Temp\HSPERF~1.SH! C:\Users\Janice\AppData\Local\Temp\Low\HSPERF~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Janice\AppData\Local\Temp\HSPERF~1.SH! C:\Users\Janice\AppData\Local\Temp\Low\HSPERF~1.SH! (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10738 bytes


Thanks again and have a good vacation.

#10 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:18 AM

Posted 03 December 2007 - 04:19 PM

Hi diminishedrespon, :thumbsup:

Sorry I took so long to reply was swamped with work literally!


No problem at all, post whenever it suits you; I'm here!!

1.

I am a bit unclear about the firewall issue, what is it exactly that I should do or not to, or what to download, or change a setting or stop using a particular virus software...I'm clueless


Your logs show that you have your internal Windows Firewall enabled, that's the one which came pre-installed with your computer. Next to that you've McAfee Personal Firewall, but not with real-time protection (auto-protect) enabled, meaning that's it's notrunning in the background all the time your computer is switched on offering you the necessary protection.

The Windows Firewall only blocks incoming traffic; McAfee blocks incoming and outgoing traffic, which offers you more safety.

That's why I recommend to use McAfee, or another third party firerwall (see the link below), enable realtime protection and disable Windows Firewall. Do not enable autoprotect for both since this can actually give problems because of incompatibility issues, can even cause BSODs and decrease reliability seriously!

For a tutorial on Firewalls click: Understanding and Using Firewalls!

2. You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

3. Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Internet Explorer Settings > ->
YY -> HKLM: Local Page -> %SystemRoot%\system32\blank.htm
YY -> HKCU: Local Page -> C:\Windows\system32\blank.htm
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> about -> Reg Data - Key not found
YN -> dvd -> Reg Data - Key not found
YN -> its -> Reg Data - Key not found
YN -> mhtml -> Reg Data - Key not found
YN -> ms-its -> Reg Data - Key not found
YN -> tv -> Reg Data - Key not found
YN -> vbscript -> Reg Data - Key not found
[Files/Folders - Created Within 30 days]
NY -> tmp.reg -> %System32%\tmp.reg
[Empty Temp Folders]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

I will review the information when it comes back in.

So please post C:\rapport.txt along with the WinPfind report and a fresh HijackThis log. Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users