Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware/grayware Removal


  • Please log in to reply
20 replies to this topic

#1 golfd

golfd

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 07 December 2007 - 07:47 AM

Hello,
I have used the preparation guide and have not yet had any success eliminating out of control pop- ups. when I ran the hosecall 6.5 it detected a grayware/ adware ADW_TAGASAURUS.H and said it could not remove it. I did not run the firewall in step 7 because I have a firewal on the Dell installed Mcafee security center. When I tried to do the windows update in step 8 it saidmy firewall would not let it download( not sure howto correct this if necessary.) Finally I ran the Hijack this......

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:59 AM, on 12/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\io43mvuiw4kj.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Spruce\X_Spruce.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\Program Files\McAfee\MSC\mcshell.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [io43mvuiw4kj] C:\WINDOWS\io43mvuiw4kj.exe
O4 - HKLM\..\Run: [ec1ffc59] rundll32.exe "C:\WINDOWS\system32\regartib.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Setup.exe] "C:\Documents and Settings\Troy Weidlich\Local Settings\Temporary Internet Files\Content.IE5\8BU6QAER\TAV1600_1412\Setup\setup.exe"
O4 - Startup: Spruce - Auto Update.lnk = C:\Program Files\Spruce\Spruce.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://64.2.176.218:83/VatDec.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL c:\windows\system32\ldcore.dll
O23 - Service: McAfee Application Installer Cleanup (0034491197030042) (0034491197030042mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\003449~1.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 10668 bytes

thank you for your help

BC AdBot (Login to Remove)

 


#2 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:46 AM

Posted 23 December 2007 - 08:21 AM

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply with a new hijackthis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Greets Jürgenv

Donation: Click me.

#3 golfd

golfd
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 24 December 2007 - 07:49 AM

here is the requested info....just a note, I ran superantispyware while waiting for your initial response and my computer seems to be running much better but I appreciate your time looking at the following logs to find existing problem areas.

ComboFix 07-12-21.4 - 2007-12-24 7:25:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.505 [GMT -5:00]
Running from: C:\Documents and Settings\my name\Local Settings\Temporary Internet Files\Content.IE5\KTB8A7A0\ComboFix[1].exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\bkR11
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\daSgo02
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\pac.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE

((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.
2007-12-20 09:51 . 2007-12-20 10:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-20 09:51 . 2007-12-20 09:51 <DIR> d-------- C:\Documents and Settings\my name\Application Data\SUPERAntiSpyware.com
2007-12-20 09:51 . 2007-12-20 09:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-19 14:32 . 2007-12-19 20:35 992,869 --ahs---- C:\WINDOWS\system32\hcpcswlc.ini
2007-12-18 14:36 . 2007-12-18 14:36 985,974 --ahs---- C:\WINDOWS\system32\esjoqdvx.ini
2007-12-18 14:08 . 2007-12-18 14:08 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-12-17 14:38 . 2007-12-17 18:35 971,009 --ahs---- C:\WINDOWS\system32\korimqhc.ini
2007-12-16 14:32 . 2007-12-16 15:41 970,494 --ahs---- C:\WINDOWS\system32\xoruyplx.ini
2007-12-15 14:32 . 2007-12-16 06:42 970,396 --ahs---- C:\WINDOWS\system32\enjgocoh.ini
2007-12-14 14:33 . 2007-12-15 14:29 952,270 --ahs---- C:\WINDOWS\system32\tdndjihm.ini
2007-12-13 14:29 . 2007-12-14 14:30 952,203 --ahs---- C:\WINDOWS\system32\qxhxuhlg.ini
2007-12-12 17:41 . 2007-12-12 17:42 <DIR> d-------- C:\Program Files\Internet Explorer Assistant
2007-12-12 17:39 . 2007-12-12 17:41 949,833 --a------ C:\WINDOWS\win320846-33344792007.exe
2007-12-12 14:30 . 2007-12-12 20:50 916,980 --ahs---- C:\WINDOWS\system32\xcnkjvqr.ini
2007-12-11 21:11 . 2007-12-11 21:11 912,962 --ahs---- C:\WINDOWS\system32\ikyjgqvc.ini
2007-12-09 14:32 . 2007-12-09 20:47 834,130 --ahs---- C:\WINDOWS\system32\swigyibu.ini
2007-12-08 17:11 . 2007-12-08 20:28 834,119 --ahs---- C:\WINDOWS\system32\ukrrypwb.ini
2007-12-07 12:21 . 2007-12-07 22:31 834,251 --ahs---- C:\WINDOWS\system32\rohjttvw.ini
2007-12-06 14:16 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-06 12:25 . 2007-12-06 17:28 831,446 --ahs---- C:\WINDOWS\system32\mnmxrqov.ini
2007-12-06 08:41 . 2007-12-18 11:39 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-12-06 08:12 . 2007-12-18 18:25 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-06 08:12 . 2007-12-18 18:24 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-06 08:12 . 2007-12-18 18:24 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-06 08:12 . 2007-12-18 18:24 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-05 19:09 . 2007-12-07 07:28 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-05 12:19 . 2007-12-05 13:26 807,597 --ahs---- C:\WINDOWS\system32\andhbnlo.ini
2007-12-05 07:17 . 2007-12-05 07:25 354 --ahs---- C:\WINDOWS\system32\bitrager.ini
2007-12-04 20:09 . 2007-12-15 13:42 <DIR> d-------- C:\Documents and Settings\my name\.housecall6.6
2007-12-04 15:13 . 2007-12-04 15:13 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-04 15:13 . 2007-12-04 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-04 15:12 . 2007-12-20 09:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-04 12:43 . 2007-01-18 07:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-12-04 12:17 . 2007-12-05 07:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 12:08 . 2007-12-04 12:08 <DIR> d-------- C:\Documents and Settings\Troy Weidlich\Application Data\Lavasoft
2007-12-04 00:15 . 2007-12-20 14:31 532,404 --ahs---- C:\WINDOWS\system32\ijkmp.ini
2007-12-04 00:12 . 2007-12-13 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-04 00:11 . 2007-12-12 18:43 <DIR> d-------- C:\Program Files\Spruce
2007-12-04 00:10 . 2007-12-04 00:10 <DIR> d-------- C:\WINDOWS\system32\daSgo06
2007-12-04 00:09 . 2007-12-24 07:28 <DIR> d-------- C:\Temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 12:30 --------- d-----w C:\Program Files\McAfee
2007-12-22 14:52 --------- d-----w C:\Documents and Settings\my name\Application Data\AdobeUM
2007-12-20 23:17 --------- d-----w C:\Documents and Settings\my name\Application Data\SiteAdvisor
2007-12-18 19:08 --------- d-----w C:\Program Files\Yahoo!
2007-12-18 18:34 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-18 18:24 --------- d-----w C:\Program Files\QuickTime
2007-12-18 18:24 --------- d-----w C:\Program Files\Napster
2007-12-18 18:21 --------- d-----w C:\Program Files\iTunes
2007-12-18 18:20 --------- d-----w C:\Program Files\Google
2007-12-18 18:19 --------- d-----w C:\Program Files\Digital Line Detect
2007-12-18 18:19 --------- d-----w C:\Program Files\DellSupport
2007-12-18 18:11 --------- d-----w C:\Program Files\Bonjour
2007-12-18 18:11 --------- d-----w C:\Program Files\BAE
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 05:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-10-25 15:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-20 15:02 19,486,458 ----a-w C:\BellSouthIW.reg
1998-08-24 16:09 10,000 ----a-w C:\WINDOWS\inf\unregpn.exe
2007-01-23 14:54 56 --sh--r C:\WINDOWS\system32\3F36744B36.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08ABB1E9-DA0C-4CAA-9EA5-DBE6ABFF4ACE}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BFEBF36-9453-4DE8-B154-E43728C475D6}]
C:\WINDOWS\system32\pmkji.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{296F6BA5-5BA7-48EC-8619-9CFFCDC08DD3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2DB35FDC-5809-4F48-834C-18094C3D5D51}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F783919-A88F-481D-868A-F0F31E69A6A6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{362FFB3C-C52B-49D9-910E-ED922A3D8AE6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54DE7259-C729-45B1-BBD8-4BE9B5BD8248}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75358A84-26B7-4EEC-ACD0-5618791E632B}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2E8DAEA-DD6C-44D0-81DF-EB00429FDB59}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEE94828-4F1F-462B-AB4D-5E0938369B38}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4259C91-3116-4FCD-B0CB-B05A3F891A1B}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E73CCD48-8B22-48A0-8B70-84B2A90605B3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EFC22A53-89BA-4EC9-B857-C66B65969BBC}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EFD1EBC2-BA58-4CCC-8FEB-D3D6299E5C72}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 22:20 C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 02:12]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 04:20]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-06-28 07:49]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2006-06-29 13:17]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-06-28 07:40]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-08 21:39]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 19:49]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 19:46]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 19:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 20:26]
"ec1ffc59"="C:\WINDOWS\system32\regartib.dll" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-06-28 07:37:39]
Ulead Photo Express 4.0 SE Calendar Checker .lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2007-06-02 10:23:14]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkijh]
opnkijh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
R3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 04:00]
S3 MR97310_VGA_DUAL_CAMERA;Dual-Mode Digital Camera;C:\WINDOWS\system32\DRIVERS\mr97310v.sys [2002-11-07 14:20]
.
Contents of the 'Scheduled Tasks' folder
"2007-12-19 00:01:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-15 06:16:37 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-12-01 06:00:06 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 07:30:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopDeskbar2.dll
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopHyper.dll
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
.
Completion time: 2007-12-24 7:31:39 - machine was rebooted []
.
2007-12-12 08:05:40 --- E O F ---

------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:36:43 AM, on 12/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {08ABB1E9-DA0C-4CAA-9EA5-DBE6ABFF4ACE} - (no file)
O2 - BHO: (no name) - {0BFEBF36-9453-4DE8-B154-E43728C475D6} - C:\WINDOWS\system32\pmkji.dll (file missing)
O2 - BHO: (no name) - {296F6BA5-5BA7-48EC-8619-9CFFCDC08DD3} - (no file)
O2 - BHO: (no name) - {2DB35FDC-5809-4F48-834C-18094C3D5D51} - (no file)
O2 - BHO: (no name) - {2F783919-A88F-481D-868A-F0F31E69A6A6} - (no file)
O2 - BHO: (no name) - {362FFB3C-C52B-49D9-910E-ED922A3D8AE6} - (no file)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54DE7259-C729-45B1-BBD8-4BE9B5BD8248} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {75358A84-26B7-4EEC-ACD0-5618791E632B} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {A2E8DAEA-DD6C-44D0-81DF-EB00429FDB59} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {CEE94828-4F1F-462B-AB4D-5E0938369B38} - (no file)
O2 - BHO: (no name) - {E4259C91-3116-4FCD-B0CB-B05A3F891A1B} - (no file)
O2 - BHO: (no name) - {E73CCD48-8B22-48A0-8B70-84B2A90605B3} - (no file)
O2 - BHO: (no name) - {EFC22A53-89BA-4EC9-B857-C66B65969BBC} - (no file)
O2 - BHO: (no name) - {EFD1EBC2-BA58-4CCC-8FEB-D3D6299E5C72} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ec1ffc59] rundll32.exe "C:\WINDOWS\system32\regartib.dll",b
O4 - HKLM\..\Run: [io43mvuiw4kj] C:\WINDOWS\io43mvuiw4kj.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Setup.exe] "C:\Documents and Settings\Troy Weidlich\Local Settings\Temporary Internet Files\Content.IE5\8BU6QAER\TAV1600_1412\Setup\setup.exe"
O4 - Startup: Spruce - Auto Update.lnk = C:\Program Files\Spruce\Spruce.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://64.2.176.218:83/VatDec.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: opnkijh - opnkijh.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
--
End of file - 12603 bytes

#4 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:46 AM

Posted 24 December 2007 - 07:55 AM

* Download OTMoveIt.exe from here and place it on your desktop:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

* Open OTMoveIt.exe.
In the left pane where it says: "Paste List of Files/Folders to be Moved", copy and paste next part:

C:\WINDOWS\system32\hcpcswlc.ini
C:\WINDOWS\system32\esjoqdvx.ini
C:\WINDOWS\system32\korimqhc.ini
C:\WINDOWS\system32\xoruyplx.ini
C:\WINDOWS\system32\enjgocoh.ini
C:\WINDOWS\system32\tdndjihm.ini
C:\WINDOWS\system32\qxhxuhlg.ini
C:\WINDOWS\win320846-33344792007.exe
C:\WINDOWS\system32\xcnkjvqr.ini
C:\WINDOWS\system32\ikyjgqvc.ini
C:\WINDOWS\system32\swigyibu.ini
C:\WINDOWS\system32\ukrrypwb.ini
C:\WINDOWS\system32\rohjttvw.ini
C:\WINDOWS\system32\mnmxrqov.ini
C:\WINDOWS\system32\andhbnlo.ini
C:\WINDOWS\system32\bitrager.ini
C:\WINDOWS\system32\ijkmp.ini


Then click the MoveIt button below.
In case you get a "Bad Image" error, just click OK at the promt. It will move the file anyway.
When done, it will create a log (********_******.log -- * stands for date and time) in next folder: C:\_OTMoveIt\MovedFiles.
Copy and paste this log in your next reply with a new hiajckthis log.
Greets Jürgenv

Donation: Click me.

#5 golfd

golfd
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 24 December 2007 - 05:09 PM

thanks again for your help...here is the update...


C:\WINDOWS\system32\hcpcswlc.ini moved successfully.
C:\WINDOWS\system32\esjoqdvx.ini moved successfully.
C:\WINDOWS\system32\korimqhc.ini moved successfully.
C:\WINDOWS\system32\xoruyplx.ini moved successfully.
C:\WINDOWS\system32\enjgocoh.ini moved successfully.
C:\WINDOWS\system32\tdndjihm.ini moved successfully.
C:\WINDOWS\system32\qxhxuhlg.ini moved successfully.
C:\WINDOWS\win320846-33344792007.exe moved successfully.
C:\WINDOWS\system32\xcnkjvqr.ini moved successfully.
C:\WINDOWS\system32\ikyjgqvc.ini moved successfully.
C:\WINDOWS\system32\swigyibu.ini moved successfully.
C:\WINDOWS\system32\ukrrypwb.ini moved successfully.
C:\WINDOWS\system32\rohjttvw.ini moved successfully.
C:\WINDOWS\system32\mnmxrqov.ini moved successfully.
C:\WINDOWS\system32\andhbnlo.ini moved successfully.
C:\WINDOWS\system32\bitrager.ini moved successfully.
C:\WINDOWS\system32\ijkmp.ini moved successfully.
File/Folder not found.

Created on 12/24/2007 17:00:38

--------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:06 PM, on 12/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Troy Weidlich\Local Settings\Temporary Internet Files\Content.IE5\3YKCO0HD\OTMoveIt[1].exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {08ABB1E9-DA0C-4CAA-9EA5-DBE6ABFF4ACE} - (no file)
O2 - BHO: (no name) - {0BFEBF36-9453-4DE8-B154-E43728C475D6} - C:\WINDOWS\system32\pmkji.dll (file missing)
O2 - BHO: (no name) - {296F6BA5-5BA7-48EC-8619-9CFFCDC08DD3} - (no file)
O2 - BHO: (no name) - {2DB35FDC-5809-4F48-834C-18094C3D5D51} - (no file)
O2 - BHO: (no name) - {2F783919-A88F-481D-868A-F0F31E69A6A6} - (no file)
O2 - BHO: (no name) - {362FFB3C-C52B-49D9-910E-ED922A3D8AE6} - (no file)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54DE7259-C729-45B1-BBD8-4BE9B5BD8248} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {75358A84-26B7-4EEC-ACD0-5618791E632B} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {A2E8DAEA-DD6C-44D0-81DF-EB00429FDB59} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {CEE94828-4F1F-462B-AB4D-5E0938369B38} - (no file)
O2 - BHO: (no name) - {E4259C91-3116-4FCD-B0CB-B05A3F891A1B} - (no file)
O2 - BHO: (no name) - {E73CCD48-8B22-48A0-8B70-84B2A90605B3} - (no file)
O2 - BHO: (no name) - {EFC22A53-89BA-4EC9-B857-C66B65969BBC} - (no file)
O2 - BHO: (no name) - {EFD1EBC2-BA58-4CCC-8FEB-D3D6299E5C72} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ec1ffc59] rundll32.exe "C:\WINDOWS\system32\regartib.dll",b
O4 - HKLM\..\Run: [io43mvuiw4kj] C:\WINDOWS\io43mvuiw4kj.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Setup.exe] "C:\Documents and Settings\Troy Weidlich\Local Settings\Temporary Internet Files\Content.IE5\8BU6QAER\TAV1600_1412\Setup\setup.exe"
O4 - Startup: Spruce - Auto Update.lnk = C:\Program Files\Spruce\Spruce.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://64.2.176.218:83/VatDec.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: opnkijh - opnkijh.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 12655 bytes

#6 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:46 AM

Posted 24 December 2007 - 05:20 PM

* Please open hijackthis and put a check next to the following:

O2 - BHO: (no name) - {08ABB1E9-DA0C-4CAA-9EA5-DBE6ABFF4ACE} - (no file)
O2 - BHO: (no name) - {0BFEBF36-9453-4DE8-B154-E43728C475D6} - C:\WINDOWS\system32\pmkji.dll (file missing)
O2 - BHO: (no name) - {296F6BA5-5BA7-48EC-8619-9CFFCDC08DD3} - (no file)
O2 - BHO: (no name) - {2DB35FDC-5809-4F48-834C-18094C3D5D51} - (no file)
O2 - BHO: (no name) - {2F783919-A88F-481D-868A-F0F31E69A6A6} - (no file)
O2 - BHO: (no name) - {362FFB3C-C52B-49D9-910E-ED922A3D8AE6} - (no file)
O2 - BHO: (no name) - {54DE7259-C729-45B1-BBD8-4BE9B5BD8248} - (no file)
O2 - BHO: (no name) - {75358A84-26B7-4EEC-ACD0-5618791E632B} - (no file)
O2 - BHO: (no name) - {A2E8DAEA-DD6C-44D0-81DF-EB00429FDB59} - (no file)
O2 - BHO: (no name) - {CEE94828-4F1F-462B-AB4D-5E0938369B38} - (no file)
O2 - BHO: (no name) - {E4259C91-3116-4FCD-B0CB-B05A3F891A1B} - (no file)
O2 - BHO: (no name) - {E73CCD48-8B22-48A0-8B70-84B2A90605B3} - (no file)
O2 - BHO: (no name) - {EFC22A53-89BA-4EC9-B857-C66B65969BBC} - (no file)
O2 - BHO: (no name) - {EFD1EBC2-BA58-4CCC-8FEB-D3D6299E5C72} - (no file)
O4 - HKLM\..\Run: [ec1ffc59] rundll32.exe "C:\WINDOWS\system32\regartib.dll",b
O4 - HKLM\..\Run: [io43mvuiw4kj] C:\WINDOWS\io43mvuiw4kj.exe
O20 - Winlogon Notify: opnkijh - opnkijh.dll (file missing)


* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

* Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u3.
  • Scroll down to where it says "Java Runtime Enviroinment (JRE) 6u3, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (13.16 MB).
  • Close any programs you may have running - especially any web browsers.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.
* After that, tell me how everything is working.
Greets Jürgenv

Donation: Click me.

#7 golfd

golfd
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 24 December 2007 - 06:22 PM

ok.. I am ready to download java but I keep getting the following message.... "Security Warning Warning:Failed to verify the authenticity of this certificate because there was an error parsing thr certificate. No assertions can be made of the origin or validity of the code. Installing and running this code is not allowed."


below is the screen I am attempting to download from, I have placed a check mark next to the offline windows instillation .

please let me know what to do, Thanks again



Windows Platform - Java™ SE Runtime Environment 6 Update 3

Download the full version as a single file.
Windows Offline Installation, Multi-language jre-6u3-windows-i586-p.exe 13.93 MB
Windows Online Installation, Multi-language jre-6u3-windows-i586-p-iftw.exe 373.39 KB

Linux Platform - Java™ SE Runtime Environment 6 Update 3

Linux RPM in self-extracting file jre-6u3-linux-i586-rpm.bin 17.74 MB
Linux self-extracting file jre-6u3-linux-i586.bin 18.23 MB

Solaris SPARC Platform - Java™ SE Runtime Environment 6 Update 3

Solaris SPARC 32-bit self-extracting file jre-6u3-solaris-sparc.sh 22.46 MB
Solaris SPARC 64-bit self-extracting file jre-6u3-solaris-sparcv9.sh 9.69 MB

Solaris x86 Platform - Java™ SE Runtime Environment 6 Update 3

Solaris x86 self-extracting file jre-6u3-solaris-i586.sh 17.06 MB

Solaris x64 Platform - Java™ SE Runtime Environment 6 Update 3

Solaris x64 self-extracting file jre-6u3-solaris-amd64.sh 6.22 MB

Linux x64 Platform - Java™ SE Runtime Environment 6 Update 3

Linux x64 RPM in self-extracting file jre-6u3-linux-amd64-rpm.bin 16.83 MB
Linux x64 self-extracting file jre-6u3-linux-amd64.bin 17.24 MB

Windows x64 Platform - Java™ SE Runtime Environment 6 Update 3

Windows

#8 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:46 AM

Posted 24 December 2007 - 06:27 PM

Download next tool to a place where you'll find it easily:

http://djlizard.net/Dial-a-fix-2006-09-19.exe

Doubleclick Dial-a-fix-2006-09-19.exe to start the program. In the main window, check everything and click on 'go'
Let the tool do his job and reboot the system, does this help?
Greets Jürgenv

Donation: Click me.

#9 golfd

golfd
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 24 December 2007 - 07:09 PM

no , ....I ran it twice and rebooted twice, still get the same warning

#10 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:46 AM

Posted 24 December 2007 - 07:14 PM

Can I see a screenshot of that warning?
Greets Jürgenv

Donation: Click me.

#11 golfd

golfd
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 24 December 2007 - 10:27 PM

Hi again,
It pops up on screen as a small window(maybe 1/8th screen size) I cant right click on it. Is there another way to copy it? Also, if it helps, when i click on some sights now including trying to download java, I get a pop up that says ' you are abpout to view pages over a secure connection, any information you exchange with this site cannot be viewed by anyone else on the web. " When I click ok, it says in another pop up "security information. This page contains both secure and non secure items. Do you want to display non secure items?" I click yes to open the next page but i then get the java based security warning window(it has a java logo in the warning...and looks different than the security warnings that pop up when I visit various pages. Is this maybe a firewall issue that wont let me download things? If so, I am not sure how to disarm the firewall. looking forward to your advice.

#12 golfd

golfd
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 24 December 2007 - 10:32 PM

more info...when I click more info on the security pop ups(non java ) it brings me to a windows page....

are these privacy settings preventing me from downloading new software like java?


Understanding security and privacy features
Internet Explorer provides a number of features that can help protect your privacy and help make your computer more secure.

Privacy features in Internet Explorer include settings that allow you to control how your computer handles cookies, privacy alerts that let you know when you try to go to a site that doesn't meet the criteria in your privacy settings, and ability to view a website's privacy policy.

Security features in Internet Explorer include the following:

The ability to detect and block suspected and reported phishing websites.
The ability to block most pop-up windows.
The ability to update, disable, or allow web browser add-ons.
Notification when a website is trying to download files or software to your computer.
Digital signatures, which tell you who published a file and whether it has been tampered with it since it was digitally signed.
A 128-bit secure connection for using secure websites.

Which security features are turned on when I first use Internet Explorer?

By default, Internet Explorer is set to provide a level of security that can help protect you against common threats, such as spyware or other types of malware, when browsing the web. These settings can help protect against known security threats, such as websites installing add-ons or other programs without your knowledge. For new and unknown vulnerabilities and threats, Internet Explorer's Protected Mode setting keeps websites from gaining access to your computer.

How can I protect my privacy when I'm online?

Internet Explorer provides the following features that can help protect your privacy when you're online.

Privacy settings that specify how your computer handles cookies.
Privacy alerts that let you know when you try to go to a website that doesn't meet the criteria in your privacy settings.
The ability to view a website's privacy statement.
Why am I getting the message Your security setting level puts your computer at risk?

You are getting this message because certain security settings are at a lower level than is recommended. By default, Internet Explorer has a minimum level for some settings that can help protect your computer from websites that are trying to install malicious or unwanted software without your knowledge or permission. When security settings are not at recommended levels, Internet Explorer will display a full page notification when you first start and display an information bar while you browse.

How do I know which settings are not at recommended levels?

To see which security settings are not at recommended levels, follow these steps:

To view Internet Explorer security settings

Click the Tools button, and then click Internet Options.
Click the Security tab.
Click the Internet icon, and then click the Custom level button.
Settings that are not at recommended levels are highlighted in red.

When you are finished reviewing your security settings, click OK twice.
What is changed when I click Fix settings for me on the Information bar when my computer is at risk?

When you click Fix settings for me on the Information bar, Internet Explorer will reset the security settings that put your computer at risk back to their recommended settings.

How can I change Internet Explorer security settings?

To change Internet Explorer security settings

In Internet Explorer, click the Tools button, and then click Internet Options.
Click the Security tab.
Click the Internet icon.
Do one of the following:
To change individual security settings, click Custom level. Change the settings as desired and click OK when you are done.
To set Internet Explorer back to the default security level, click Default level.
When you are finished making changes, click OK to return to Internet Explorer.
How do I change my Internet Explorer privacy settings?

To change Internet Explorer privacy settings

In Internet Explorer, click the Tools button, and then click Internet Options.
Click the Privacy tab.
Under Settings, do any of the following:
To allow or block cookies from specific websites, click Sites.
To load a customized settings file, click Import. These are files that modify the rules that Internet Explorer uses handle cookies. Since these files can override default settings, you should only import them if you know and trust the source.
When you are finished making changes to your privacy settings, click OK.
Where can I find more information about protecting my computer and my privacy when I'm online?

You can find information about these topics on the Microsoft Security (http://www.microsoft.com/security) website and the Microsoft Protect Your PC (http://www.microsoft.com/athome/security/protect/windowsxpsp2) website.

Related Topics

#13 golfd

golfd
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 24 December 2007 - 10:38 PM

just checking to see if I am trying to download the correct one....this is what i click on for download

Java Runtime Environment (JRE) 6 Update 3
The Java SE Runtime Environment (JRE) allows end-users to run Java applications.




here are the instructions for download help if usefull.....


http://java.sun.com/javase/6/webnotes/inst...ll-windows.html

#14 golfd

golfd
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 24 December 2007 - 10:52 PM

update...... I rebooted again /cleaned cookies and this time it seems i was able to download the offline version....it came up it a download window and said jre-6u3-windows-1586-p.exe 14262kb I hope this is the correct download....i will not delete the old java until i confirm that i have the right one.


thanks for your patience today

#15 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:46 AM

Posted 25 December 2007 - 05:52 AM

Yes try that one. :thumbsup:
Greets Jürgenv

Donation: Click me.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users