Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.adhammer Infection


  • This topic is locked This topic is locked
56 replies to this topic

#1 pallgood

pallgood

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 07 April 2008 - 11:27 AM

Please help me fix this. I get constand pop-up alerts about threat present on the computer and task manager has been disabled.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:26 AM, on 4/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe
C:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\AdvancedCleaner Free\UADC.exe
C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
C:\Documents and Settings\LocalService\Local Settings\Application Data\spool.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Zango\bin\10.1.181.0\Weather.exe
C:\Program Files\QdrPack\QdrPack14.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Zango\bin\10.1.181.0\Srv.exe
C:\WINDOWS\notepad.exe
C:\DOCUME~1\JENNIF~1.TRO\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis.zip\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: vidica Toolbar - {d7d30ba6-d1f4-4aa9-9187-f20c30930597} - C:\Program Files\vidica\tbvidi.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: vidica Toolbar - {d7d30ba6-d1f4-4aa9-9187-f20c30930597} - C:\Program Files\vidica\tbvidi.dll
O3 - Toolbar: Zango - {E1BACF55-35E1-4E47-9247-2D48660E5545} - C:\Program Files\Zango\bin\10.1.181.0\HostIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A284662E901F3D2907D4E66914B5C1E9E689DB6FC45715EC67A0924A04FA6C5813C477ACE
O4 - HKLM\..\Run: [pofy] C:\Program Files\Common Files\pofy77798.exe
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [AdvancedCleaner Free] "C:\Program Files\AdvancedCleaner Free\UADC.exe" /min
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\ctfmon.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Jennifer L. Trout\Local Settings\Application Data\spool.exe
O4 - HKLM\..\Run: [SpyAway] C:\Program Files\SpyAway\spyaway.exe
O4 - HKLM\..\Run: [BluetoothAuthorizationAgent] C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
O4 - HKLM\..\Run: [AntiVirusPro] C:\Program Files\AntiVirusPro\AntiVirusPro.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\JENNIF~1.TRO\LOCALS~1\Temp\3809.tmp/r
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Jennifer L. Trout\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Jennifer L. Trout\Application Data\Microsoft\hcbjhvp.exe
O4 - HKCU\..\Run: [uwoi] C:\PROGRA~1\COMMON~1\uwoi\uwoim.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.1.181.0\Weather.exe" -auto
O4 - HKCU\..\Run: [QdrModule13] "C:\Program Files\QdrModule\QdrModule13.exe"
O4 - HKCU\..\Run: [MalwareAlarm] C:\Program Files\MalwareAlarm\MalwareAlarm.exe
O4 - HKCU\..\Run: [QdrPack14] "C:\Program Files\QdrPack\QdrPack14.exe"
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\ctfmon.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Jennifer L. Trout\Local Settings\Application Data\spool.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\spool.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\ctfmon.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149293552906
O17 - HKLM\System\CCS\Services\Tcpip\..\{764B0B0B-E682-4020-A392-2DE46F2FEA31}: NameServer = 85.255.116.130,85.255.112.107
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2BB6291-C82F-4DA4-B6F1-229DFE91AC0A}: NameServer = 85.255.116.130,85.255.112.107
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.130 85.255.112.107
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.130 85.255.112.107
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SmVubmlmZXIgTC4gVHJvdXQ\command.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\ctfmon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 16010 bytes


Deckard's System Scanner v20071014.68
Run by Jennifer L. Trout on 2008-04-07 10:48:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; unknown error code 0x00000001


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-07 10:52:38
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\Program Files\McAfee.com\Agent\McTskshd.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe
C:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe
C:\Program Files\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\AdvancedCleaner Free\UADC.exe
C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
C:\Documents and Settings\LocalService\Local Settings\Application Data\spool.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\NetWaiting\netwaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\McAfee.com\VSO\mcvsftsn.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Zango\bin\10.1.181.0\Weather.exe
C:\Program Files\QdrPack\QdrPack14.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Zango\bin\10.1.181.0\Srv.exe
D:\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: vidica Toolbar - {d7d30ba6-d1f4-4aa9-9187-f20c30930597} - C:\Program Files\vidica\tbvidi.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: vidica Toolbar - {d7d30ba6-d1f4-4aa9-9187-f20c30930597} - C:\Program Files\vidica\tbvidi.dll
O3 - Toolbar: Zango - {E1BACF55-35E1-4E47-9247-2D48660E5545} - C:\Program Files\Zango\bin\10.1.181.0\HostIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 1
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A284662E901F3D2907D4E66914B5C1E9E689DB6FC45715EC67A0924A04FA6C5813C477ACE
O4 - HKLM\..\Run: [pofy] C:\Program Files\Common Files\pofy77798.exe
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [AdvancedCleaner Free] "C:\Program Files\AdvancedCleaner Free\UADC.exe" /min
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\ctfmon.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Jennifer L. Trout\Local Settings\Application Data\spool.exe
O4 - HKLM\..\Run: [SpyAway] C:\Program Files\SpyAway\spyaway.exe
O4 - HKLM\..\Run: [BluetoothAuthorizationAgent] C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
O4 - HKLM\..\Run: [AntiVirusPro] C:\Program Files\AntiVirusPro\AntiVirusPro.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\JENNIF~1.TRO\LOCALS~1\Temp\3809.tmp/r
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Jennifer L. Trout\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Jennifer L. Trout\Application Data\Microsoft\hcbjhvp.exe
O4 - HKCU\..\Run: [uwoi] C:\PROGRA~1\COMMON~1\uwoi\uwoim.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.1.181.0\Weather.exe" -auto
O4 - HKCU\..\Run: [QdrModule13] "C:\Program Files\QdrModule\QdrModule13.exe"
O4 - HKCU\..\Run: [MalwareAlarm] C:\Program Files\MalwareAlarm\MalwareAlarm.exe
O4 - HKCU\..\Run: [QdrPack14] "C:\Program Files\QdrPack\QdrPack14.exe"
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\ctfmon.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Jennifer L. Trout\Local Settings\Application Data\spool.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\spool.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\spool.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149293552906
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{764B0B0B-E682-4020-A392-2DE46F2FEA31}: NameServer = 85.255.116.130,85.255.112.107
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{C2BB6291-C82F-4DA4-B6F1-229DFE91AC0A}: NameServer = 85.255.116.130,85.255.112.107
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.130 85.255.112.107
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.130 85.255.112.107
O18 - Filter: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\system32\WLCtrl32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SmVubmlmZXIgTC4gVHJvdXQ\command.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\Mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\McTskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\ctfmon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE


--
End of file - 17209 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Jqx20 - c:\windows\system32\drivers\jqx20.sys
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee; McAfee Personal Firewall>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>

S2 cmdService (Command Service) - c:\windows\smvubmlmzxigtc4gvhjvdxq\command.exe
S2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe <Not Verified; McAfee Inc.; McAfee SpamKiller>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-03 14:54:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-03-01 23:23:02 364 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (BRAVESFAN-Violet Trout).job


-- Files created between 2008-03-07 and 2008-04-07 -----------------------------

2008-03-24 18:35:45 26496 --a------ C:\WINDOWS\system32\drivers\Jqx20.sys
2008-03-24 18:35:44 11776 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-03-24 18:35:37 10 --a------ C:\WINDOWS\system32\kr_done1
2008-03-21 17:53:34 38249 ---hs---- C:\WINDOWS\system32\drivers\spools.exe
2008-03-21 17:52:24 11264 --a------ C:\mcHK.exe
2008-03-20 21:10:10 5120 --a------ C:\Documents and Settings\LocalService\ftpdll.dll
2008-03-15 22:42:56 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-15 22:41:59 0 d-------- C:\Program Files\Spyware Doctor
2008-03-15 22:41:59 0 d-------- C:\Documents and Settings\Jennifer L. Trout\Application Data\PC Tools
2008-03-15 22:41:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-03-15 22:40:05 0 d-------- C:\Documents and Settings\Jennifer L. Trout\Application Data\Anti-Virus-Pro.com
2008-03-15 22:39:52 0 d-------- C:\Program Files\AntiVirusPro
2008-03-15 22:37:13 18432 --a------ C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
2008-03-15 22:29:24 0 d-------- C:\Program Files\SpyAway
2008-03-15 22:17:40 43881 ---hs---- C:\WINDOWS\system32\drivers\ctfmon.exe
2008-03-15 22:17:29 5120 --a------ C:\WINDOWS\system32\ftpdll.dll
2008-03-15 22:17:29 5120 --a------ C:\Documents and Settings\Jennifer L. Trout\ftpdll.dll
2008-03-15 22:17:02 16896 --a------ C:\WINDOWS\system32\~.exe
2008-03-12 21:07:01 0 d-------- C:\Program Files\AdvancedCleaner Free
2008-03-12 21:04:28 0 d-------- C:\Documents and Settings\Jennifer L. Trout\Download
2008-03-12 20:31:35 28160 --a------ C:\WINDOWS\voiceip.dll
2008-03-12 20:31:35 15360 --a------ C:\WINDOWS\stcloader.exe
2008-03-12 20:31:35 0 d-------- C:\Program Files\stc
2008-03-12 20:31:34 23040 --a------ C:\WINDOWS\swin32.dll
2008-03-12 20:31:34 22784 --a------ C:\WINDOWS\cdsm32.dll
2008-03-12 20:31:33 13824 --a------ C:\WINDOWS\bokja.exe
2008-03-12 20:31:32 24320 --a------ C:\WINDOWS\mssvr.exe
2008-03-12 20:31:32 30208 --a------ C:\WINDOWS\mspphe.dll
2008-03-12 20:31:31 23040 --a------ C:\WINDOWS\bjam.dll
2008-03-12 20:31:31 11776 --a------ C:\WINDOWS\2020search2.dll
2008-03-12 20:31:30 18944 --a------ C:\WINDOWS\2020search.dll
2008-03-12 20:31:29 0 d-------- C:\Program Files\seekmo
2008-03-12 20:31:27 0 d-------- C:\Program Files\180search assistant
2008-03-12 20:31:26 30720 --a------ C:\WINDOWS\system32\WER8274.DLL
2008-03-12 20:31:26 17920 --a------ C:\WINDOWS\system32\MSIXU.DLL
2008-03-12 20:31:24 9216 --a------ C:\WINDOWS\180ax.exe
2008-03-12 20:31:24 0 d-------- C:\Program Files\180searchassistant
2008-03-12 20:31:23 30720 --a------ C:\WINDOWS\salm.exe
2008-03-12 20:31:21 32000 --a------ C:\WINDOWS\updatetc.exe
2008-03-12 20:31:21 0 d-------- C:\Program Files\180solutions
2008-03-12 20:31:20 12544 --a------ C:\WINDOWS\saiemod.dll
2008-03-12 20:31:20 0 d-------- C:\WINDOWS\FLEOK
2008-03-12 20:31:19 22784 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-03-12 20:31:18 9216 --a------ C:\WINDOWS\msapasrc.dll
2008-03-12 20:31:18 17920 --a------ C:\WINDOWS\msa64chk.dll
2008-03-12 20:31:16 20992 --a------ C:\WINDOWS\system32\SIPSPI32.dll
2008-03-12 20:31:16 12544 --a------ C:\WINDOWS\system32\shdocpe.dll
2008-03-12 20:31:16 8704 --a------ C:\WINDOWS\system32\ntnut32.exe
2008-03-12 20:31:15 18688 --a------ C:\WINDOWS\shdocpl.dll
2008-03-12 20:31:15 27904 --a------ C:\WINDOWS\ntnut.exe
2008-03-12 20:31:14 22272 --a------ C:\WINDOWS\shdocpe.dll
2008-03-12 20:31:13 8448 --a------ C:\WINDOWS\winsb.dll
2008-03-12 20:31:13 10240 --a------ C:\WINDOWS\browserad.dll
2008-03-12 20:31:13 0 d-------- C:\Program Files\Sysmnt
2008-03-12 20:31:12 15360 --a------ C:\WINDOWS\aviwrap32.dll
2008-03-12 20:31:12 10752 --a------ C:\WINDOWS\avisynthex32.dll
2008-03-12 20:31:12 9984 --a------ C:\WINDOWS\avifile32.dll
2008-03-12 20:31:11 16896 --a------ C:\WINDOWS\autodisc32.dll
2008-03-12 20:31:11 29696 --a------ C:\WINDOWS\audiosrv32.dll
2008-03-12 20:31:10 8704 --a------ C:\WINDOWS\ati2dvag32.dll
2008-03-12 20:31:10 23552 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-03-12 20:31:09 23296 --a------ C:\WINDOWS\athprxy32.dll
2008-03-12 20:31:08 14592 --a------ C:\WINDOWS\asycfilt32.dll
2008-03-12 20:31:07 29440 --a------ C:\WINDOWS\asferror32.dll
2008-03-12 20:31:06 24832 --a------ C:\WINDOWS\apphelp32.dll
2008-03-12 20:31:05 14848 --a------ C:\WINDOWS\changeurl_30.dll
2008-03-12 20:15:22 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-03-12 20:14:49 90550 --a------ C:\WINDOWS\system32\mgmrwmrv.exe <Not Verified; Microsoft; runbll>
2008-03-12 20:13:46 0 d-------- C:\Program Files\MalwareAlarm
2008-03-08 23:05:38 167936 --a------ C:\WINDOWS\system32\drivers\riode32.sys
2008-03-08 23:03:43 4608 --a------ C:\info.exe
2008-03-08 00:21:31 26112 --a------ C:\WINDOWS\system32\marwin32.dll


-- Find3M Report ---------------------------------------------------------------

2008-04-07 09:24:07 27201 --a------ C:\Documents and Settings\Jennifer L. Trout\Application Data\update.log
2008-03-15 22:41:53 0 d-------- C:\Program Files\Google
2008-03-15 09:49:41 0 d-------- C:\Program Files\QdrPack
2008-03-12 20:31:26 0 d-------- C:\Program Files\Zango
2008-03-07 23:48:16 0 d-------- C:\Program Files\QdrModule
2008-03-07 14:48:41 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-07 06:48:56 0 d-------- C:\Program Files\PokerStars
2008-02-29 13:44:41 0 d-------- C:\Program Files\iTunes
2008-02-29 13:44:25 0 d-------- C:\Program Files\iPod
2008-02-29 13:40:52 0 d-------- C:\Program Files\QuickTime
2008-02-29 06:59:19 4704 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-29 06:59:19 88 -r-hs---- C:\WINDOWS\system32\C036BD745D.sys
2008-02-25 20:22:10 0 d-------- C:\Program Files\Common Files\uwoi
2008-02-17 20:01:45 0 d-------- C:\Program Files\PokerStars.NET
2008-02-09 21:41:57 0 d-------- C:\Documents and Settings\Jennifer L. Trout\Application Data\Zango
2008-02-09 21:22:23 0 d-------- C:\Documents and Settings\Jennifer L. Trout\Application Data\WeatherDPA
2008-01-27 13:16:10 56 -r-hs---- C:\WINDOWS\system32\5D74BD36C0.sys
2008-01-21 15:27:35 33224 --a------ C:\WINDOWS\xpupdate.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{D7D30BA6-D1F4-4AA9-9187-F20C30930597}"= C:\Program Files\vidica\tbvidi.dll [01/28/2008 02:47 PM 1555480]
"{E1BACF55-35E1-4E47-9247-2D48660E5545}"= C:\Program Files\Zango\bin\10.1.181.0\HostIE.dll [12/13/2007 03:54 PM 546056]

[-HKEY_CLASSES_ROOT\CLSID\{D7D30BA6-D1F4-4AA9-9187-F20C30930597}]

[-HKEY_CLASSES_ROOT\CLSID\{E1BACF55-35E1-4E47-9247-2D48660E5545}]
[HKEY_CLASSES_ROOT\HostIE.Bho.1]
[HKEY_CLASSES_ROOT\TypeLib\{087C4054-0A2B-4F35-B0DB-BED3E21650F4}]
[HKEY_CLASSES_ROOT\HostIE.Bho]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 09:49 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 09:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 09:50 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/29/2005 05:56 AM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [12/19/2005 04:08 PM]
"SigmatelSysTrayApp"="stsystra.exe" [09/10/2005 12:19 AM C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [12/15/2005 11:44 AM]
"ShowLOMControl"="1 (0x1)" []
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 05:19 PM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [05/11/2006 07:27 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05 AM]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 11:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 11:44 AM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [09/08/2005 08:20 PM]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/08/2005 08:20 PM]
"@"="" []
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [07/08/2005 06:18 PM]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [08/11/2005 11:02 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 06:29 PM]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe" [01/11/2006 12:05 PM]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [08/12/2005 04:16 PM]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [09/26/2005 10:26 AM]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [08/10/2005 01:49 PM]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [11/11/2005 05:00 PM]
"runner1"="C:\WINDOWS\mrofinu72.exe" [11/28/2007 05:50 PM]
"pofy"="C:\Program Files\Common Files\pofy77798.exe" [08/07/2007 04:30 PM]
"ZangoOE"="C:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe" [12/13/2007 03:53 PM]
"ZangoSA"="C:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe" [12/13/2007 04:13 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [02/09/2006 06:34 PM]
"AdvancedCleaner Free"="C:\Program Files\AdvancedCleaner Free\UADC.exe" [10/02/2007 04:11 PM]
"SM_IAN"="C:\Program Files\AdvancedCleaner Free\ian_monitor.exe" [12/19/2007 10:59 AM]
"ntuser"="C:\WINDOWS\system32\drivers\ctfmon.exe" [03/15/2008 10:17 PM]
"autoload"="C:\Documents and Settings\Jennifer L. Trout\Local Settings\Application Data\spool.exe" [03/15/2008 10:17 PM]
"SpyAway"="C:\Program Files\SpyAway\spyaway.exe" [03/15/2008 10:29 PM]
"BluetoothAuthorizationAgent"="C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe" [03/15/2008 10:37 PM]
"AntiVirusPro"="C:\Program Files\AntiVirusPro\AntiVirusPro.exe" [12/19/2007 04:09 AM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [02/01/2008 12:55 PM]
"advap32"="C:\DOCUME~1\JENNIF~1.TRO\LOCALS~1\Temp\3809.tmp/r" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [09/10/2003 03:24 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"WinAble"="C:\Program Files\WinAble\winable.exe" [11/11/2007 11:02 PM]
"Insider"="C:\Program Files\Insider\Insider.exe" [10/28/2007 01:56 PM]
"Words"="C:\Program Files\Words\Words.exe" [10/20/2007 01:41 AM]
"WinTouch"="C:\Documents and Settings\Jennifer L. Trout\Application Data\WinTouch\WinTouch.exe" [10/20/2007 03:04 PM]
"SfKg6w"="C:\Documents and Settings\Jennifer L. Trout\Application Data\Microsoft\hcbjhvp.exe" [10/20/2007 03:04 PM]
"uwoi"="C:\PROGRA~1\COMMON~1\uwoi\uwoim.exe" [07/19/2006 02:56 PM]
"Windows update loader"="C:\Windows\xpupdate.exe" [01/21/2008 03:27 PM]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [11/13/2007 05:46 PM]
"WeatherDPA"="C:\Program Files\Zango\bin\10.1.181.0\Weather.exe" [12/13/2007 04:15 PM]
"QdrModule13"="C:\Program Files\QdrModule\QdrModule13.exe" [03/06/2008 09:22 PM]
"MalwareAlarm"="C:\Program Files\MalwareAlarm\MalwareAlarm.exe" [03/12/2008 08:13 PM]
"QdrPack14"="C:\Program Files\QdrPack\QdrPack14.exe" [03/13/2008 05:02 PM]
"ntuser"="C:\WINDOWS\system32\drivers\ctfmon.exe" [03/15/2008 10:17 PM]
"autoload"="C:\Documents and Settings\Jennifer L. Trout\Local Settings\Application Data\spool.exe" [03/15/2008 10:17 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [03/15/2008 10:41 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ntuser"=C:\WINDOWS\system32\drivers\ctfmon.exe
"autoload"=C:\Documents and Settings\LocalService\Local Settings\Application Data\spool.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [5/11/2006 7:27:15 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [5/11/2006 7:23:16 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [11/11/2004 12:59:36 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdxwr.exe"
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,C:\WINDOWS\system32\ntos.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 04/07/2008 08:26 AM 11776 C:\WINDOWS\system32\WLCtrl32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jqx20.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved]
@="Driver Group"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d679b792-ab77-11dc-b58b-00038a000015}]
AutoRun\command- E:\LaunchU3.exe -a

*Newly Created Service* - HTTPFILTER



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8002 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-07 10:57:20 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® M processor 1.50GHz
Percentage of Memory in Use: 83%
Physical Memory (total/avail): 247.37 MiB / 41.99 MiB
Pagefile Memory (total/avail): 976.23 MiB / 248.67 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1896.13 MiB

C: is Fixed (NTFS) - 34.01 GiB total, 20.46 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - TOSHIBA MK4032GAX - 37.26 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 34.01 GiB - C:
\PARTITION2 - Unknown - 3.19 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: McAfee Personal Firewall Plus v (McAfee)
AV: McAfee VirusScan v (McAfee) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jennifer L. Trout\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BRAVESFAN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jennifer L. Trout
LOGONSERVER=\\BRAVESFAN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JENNIF~1.TRO\LOCALS~1\Temp
TMP=C:\DOCUME~1\JENNIF~1.TRO\LOCALS~1\Temp
USERDOMAIN=BRAVESFAN
USERNAME=Jennifer L. Trout
USERPROFILE=C:\Documents and Settings\Jennifer L. Trout
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Jennifer L. Trout (admin)
TEMP (new local, admin, temp assigned)
Violet Trout (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /appid=MSK /uninstall=1 /interact=1 /script_proactive=0 /start="c:\PROGRA~1\mcafee.com\agent\uninst\mskremui.dll::uninstall.htm"
--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mpf /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\mpfrem.ui::uninstall.htm
--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
--> C:\PROGRA~1\Yahoo!\Common\unyt.exe
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AdvancedCleaner Free 1.0.52.2 --> "C:\Program Files\AdvancedCleaner Free\unins000.exe"
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe
Anti Virus Pro spyware remover --> "C:\Program Files\AntiVirusPro\uninstall.exe"
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Connectivity Services --> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom Management Programs --> MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal --> MsiExec.exe /I{B702CCCE-3176-4DBF-B932-D1B8F402F330}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Insider --> C:\Program Files\Insider\UnInstall.exe
Intel® Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Internal Network Card Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
Internet Speed Monitor --> C:\Program Files\ISM\Uninstall.exe
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
MalwareAlarm --> C:\Program Files\MalwareAlarm\Uninstall.exe
McAfee Uninstaller --> C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Jennifer L. Trout\Application Data\Move Networks\ie_bin\Uninst.exe
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Network Monitor --> wscript "C:\WINDOWS\uninstall_nmon.vbs"
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
OIN --> "C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe"
PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PokerStars.net --> "C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickBooks Simple Start Special Edition --> msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SpyAway 1.01.0020 --> "C:\Program Files\SpyAway\uninstall.exe" -u
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TargetSaver --> C:\WINDOWS\system32\tsuninst.exe /u
vidica Toolbar --> C:\PROGRA~1\vidica\UNWISE.EXE C:\PROGRA~1\vidica\INSTALL.LOG
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WinAble --> "C:\Program Files\WinAble\winable.exe" -uninstall
WinTouch --> C:\Documents and Settings\Jennifer L. Trout\Application Data\WinTouch\WTUninstaller.exe
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Words --> C:\Program Files\Words\UnInstall.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zango --> "C:\Program Files\Zango\bin\10.1.181.0\ZangoUninstaller.exe" Web


-- Application Event Log -------------------------------------------------------

Event Record #/Type905 / Error
Event Submitted/Written: 04/07/2008 10:50:24 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type904 / Error
Event Submitted/Written: 04/07/2008 09:34:35 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application pv.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x7dcc9c08.
Processing media-specific event for [pv.exe!ws!]

Event Record #/Type903 / Error
Event Submitted/Written: 04/07/2008 09:26:39 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application malwarealarm.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00e15b1b.
Processing media-specific event for [malwarealarm.exe!ws!]

Event Record #/Type902 / Error
Event Submitted/Written: 04/07/2008 08:50:55 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application pctsSvc.exe, version 5.5.0.75, faulting module unknown, version 0.0.0.0, fault address 0x047f4305.
Processing media-specific event for [pctsSvc.exe!ws!]

Event Record #/Type897 / Error
Event Submitted/Written: 04/04/2008 07:09:02 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application pctsSvc.exe, version 5.5.0.75, faulting module unknown, version 0.0.0.0, fault address 0x047d4305.
Processing media-specific event for [pctsSvc.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type16965 / Error
Event Submitted/Written: 04/07/2008 09:19:27 AM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type16964 / Error
Event Submitted/Written: 04/07/2008 09:19:27 AM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type16963 / Error
Event Submitted/Written: 04/07/2008 09:19:27 AM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type16953 / Error
Event Submitted/Written: 04/07/2008 08:53:55 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The PC Tools Security Service service failed to start due to the following error:
%%1053

Event Record #/Type16952 / Error
Event Submitted/Written: 04/07/2008 08:53:55 AM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect.



-- End of Deckard's System Scanner: finished at 2008-04-07 10:57:20 ------------


Thanks,

Pam

Edited by pallgood, 07 April 2008 - 11:28 AM.


BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:22 AM

Posted 08 April 2008 - 11:39 PM

Hello Pam,

We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


You need to disable your mcafee Antivirus and Spyware Doctor before running ComboFix, as they will prevent it from running.

To disable McAfee Virusscan:
Please navigate to the system tray on the bottom right hand corner and look for a Posted Image sign.
  • right-click it -> chose "Exit."
  • a popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.
You succesfully disabled the McAfee Guard.


To disable Spyware Doctor from running on your system startup:
1. First, disable the OnGuard Tools. This way, when you exit Spyware Doctor, these tools won't stay resident in the background.
2. Click the "Settings" button on the left side.
3. Click the "Startup Settings" link.
4. Uncheck "Run at Windows Startup".
5. Click the "Apply" button.



Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop.

When following the instructions please install the Windows XP Recovery Console if you are using XP. <== IMPORTANT

You DO NOT need to have the Windows CD to install Recovery Console!

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.


We need Recovery Console because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged.
Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read here what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

A caution -
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Disconnect from the Internet.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.



Post the ComboFix log.

Edited by SifuMike, 23 April 2008 - 05:51 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:22 AM

Posted 18 April 2008 - 01:20 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:22 AM

Posted 23 April 2008 - 01:03 PM

topic reopened :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 pallgood

pallgood
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 23 April 2008 - 04:57 PM

Task manager is disabled but ComboFix finally stopped running and this is whats in the box:

Please wait
Combo Fix is preparing to run.
Attempting to create a new system restore point
The batch file cannot be found.

Should I try to run it again?

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:22 AM

Posted 23 April 2008 - 05:02 PM

Task manager is disabled

I think you misunderstood. I did not want you to disable Task Manager. I wanted to end ComboFix and its processes.


Did you install Recovery Console?

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

We need Recovery Console because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged.

Edited by SifuMike, 23 April 2008 - 05:52 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 pallgood

pallgood
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 23 April 2008 - 06:22 PM

I understood. I didn't disable task manager whatever infection I have has the task manager disabled, therefore I couldn't use it to shut down ComboFix. I drug the recovery console download and put it on the ComboFix dowload like the instructions said to do. If I understood correctly ComboFix will automatically install the recovery console but I didn't ever see the blue screen that said it was installed. When I try to install the recovery console alone it wants me to specify the floppy drive to copy to.

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:22 AM

Posted 23 April 2008 - 06:31 PM

Hi Pam,

We will try running ComboFix another way.

Make sure you have disabled your McAfee antivirus and Spyware Doctor before running ComboFix.

Run ComboFix using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

ComboFix should not take longer than 20 minutes to run.

Edited by SifuMike, 23 April 2008 - 06:32 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 pallgood

pallgood
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 23 April 2008 - 06:34 PM

PS. The reason I could only boot into safe mode after disabling Spyware Doctor is because I was low on memory.

#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:22 AM

Posted 23 April 2008 - 06:37 PM

Disabling your antivirus, Spyware Doctor and using ComboFix as I descibed above will give you more memory.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 pallgood

pallgood
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 23 April 2008 - 07:32 PM

ComboFix 08-04-20.5 - Jennifer L. Trout 2008-04-23 20:18:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.68 [GMT -4:00]
Running from: C:\Documents and Settings\Jennifer L. Trout\desktop\combofix.exe
Command switches used :: /killall

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\d.exe
C:\Documents and Settings\Jennifer L. Trout\ftpdll.dll
C:\Documents and Settings\LocalService\ftpdll.dll
C:\E.tmp
C:\Program Files\antiviirus.exe
C:\Program Files\Helper
C:\Program Files\Helper\1208900834.dll
C:\Program Files\Insider
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\Sysmnt
C:\Program Files\Sysmnt\Ssmgr.exe
C:\Program Files\tmp0.exe
C:\Program Files\tmp1.exe
C:\Program Files\tmp2.exe
C:\Program Files\tmp3.exe
C:\WINDOWS\123messenger.per
C:\WINDOWS\asferror32.dll
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\browserad.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\FLEOK
C:\WINDOWS\FLEOK\180ax.exe
C:\WINDOWS\Installer\{584b9bce-3bac-43d0-9ad8-90fa2a3f3b0d}
C:\WINDOWS\Installer\{584b9bce-3bac-43d0-9ad8-90fa2a3f3b0d}\zip.dll
C:\WINDOWS\licencia.txt
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\resources\CheckSetup.dll
C:\WINDOWS\saiemod.dll
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\system32\adult.txt
C:\WINDOWS\system32\ddCurRhi.dll
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\finance.txt
C:\WINDOWS\system32\ftpdll.dll
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\other.txt
C:\WINDOWS\system32\pharma.txt
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\vTLBstRL.dll
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\telefonos.txt
C:\WINDOWS\textos.txt
C:\WINDOWS\voiceip.dll
C:\WINDOWS\winsb.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_Schedule
-------\Service_Schedule


((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.

2008-04-23 11:52 . 2008-04-22 17:45 7,168 --a------ C:\Documents and Settings\NetworkService\cftmon.exe
2008-04-23 09:42 . 2008-04-22 17:45 7,168 --a------ C:\Documents and Settings\LocalService\cftmon.exe
2008-04-22 17:46 . 2008-04-22 17:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\pudungrk
2008-04-22 17:46 . 2008-04-22 17:46 110,592 --a------ C:\WINDOWS\system32\bgxsdide.exe
2008-04-22 17:45 . 2008-04-22 17:45 71,168 --a------ C:\vqvtx.exe
2008-04-22 17:45 . 2008-04-22 17:45 67,506 --a------ C:\WINDOWS\fkjdfje.sys
2008-04-22 17:45 . 2008-04-22 17:45 61,952 --a------ C:\gpqdiib.exe
2008-04-22 17:45 . 2008-04-22 17:45 13,824 --a------ C:\dssic.exe
2008-04-22 17:45 . 2008-04-22 17:45 10,000 --a------ C:\WINDOWS\system32\jfiehayd.dll
2008-04-22 17:45 . 2008-04-22 17:45 7,168 --a------ C:\Documents and Settings\Jennifer L. Trout\cftmon.exe
2008-04-22 17:45 . 2008-04-22 17:45 4,096 --a------ C:\atpjpfl.exe
2008-04-22 17:45 . 2008-04-22 17:45 2 --a------ C:\351646139
2008-04-09 18:48 . 2008-04-09 18:48 0 --a------ C:\55.tmp
2008-04-09 18:47 . 2008-04-09 18:47 2 --a------ C:\33.tmp
2008-04-09 18:47 . 2008-04-09 18:47 0 --a------ C:\48.tmp
2008-04-09 18:47 . 2008-04-09 18:47 0 --a------ C:\3A.tmp
2008-04-09 18:47 . 2008-04-09 18:47 0 --a------ C:\32.tmp
2008-04-09 18:46 . 2008-04-09 18:47 47,104 --a------ C:\31.tmp
2008-04-09 15:23 . 2008-04-09 15:23 0 --a------ C:\30.tmp
2008-04-09 15:23 . 2008-04-09 15:23 0 --a------ C:\2F.tmp
2008-04-09 15:22 . 2008-04-09 15:22 47,104 --a------ C:\2A.tmp
2008-04-09 15:22 . 2008-04-09 15:22 2 --a------ C:\2C.tmp
2008-04-09 15:22 . 2008-04-09 15:22 0 --a------ C:\2E.tmp
2008-04-09 15:22 . 2008-04-09 15:22 0 --a------ C:\2B.tmp
2008-04-09 15:15 . 2008-04-09 15:15 486 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-09 15:13 . 2008-04-09 15:13 0 --a------ C:\2D.tmp
2008-04-09 15:12 . 2008-04-09 15:12 2 --a------ C:\27.tmp
2008-04-09 15:12 . 2008-04-09 15:12 0 --a------ C:\29.tmp
2008-04-09 15:12 . 2008-04-09 15:12 0 --a------ C:\28.tmp
2008-04-09 15:11 . 2008-04-09 15:11 47,104 --a------ C:\25.tmp
2008-04-09 15:11 . 2008-04-09 15:11 0 --a------ C:\26.tmp
2008-04-09 15:07 . 2008-04-09 15:07 2 --a------ C:\WINDOWS\msoffice.ini
2008-04-09 15:01 . 2008-04-09 15:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\McAfee.com Personal Firewall
2008-04-09 11:22 . 2008-04-09 11:24 44,154 --a------ C:\WINDOWS\kaglor.config
2008-04-09 11:13 . 2008-04-09 11:13 14,848 --a------ C:\WINDOWS\system32\drivers\531ljc.exe
2008-04-09 11:02 . 2008-04-09 11:02 1,972 --a------ C:\23.tmp
2008-04-09 11:02 . 2008-04-09 11:02 1,972 --a------ C:\21.tmp
2008-04-09 11:02 . 2008-04-09 11:02 0 --a------ C:\24.tmp
2008-04-09 11:02 . 2008-04-09 11:02 0 --a------ C:\22.tmp
2008-04-09 10:54 . 2008-04-09 10:54 47,104 --a------ C:\16.tmp
2008-04-09 10:54 . 2008-04-09 10:54 2 --a------ C:\20.tmp
2008-04-09 10:54 . 2008-04-09 10:54 0 --a------ C:\19.tmp
2008-04-08 16:28 . 2008-04-08 16:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-04-08 16:14 . 2008-04-08 16:14 0 --a------ C:\54.tmp
2008-04-08 16:11 . 2008-04-08 16:11 0 --a------ C:\13.tmp
2008-04-08 16:11 . 2008-04-08 16:11 0 --a------ C:\11.tmp
2008-04-08 16:10 . 2008-04-08 16:10 2 --a------ C:\10.tmp
2008-04-08 16:10 . 2008-04-08 16:10 0 --a------ C:\F.tmp
2008-04-08 09:48 . 2008-04-08 16:05 123 --a------ C:\WINDOWS\system\SysSD.dll
2008-04-07 17:55 . 2008-04-07 17:55 0 --a------ C:\1F.tmp
2008-04-07 17:54 . 2008-04-07 17:54 2 --a------ C:\1C.tmp
2008-04-07 17:54 . 2008-04-07 17:54 0 --a------ C:\1E.tmp
2008-04-07 17:54 . 2008-04-07 17:54 0 --a------ C:\1D.tmp
2008-04-07 17:53 . 2008-04-07 17:54 47,104 --a------ C:\1A.tmp
2008-04-07 17:53 . 2008-04-07 17:53 0 --a------ C:\1B.tmp
2008-04-07 17:24 . 2008-04-08 12:04 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-07 16:33 . 2008-04-07 16:34 2 --a------ C:\18.tmp
2008-04-07 16:33 . 2008-04-07 16:33 0 --a------ C:\12.tmp
2008-04-07 15:50 . 2008-04-07 15:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-07 15:50 . 2008-04-07 15:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-07 15:41 . 2008-04-07 16:08 5,562 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-07 15:40 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-07 15:40 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-07 15:40 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-07 15:40 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-07 15:40 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-07 15:40 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-07 15:40 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-07 15:09 . 2008-04-09 15:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-04-07 15:09 . 2008-04-07 15:09 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-07 15:09 . 2008-04-23 20:17 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-07 12:34 . 2008-04-07 12:34 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-07 10:48 . 2008-04-07 10:48 <DIR> d-------- C:\Deckard
2008-04-07 08:38 . 2008-04-07 08:38 0 --a------ C:\17.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 00:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-09 19:08 --------- d-----w C:\Program Files\Common Files\AOL
2008-04-09 19:08 --------- d-----w C:\Documents and Settings\Violet Trout\Application Data\AOL
2008-04-09 19:08 --------- d-----w C:\Documents and Settings\TEMP\Application Data\AOL
2008-04-09 19:08 --------- d-----w C:\Documents and Settings\Jennifer L. Trout\Application Data\AOL
2008-04-09 19:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-09 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-04-08 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-07 21:50 --------- d-----w C:\Program Files\Conduit
2008-04-07 21:35 --------- d-----w C:\Program Files\Yahoo!
2008-03-21 21:52 11,264 ----a-w C:\mcHK.exe
2008-03-16 02:41 --------- d-----w C:\Program Files\Google
2008-03-16 02:17 43,881 --sha-w C:\WINDOWS\system32\drivers\ctfmon.exe
2008-03-02 03:24 --------- d-----w C:\Documents and Settings\TEMP\Application Data\Yahoo!
2008-03-02 03:23 --------- d--h--w C:\Documents and Settings\TEMP\Application Data\GTek
2008-03-02 03:23 --------- d-----w C:\Documents and Settings\TEMP\Application Data\McAfee.com Personal Firewall
2008-02-29 17:44 --------- d-----w C:\Program Files\iTunes
2008-02-29 17:44 --------- d-----w C:\Program Files\iPod
2008-02-29 17:40 --------- d-----w C:\Program Files\QuickTime
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af49a2-94f3-42bd-f434-2604812c897d}]
2008-04-22 17:45 10000 --a------ C:\WINDOWS\system32\jfiehayd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-09 12:00 68856]
"vjuakqgv"="C:\WINDOWS\system32\bgxsdide.exe" [2008-04-22 17:46 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 21:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 21:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 21:50 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 05:56 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 16:08 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 00:19 393216 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{C5AF49A2-94F3-42BD-F434-2604812C897D}"= C:\WINDOWS\system32\jfiehayd.dll [2008-04-22 17:45 10000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jqx20.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32]
C:\DOCUME~1\JENNIF~1.TRO\LOCALS~1\Temp\3809.tmp/r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antiviirus]
C:\Program Files\antiviirus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoload]
---hs---- 2008-03-15 22:17 19562 C:\Documents and Settings\Jennifer L. Trout\Local Settings\Application Data\spool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2006-02-09 18:34 106496 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2005-12-15 11:44 839680 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
--a------ 2007-11-13 17:46 135168 C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider]
C:\Program Files\Insider\Insider.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\istray]
C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lanmanwrk.exe]
C:\WINDOWS\System32\lanmanwrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2005-09-08 20:20 8192 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2005-09-08 20:20 110592 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--a------ 2003-09-10 03:24 20480 C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-08-12 16:16 1121792 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pofy]
C:\Program Files\Common Files\pofy77798.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule13]
C:\Program Files\QdrModule\QdrModule13.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack14]
C:\Program Files\QdrPack\QdrPack14.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-05-11 19:27 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-09 12:00 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uwoi]
C:\PROGRA~1\COMMON~1\uwoi\uwoim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]
C:\Program Files\Zango\bin\10.1.181.0\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words]
C:\Program Files\Words\Words.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]
C:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]
C:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

S0 Jqx20;Jqx20;C:\WINDOWS\system32\Drivers\Jqx20.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d679b792-ab77-11dc-b58b-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-03-03 18:54:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-02 03:23:02 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (BRAVESFAN-Violet Trout).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 20:25:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2008-04-23 20:28:14 - machine was rebooted [Jennifer L. Trout]
ComboFix-quarantined-files.txt 2008-04-24 00:28:09

Pre-Run: 24,287,875,072 bytes free
Post-Run: 24,238,358,528 bytes free

323 --- E O F --- 2008-04-09 19:17:06

#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:22 AM

Posted 23 April 2008 - 10:30 PM

Hi Pam,


I cant proceed until you install recovery console. :thumbsup:

Please visit this webpage for instructions for downloading and running ComboFix with Recovery Console.:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When following the instructions please install the Windows XP Recovery Console if you are using XP. <== IMPORTANT

You DO NOT need to have the Windows CD to install Recovery Console!

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

After you have Recovery Console installed, it will automatically run ComboFix and produce a ComboFix log. Please post it.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 pallgood

pallgood
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 24 April 2008 - 10:21 AM

ComboFix 08-04-20.5 - Jennifer L. Trout 2008-04-24 11:15:05.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.63 [GMT -4:00]
Running from: C:\Documents and Settings\Jennifer L. Trout\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.

2008-04-24 10:33 . 2008-04-24 10:33 <DIR> d-------- C:\Program Files\Microsoft Diagnostics and Recovery Toolset
2008-04-23 11:52 . 2008-04-22 17:45 7,168 --a------ C:\Documents and Settings\NetworkService\cftmon.exe
2008-04-23 09:42 . 2008-04-22 17:45 7,168 --a------ C:\Documents and Settings\LocalService\cftmon.exe
2008-04-22 17:46 . 2008-04-22 17:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\pudungrk
2008-04-22 17:46 . 2008-04-22 17:46 110,592 --a------ C:\WINDOWS\system32\bgxsdide.exe
2008-04-22 17:45 . 2008-04-22 17:45 71,168 --a------ C:\vqvtx.exe
2008-04-22 17:45 . 2008-04-22 17:45 67,506 --a------ C:\WINDOWS\fkjdfje.sys
2008-04-22 17:45 . 2008-04-22 17:45 61,952 --a------ C:\gpqdiib.exe
2008-04-22 17:45 . 2008-04-22 17:45 13,824 --a------ C:\dssic.exe
2008-04-22 17:45 . 2008-04-22 17:45 10,000 --a------ C:\WINDOWS\system32\jfiehayd.dll
2008-04-22 17:45 . 2008-04-22 17:45 7,168 --a------ C:\Documents and Settings\Jennifer L. Trout\cftmon.exe
2008-04-22 17:45 . 2008-04-22 17:45 4,096 --a------ C:\atpjpfl.exe
2008-04-22 17:45 . 2008-04-22 17:45 2 --a------ C:\351646139
2008-04-09 18:48 . 2008-04-09 18:48 0 --a------ C:\55.tmp
2008-04-09 18:47 . 2008-04-09 18:47 2 --a------ C:\33.tmp
2008-04-09 18:47 . 2008-04-09 18:47 0 --a------ C:\48.tmp
2008-04-09 18:47 . 2008-04-09 18:47 0 --a------ C:\3A.tmp
2008-04-09 18:47 . 2008-04-09 18:47 0 --a------ C:\32.tmp
2008-04-09 18:46 . 2008-04-09 18:47 47,104 --a------ C:\31.tmp
2008-04-09 15:23 . 2008-04-09 15:23 0 --a------ C:\30.tmp
2008-04-09 15:23 . 2008-04-09 15:23 0 --a------ C:\2F.tmp
2008-04-09 15:22 . 2008-04-09 15:22 47,104 --a------ C:\2A.tmp
2008-04-09 15:22 . 2008-04-09 15:22 2 --a------ C:\2C.tmp
2008-04-09 15:22 . 2008-04-09 15:22 0 --a------ C:\2E.tmp
2008-04-09 15:22 . 2008-04-09 15:22 0 --a------ C:\2B.tmp
2008-04-09 15:15 . 2008-04-09 15:15 486 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-09 15:13 . 2008-04-09 15:13 0 --a------ C:\2D.tmp
2008-04-09 15:12 . 2008-04-09 15:12 2 --a------ C:\27.tmp
2008-04-09 15:12 . 2008-04-09 15:12 0 --a------ C:\29.tmp
2008-04-09 15:12 . 2008-04-09 15:12 0 --a------ C:\28.tmp
2008-04-09 15:11 . 2008-04-09 15:11 47,104 --a------ C:\25.tmp
2008-04-09 15:11 . 2008-04-09 15:11 0 --a------ C:\26.tmp
2008-04-09 15:07 . 2008-04-09 15:07 2 --a------ C:\WINDOWS\msoffice.ini
2008-04-09 15:01 . 2008-04-09 15:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\McAfee.com Personal Firewall
2008-04-09 11:22 . 2008-04-09 11:24 44,154 --a------ C:\WINDOWS\kaglor.config
2008-04-09 11:13 . 2008-04-09 11:13 14,848 --a------ C:\WINDOWS\system32\drivers\531ljc.exe
2008-04-09 11:02 . 2008-04-09 11:02 1,972 --a------ C:\23.tmp
2008-04-09 11:02 . 2008-04-09 11:02 1,972 --a------ C:\21.tmp
2008-04-09 11:02 . 2008-04-09 11:02 0 --a------ C:\24.tmp
2008-04-09 11:02 . 2008-04-09 11:02 0 --a------ C:\22.tmp
2008-04-09 10:54 . 2008-04-09 10:54 47,104 --a------ C:\16.tmp
2008-04-09 10:54 . 2008-04-09 10:54 2 --a------ C:\20.tmp
2008-04-09 10:54 . 2008-04-09 10:54 0 --a------ C:\19.tmp
2008-04-08 16:28 . 2008-04-08 16:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-04-08 16:14 . 2008-04-08 16:14 0 --a------ C:\54.tmp
2008-04-08 16:11 . 2008-04-08 16:11 0 --a------ C:\13.tmp
2008-04-08 16:11 . 2008-04-08 16:11 0 --a------ C:\11.tmp
2008-04-08 16:10 . 2008-04-08 16:10 2 --a------ C:\10.tmp
2008-04-08 16:10 . 2008-04-08 16:10 0 --a------ C:\F.tmp
2008-04-08 09:48 . 2008-04-08 16:05 123 --a------ C:\WINDOWS\system\SysSD.dll
2008-04-07 17:55 . 2008-04-07 17:55 0 --a------ C:\1F.tmp
2008-04-07 17:54 . 2008-04-07 17:54 2 --a------ C:\1C.tmp
2008-04-07 17:54 . 2008-04-07 17:54 0 --a------ C:\1E.tmp
2008-04-07 17:54 . 2008-04-07 17:54 0 --a------ C:\1D.tmp
2008-04-07 17:53 . 2008-04-07 17:54 47,104 --a------ C:\1A.tmp
2008-04-07 17:53 . 2008-04-07 17:53 0 --a------ C:\1B.tmp
2008-04-07 17:24 . 2008-04-08 12:04 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-07 16:33 . 2008-04-07 16:34 2 --a------ C:\18.tmp
2008-04-07 16:33 . 2008-04-07 16:33 0 --a------ C:\12.tmp
2008-04-07 15:50 . 2008-04-07 15:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-07 15:50 . 2008-04-07 15:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-07 15:41 . 2008-04-07 16:08 5,562 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-07 15:40 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-07 15:40 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-07 15:40 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-07 15:40 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-07 15:40 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-07 15:40 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-07 15:40 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-07 15:09 . 2008-04-09 15:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-04-07 15:09 . 2008-04-07 15:09 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-07 15:09 . 2008-04-23 20:17 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-07 12:34 . 2008-04-07 12:34 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-07 10:48 . 2008-04-07 10:48 <DIR> d-------- C:\Deckard
2008-04-07 08:38 . 2008-04-07 08:38 0 --a------ C:\17.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 00:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-09 19:08 --------- d-----w C:\Program Files\Common Files\AOL
2008-04-09 19:08 --------- d-----w C:\Documents and Settings\Violet Trout\Application Data\AOL
2008-04-09 19:08 --------- d-----w C:\Documents and Settings\TEMP\Application Data\AOL
2008-04-09 19:08 --------- d-----w C:\Documents and Settings\Jennifer L. Trout\Application Data\AOL
2008-04-09 19:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-09 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-04-08 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-07 21:50 --------- d-----w C:\Program Files\Conduit
2008-04-07 21:35 --------- d-----w C:\Program Files\Yahoo!
2008-03-21 21:52 11,264 ----a-w C:\mcHK.exe
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-16 02:41 --------- d-----w C:\Program Files\Google
2008-03-16 02:17 43,881 --sha-w C:\WINDOWS\system32\drivers\ctfmon.exe
2008-03-02 03:24 --------- d-----w C:\Documents and Settings\TEMP\Application Data\Yahoo!
2008-03-02 03:23 --------- d--h--w C:\Documents and Settings\TEMP\Application Data\GTek
2008-03-02 03:23 --------- d-----w C:\Documents and Settings\TEMP\Application Data\McAfee.com Personal Firewall
2008-02-29 17:44 --------- d-----w C:\Program Files\iTunes
2008-02-29 17:44 --------- d-----w C:\Program Files\iPod
2008-02-29 17:40 --------- d-----w C:\Program Files\QuickTime
2008-02-29 10:59 4,704 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 09:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-23_20.27.54.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-24 00:24:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-24 14:36:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af49a2-94f3-42bd-f434-2604812c897d}]
2008-04-22 17:45 10000 --a------ C:\WINDOWS\system32\jfiehayd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-09 12:00 68856]
"vjuakqgv"="C:\WINDOWS\system32\bgxsdide.exe" [2008-04-22 17:46 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 21:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 21:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 21:50 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 05:56 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 16:08 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 00:19 393216 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{C5AF49A2-94F3-42BD-F434-2604812C897D}"= C:\WINDOWS\system32\jfiehayd.dll [2008-04-22 17:45 10000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jqx20.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32]
C:\DOCUME~1\JENNIF~1.TRO\LOCALS~1\Temp\3809.tmp/r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antiviirus]
C:\Program Files\antiviirus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoload]
---hs---- 2008-03-15 22:17 19562 C:\Documents and Settings\Jennifer L. Trout\Local Settings\Application Data\spool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2006-02-09 18:34 106496 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2005-12-15 11:44 839680 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
--a------ 2007-11-13 17:46 135168 C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider]
C:\Program Files\Insider\Insider.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\istray]
C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lanmanwrk.exe]
C:\WINDOWS\System32\lanmanwrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2005-09-08 20:20 8192 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2005-09-08 20:20 110592 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--a------ 2003-09-10 03:24 20480 C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-08-12 16:16 1121792 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pofy]
C:\Program Files\Common Files\pofy77798.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule13]
C:\Program Files\QdrModule\QdrModule13.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack14]
C:\Program Files\QdrPack\QdrPack14.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-05-11 19:27 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-09 12:00 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uwoi]
C:\PROGRA~1\COMMON~1\uwoi\uwoim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]
C:\Program Files\Zango\bin\10.1.181.0\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words]
C:\Program Files\Words\Words.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]
C:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]
C:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

S0 Jqx20;Jqx20;C:\WINDOWS\system32\Drivers\Jqx20.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d679b792-ab77-11dc-b58b-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-03-03 18:54:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-02 03:23:02 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (BRAVESFAN-Violet Trout).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 11:16:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-24 11:18:30
ComboFix-quarantined-files.txt 2008-04-24 15:18:21
ComboFix2.txt 2008-04-24 14:43:55
ComboFix3.txt 2008-04-24 00:28:15

Pre-Run: 23,913,844,736 bytes free
Post-Run: 23,902,601,216 bytes free

257 --- E O F --- 2008-04-09 19:17:06

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:22 AM

Posted 24 April 2008 - 11:50 AM

Hi Pam,

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:

KILLALL:: 

File:: 
C:\WINDOWS\system32\bgxsdide.exe
C:\vqvtx.exe
C:\WINDOWS\fkjdfje.sys
C:\gpqdiib.exe
C:\dssic.exe
C:\WINDOWS\system32\jfiehayd.dll
C:\atpjpfl.exe
C:\351646139
C:\55.tmp
C:\33.tmp
C:\48.tmp
C:\3A.tmp
C:\32.tmp
C:\31.tmp
C:\30.tmp
C:\2F.tmp
C:\2A.tmp
C:\2C.tmp
C:\2E.tmp
C:\2B.tmp
C:\2D.tmp
C:\27.tmp
C:\29.tmp
C:\28.tmp
C:\25.tmp
C:\26.tmp
C:\WINDOWS\system32\drivers\531ljc.exe
C:\23.tmp
C:\21.tmp
C:\24.tmp
C:\22.tmp
C:\16.tmp
C:\20.tmp
C:\19.tmp
C:\54.tmp
C:\13.tmp
C:\11.tmp
C:\10.tmp
C:\F.tmp
C:\WINDOWS\system\SysSD.dll
C:\1F.tmp
C:\1C.tmp
C:\1E.tmp
C:\1D.tmp
C:\1A.tmp
C:\1B.tmp
C:\18.tmp
C:\12.tmp
C:\WINDOWS\system32\tmp.reg
C:\17.tmp
C:\WINDOWS\system32\jfiehayd.dll 
C:\Program Files\Common Files\pofy77798.exe
C:\Program Files\QdrModule\QdrModule13.exe
C:\Program Files\QdrPack\QdrPack14.exe
C:\PROGRA~1\COMMON~1\uwoi\uwoim.exe
C:\Program Files\Words\Words.exe
C:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe
C:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe
C:\Program Files\Zango\bin\10.1.181.0\Weather.exe
C:\WINDOWS\system32\Drivers\Jqx20.sys

Registry:: 
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af49a2-94f3-42bd-f434-2604812c897d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vjuakqgv"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{C5AF49A2-94F3-42BD-F434-2604812C897D}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antiviirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pofy]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule13]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack14]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uwoi]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]
 
Driver:: 
Jqx20


Name the Notepad file CFScript.txt and Save it to your desktop.

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 pallgood

pallgood
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 24 April 2008 - 01:27 PM

ComboFix 08-04-20.5 - Jennifer L. Trout 2008-04-24 14:10:07.4 - NTFSx86
Running from: C:\Documents and Settings\Jennifer L. Trout\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jennifer L. Trout\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\10.tmp
C:\11.tmp
C:\12.tmp
C:\13.tmp
C:\16.tmp
C:\17.tmp
C:\18.tmp
C:\19.tmp
C:\1A.tmp
C:\1B.tmp
C:\1C.tmp
C:\1D.tmp
C:\1E.tmp
C:\1F.tmp
C:\20.tmp
C:\21.tmp
C:\22.tmp
C:\23.tmp
C:\24.tmp
C:\25.tmp
C:\26.tmp
C:\27.tmp
C:\28.tmp
C:\29.tmp
C:\2A.tmp
C:\2B.tmp
C:\2C.tmp
C:\2D.tmp
C:\2E.tmp
C:\2F.tmp
C:\30.tmp
C:\31.tmp
C:\32.tmp
C:\33.tmp
C:\351646139
C:\3A.tmp
C:\48.tmp
C:\54.tmp
C:\55.tmp
C:\atpjpfl.exe
C:\dssic.exe
C:\F.tmp
C:\gpqdiib.exe
C:\PROGRA~1\COMMON~1\uwoi\uwoim.exe
C:\Program Files\Common Files\pofy77798.exe
C:\Program Files\QdrModule\QdrModule13.exe
C:\Program Files\QdrPack\QdrPack14.exe
C:\Program Files\Words\Words.exe
C:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe
C:\Program Files\Zango\bin\10.1.181.0\Weather.exe
C:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe
C:\vqvtx.exe
C:\WINDOWS\fkjdfje.sys
C:\WINDOWS\system\SysSD.dll
C:\WINDOWS\system32\bgxsdide.exe
C:\WINDOWS\system32\drivers\531ljc.exe
C:\WINDOWS\system32\Drivers\Jqx20.sys
C:\WINDOWS\system32\jfiehayd.dll
C:\WINDOWS\system32\tmp.reg
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\10.tmp
C:\11.tmp
C:\12.tmp
C:\13.tmp
C:\16.tmp
C:\17.tmp
C:\18.tmp
C:\19.tmp
C:\1A.tmp
C:\1B.tmp
C:\1C.tmp
C:\1D.tmp
C:\1E.tmp
C:\1F.tmp
C:\20.tmp
C:\21.tmp
C:\22.tmp
C:\23.tmp
C:\24.tmp
C:\25.tmp
C:\26.tmp
C:\27.tmp
C:\28.tmp
C:\29.tmp
C:\2A.tmp
C:\2B.tmp
C:\2C.tmp
C:\2D.tmp
C:\2E.tmp
C:\2F.tmp
C:\30.tmp
C:\31.tmp
C:\32.tmp
C:\33.tmp
C:\351646139
C:\3A.tmp
C:\48.tmp
C:\54.tmp
C:\55.tmp
C:\atpjpfl.exe
C:\dssic.exe
C:\F.tmp
C:\gpqdiib.exe
C:\vqvtx.exe
C:\WINDOWS\fkjdfje.sys
C:\WINDOWS\system\SysSD.dll
C:\WINDOWS\system32\bgxsdide.exe
C:\WINDOWS\system32\drivers\531ljc.exe
C:\WINDOWS\system32\jfiehayd.dll
C:\WINDOWS\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_fkjdfje


((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.

2008-04-24 10:33 . 2008-04-24 10:33 <DIR> d-------- C:\Program Files\Microsoft Diagnostics and Recovery Toolset
2008-04-23 11:52 . 2008-04-22 17:45 7,168 --a------ C:\Documents and Settings\NetworkService\cftmon.exe
2008-04-23 09:42 . 2008-04-22 17:45 7,168 --a------ C:\Documents and Settings\LocalService\cftmon.exe
2008-04-22 17:46 . 2008-04-22 17:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\pudungrk
2008-04-22 17:45 . 2008-04-22 17:45 7,168 --a------ C:\Documents and Settings\Jennifer L. Trout\cftmon.exe
2008-04-09 15:15 . 2008-04-09 15:15 486 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-09 15:07 . 2008-04-09 15:07 2 --a------ C:\WINDOWS\msoffice.ini
2008-04-09 15:01 . 2008-04-09 15:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\McAfee.com Personal Firewall
2008-04-09 11:22 . 2008-04-09 11:24 44,154 --a------ C:\WINDOWS\kaglor.config
2008-04-08 16:28 . 2008-04-08 16:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-04-07 17:24 . 2008-04-08 12:04 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-07 15:50 . 2008-04-07 15:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-07 15:50 . 2008-04-07 15:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-07 15:40 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-07 15:40 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-07 15:40 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-07 15:40 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-07 15:40 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-07 15:40 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-07 15:40 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-07 15:09 . 2008-04-09 15:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-04-07 15:09 . 2008-04-07 15:09 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-07 15:09 . 2008-04-23 20:17 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-07 12:34 . 2008-04-07 12:34 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-07 10:48 . 2008-04-07 10:48 <DIR> d-------- C:\Deckard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 00:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-09 19:08 --------- d-----w C:\Program Files\Common Files\AOL
2008-04-09 19:08 --------- d-----w C:\Documents and Settings\Violet Trout\Application Data\AOL
2008-04-09 19:08 --------- d-----w C:\Documents and Settings\TEMP\Application Data\AOL
2008-04-09 19:08 --------- d-----w C:\Documents and Settings\Jennifer L. Trout\Application Data\AOL
2008-04-09 19:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-09 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-04-08 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-07 21:50 --------- d-----w C:\Program Files\Conduit
2008-04-07 21:35 --------- d-----w C:\Program Files\Yahoo!
2008-03-21 21:52 11,264 ----a-w C:\mcHK.exe
2008-03-16 02:41 --------- d-----w C:\Program Files\Google
2008-03-16 02:17 43,881 --sha-w C:\WINDOWS\system32\drivers\ctfmon.exe
2008-03-02 03:24 --------- d-----w C:\Documents and Settings\TEMP\Application Data\Yahoo!
2008-03-02 03:23 --------- d--h--w C:\Documents and Settings\TEMP\Application Data\GTek
2008-03-02 03:23 --------- d-----w C:\Documents and Settings\TEMP\Application Data\McAfee.com Personal Firewall
2008-02-29 17:44 --------- d-----w C:\Program Files\iTunes
2008-02-29 17:44 --------- d-----w C:\Program Files\iPod
2008-02-29 17:40 --------- d-----w C:\Program Files\QuickTime
.

((((((((((((((((((((((((((((( snapshot@2008-04-23_20.27.54.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-24 00:24:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-24 18:13:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-09 12:00 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 21:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 21:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 21:50 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 05:56 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 16:08 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 00:19 393216 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jqx20.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32]
C:\DOCUME~1\JENNIF~1.TRO\LOCALS~1\Temp\3809.tmp/r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoload]
---hs---- 2008-03-15 22:17 19562 C:\Documents and Settings\Jennifer L. Trout\Local Settings\Application Data\spool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2006-02-09 18:34 106496 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2005-12-15 11:44 839680 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
--a------ 2007-11-13 17:46 135168 C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider]
C:\Program Files\Insider\Insider.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\istray]
C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lanmanwrk.exe]
C:\WINDOWS\System32\lanmanwrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2005-09-08 20:20 8192 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2005-09-08 20:20 110592 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--a------ 2003-09-10 03:24 20480 C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-08-12 16:16 1121792 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-05-11 19:27 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-09 12:00 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

S0 Jqx20;Jqx20;C:\WINDOWS\system32\Drivers\Jqx20.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d679b792-ab77-11dc-b58b-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-03-03 18:54:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-02 03:23:02 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (BRAVESFAN-Violet Trout).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 14:14:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2008-04-24 14:17:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-24 18:17:33
ComboFix2.txt 2008-04-24 15:18:30
ComboFix3.txt 2008-04-24 14:43:55
ComboFix4.txt 2008-04-24 00:28:15

Pre-Run: 23,891,439,616 bytes free
Post-Run: 23,876,685,824 bytes free

307 --- E O F --- 2008-04-09 19:17:06



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:18:31 PM, on 4/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149293552906
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.50 85.255.112.221
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.50 85.255.112.221
O21 - SSODL: CheckSetup - {b5cdb0d0-605e-4b67-aaed-caee78a79f2b} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5204 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users