Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

1st Time Poster - PC Running Slow, Pop-Up Ads, DCAD


  • This topic is locked This topic is locked
10 replies to this topic

#1 JMT856

JMT856

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 17 February 2009 - 12:34 AM

Hello --

I just recently ran across this forum, registered and would like to post several problems in hopes of a solution.

Recently, after using some P2P programs, I begin experiencing issues with pop-up's when using both IE and Firefox. Upon additional discovery, I learned that the name of the pop-up's was referred to as DCADS. I've since ran MalWare and Ad-Ware; and while a majority of the pop-up's have ceased, I'm still receiving them, only now I'm not seeing any mention of DCADS. I also noticed tonight that my bottom task bar, as well as my desktop icons suddenly disappeared.

I ran a HJ report tonight and would like any and all help possible to gain resolution to the issues that I'm experiencing with the speed of my PC and pop-ups. My PC is fairly new, Dell XPS, Desktop.

Thanks so very much for all the help and support you can provide.

Jason

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:21 AM, on 2/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\DOCUME~1\Jason\LOCALS~1\Temp\clclean.0001
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\DOCUME~1\JASONN~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061002
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061002
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061002
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-21-537183589-2343604648-1276835120-1006\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'Jason')
O4 - HKUS\S-1-5-21-537183589-2343604648-1276835120-1006\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" (User 'Jason')
O4 - HKUS\S-1-5-21-537183589-2343604648-1276835120-1006\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Jason')
O4 - HKUS\S-1-5-21-537183589-2343604648-1276835120-1006\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'Jason')
O4 - HKUS\S-1-5-21-537183589-2343604648-1276835120-1006\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User 'Jason')
O4 - HKUS\S-1-5-21-537183589-2343604648-1276835120-1006\..\Run: [A00F2743C.exe] C:\DOCUME~1\Jason\LOCALS~1\Temp\_A00F2743C.exe (User 'Jason')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\WINDOWS\System32\gpkcsp32.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\WINDOWS\System32\gpkcsp32.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\WINDOWS\System32\gpkcsp32.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\WINDOWS\System32\gpkcsp32.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\WINDOWS\System32\gpkcsp32.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\WINDOWS\System32\gpkcsp32.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\WINDOWS\System32\gpkcsp32.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\WINDOWS\System32\gpkcsp32.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\WINDOWS\System32\gpkcsp32.dll
O20 - Winlogon Notify: 9454bc73530 - C:\WINDOWS\System32\gpkcsp32.dll
O20 - Winlogon Notify: __c00899FC - C:\WINDOWS\system32\__c00899FC.dat (file missing)
O20 - Winlogon Notify: __c008C85C - C:\WINDOWS\system32\__c008C85C.dat (file missing)
O20 - Winlogon Notify: __c0097B9F - C:\WINDOWS\system32\__c0097B9F.dat (file missing)
O20 - Winlogon Notify: __c00A04E - C:\WINDOWS\system32\__c00A04E.dat (file missing)
O20 - Winlogon Notify: __c00F6042 - C:\WINDOWS\system32\__c00F6042.dat (file missing)
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 15964 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 18 February 2009 - 07:03 AM

Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.




NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall




Please post these logs in your next reply... Post each log in separate post

1. SDFix
2. ComboFix
3. A fresh HijackThis log

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 JMT856

JMT856
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 19 February 2009 - 09:28 PM

fenzodahl512 --

I can't thank you enough for your offer of support in helping me get this resolved. I've followed your directions and will be attaching the following logs -- in separate posts. SDFix, ComboFix, Hijackthis (fresh log).

I'll begin with the SDFix Log:


SDFix: Version 1.240
Run by Jason New on Thu 02/19/2009 at 07:30 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 20:42:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\aol.exe"="C:\\Program Files\\AOL 9.0\\aol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\MP3 Rocket\\MP3Rocket_on_startup.exe"="C:\\Program Files\\MP3 Rocket\\MP3Rocket_on_startup.exe:*:Enabled:MP3 Rocket (silent)"
"C:\\Program Files\\MP3 Rocket\\MP3Rocket.exe"="C:\\Program Files\\MP3 Rocket\\MP3Rocket.exe:*:Enabled:MP3 Rocket 4.9.12 PRO"
"C:\\Program Files\\MP3-Xtreme\\Shareaza.exe"="C:\\Program Files\\MP3-Xtreme\\Shareaza.exe:*:Enabled:MP3-Xtreme"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\AOL\\RC\\regclient.exe"="C:\\Program Files\\AOL\\RC\\regclient.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
"C:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL System Information"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

Remaining Files :



Files with Hidden Attributes :

Thu 19 Feb 2009 374,272 A.SH. --- "C:\WINDOWS\system32\2.tmp"
Thu 19 Feb 2009 374,272 A.SH. --- "C:\WINDOWS\system32\D.tmp"
Thu 15 Feb 2007 308,832 A..H. --- "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe"
Mon 19 Dec 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator EX 1.0\uinstrsc.dll"
Thu 5 Feb 2009 9,934,392 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe"
Tue 17 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 22 Feb 2007 362,264 A..H. --- "C:\Documents and Settings\Jason\Local Settings\Temp\AutoDetect.exe"
Tue 1 Jan 2008 29,696 A..H. --- "C:\Documents and Settings\Jason New\My Documents\General Physics\Creative Items\~WRL2104.tmp"
Tue 1 Jan 2008 46,080 A..H. --- "C:\Documents and Settings\Jason New\My Documents\General Physics\Creative Items\~WRL2663.tmp"

Finished!

Attached Files



#4 JMT856

JMT856
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 19 February 2009 - 09:30 PM

ComboFix Log:

ComboFix 09-02-18.01 - Jason New 2009-02-19 21:01:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.517 [GMT -5:00]
Running from: c:\documents and settings\Jason New\Desktop\ComboFix.exe
AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Outdated)
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\02000000bd9bfe61530C.manifest
c:\documents and settings\Administrator\Application Data\02000000bd9bfe61530O.manifest
c:\documents and settings\Administrator\Application Data\02000000bd9bfe61530P.manifest
c:\documents and settings\Administrator\Application Data\02000000bd9bfe61530S.manifest
c:\documents and settings\All Users\documents\setup.exe
c:\documents and settings\Chris\Application Data\02000000bd9bfe61530C.manifest
c:\documents and settings\Chris\Application Data\02000000bd9bfe61530O.manifest
c:\documents and settings\Chris\Application Data\02000000bd9bfe61530P.manifest
c:\documents and settings\Chris\Application Data\02000000bd9bfe61530S.manifest
c:\documents and settings\Jason New\Application Data\02000000bd9bfe61530C.manifest
c:\documents and settings\Jason New\Application Data\02000000bd9bfe61530O.manifest
c:\documents and settings\Jason New\Application Data\02000000bd9bfe61530P.manifest
c:\documents and settings\Jason New\Application Data\02000000bd9bfe61530S.manifest
c:\documents and settings\Jason\Application Data\02000000bd9bfe61530C.manifest
c:\documents and settings\Jason\Application Data\02000000bd9bfe61530O.manifest
c:\documents and settings\Jason\Application Data\02000000bd9bfe61530P.manifest
c:\documents and settings\Jason\Application Data\02000000bd9bfe61530S.manifest
c:\windows\GnuHashes.ini
c:\windows\IE4 Error Log.txt
c:\windows\system32\2.tmp
c:\windows\system32\D.tmp
c:\windows\system32\GroupPolicy000.dat
C:\xcrashdump.dat

.
((((((((((((((((((((((((( Files Created from 2009-01-20 to 2009-02-20 )))))))))))))))))))))))))))))))
.

2009-02-19 21:05 . 2009-02-19 21:05 374,272 --ahs---- c:\windows\system32\1.tmp
2009-02-19 19:27 . 2009-02-19 19:27 <DIR> d-------- c:\windows\ERUNT
2009-02-19 19:12 . 2009-02-19 20:44 <DIR> d-------- C:\SDFix
2009-02-17 17:18 . 2009-02-17 17:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Cad Zone
2009-02-17 17:06 . 2009-02-17 17:06 <DIR> d-------- C:\WCOMMS
2009-02-17 17:06 . 2009-02-17 17:06 77,824 --a------ c:\windows\system32\NWKL2_32.DLL
2009-02-17 17:06 . 2009-02-17 17:06 40,352 --a------ c:\windows\system32\drivers\Usbkey.sys
2009-02-17 17:06 . 2009-02-17 17:06 28,672 --a------ c:\windows\system32\KL2DLL32.DLL
2009-02-17 17:06 . 2009-02-17 17:06 24,136 --a------ c:\windows\system32\ppmon.exe
2009-02-17 17:06 . 2009-02-17 17:06 20,912 --a------ c:\windows\system32\drivers\parclass.sys
2009-02-17 17:06 . 2009-02-17 17:06 12,480 --a------ c:\windows\system32\KL2N.DLL
2009-02-17 17:06 . 2009-02-17 17:06 8,968 --a------ c:\windows\system32\KL2DLL.DLL
2009-02-17 17:06 . 2009-02-17 17:06 7,440 --a------ c:\windows\system32\ppmon.dll
2009-02-17 17:06 . 2009-02-17 17:06 5,164 --a------ C:\kl2log.htm
2009-02-17 17:06 . 2009-02-17 17:06 1 --a------ c:\windows\system32\onlylana.dat
2009-02-17 17:06 . 2009-02-17 17:06 0 --a------ c:\windows\system32\tcpipsvr.dat
2009-02-17 16:55 . 2006-11-30 16:24 86,016 --a------ c:\windows\system32\custmon32.dll
2009-02-17 16:54 . 2009-02-17 17:00 <DIR> d-------- c:\program files\CAD Zone
2009-02-17 16:53 . 2009-02-17 16:54 <DIR> d-------- c:\documents and settings\Jason New\Application Data\Canon
2009-02-17 15:30 . 2009-02-17 15:30 <DIR> d-------- c:\documents and settings\Jason New\Application Data\LimeWire
2009-02-17 11:55 . 2009-02-17 11:55 <DIR> d-------- c:\documents and settings\Jason New\Application Data\InstallShield
2009-02-17 02:07 . 2009-02-17 02:07 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-02-17 00:00 . 2009-02-17 00:00 <DIR> d-------- c:\program files\Panda Security
2009-02-17 00:00 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-02-16 22:47 . 2009-02-17 11:55 <DIR> d-------- c:\documents and settings\Jason New
2009-02-16 22:41 . 2009-02-16 22:41 230 --a------ c:\windows\system32\spupdsvc.inf
2009-02-15 13:31 . 2009-02-19 18:41 <DIR> d-------- C:\Netgear
2009-02-13 00:15 . 2009-02-15 15:54 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-13 00:14 . 2009-02-13 00:14 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-02-13 00:14 . 2009-02-13 00:14 <DIR> d-------- c:\documents and settings\Chris\Application Data\Malwarebytes
2009-02-12 20:06 . 2009-02-12 20:06 0 --a------ c:\windows\system32\53F.tmp
2009-02-12 00:01 . 2009-02-11 23:44 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-11 23:45 . 2009-02-11 23:42 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-11 23:38 . 2009-02-13 00:14 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-11 22:53 . 2009-02-12 00:11 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-11 22:53 . 2009-02-11 22:53 1,409 --a------ c:\windows\QTFont.for
2009-02-11 18:25 . 2009-02-11 18:25 4,128 --a------ C:\INFCACHE.1
2009-02-10 17:35 . 2009-02-10 17:35 <DIR> d-------- c:\documents and settings\Jason\Application Data\MixMeister Technology
2009-02-10 17:34 . 2009-02-13 00:12 <DIR> d-------- c:\program files\MixMeister Studio 7.2.2
2009-02-10 17:18 . 2009-02-10 17:19 <DIR> d--hs---- c:\windows\LocalPolicy
2009-02-10 16:36 . 2009-02-19 21:05 <DIR> d--hs---- c:\windows\system32\LocalService32
2009-02-10 16:36 . 2009-02-10 16:36 135,168 --a------ c:\windows\system32\gpkcsp32.dll
2009-02-07 04:00 . 2009-02-13 00:12 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-05 15:08 . 2009-02-05 15:08 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-05 15:00 . 2009-02-05 15:00 8,192 --ahs---- c:\windows\Thumbs.db
2009-02-05 14:56 . 2009-02-05 14:56 <DIR> d-------- c:\documents and settings\Chris\Application Data\MySpace
2009-02-04 09:39 . 2009-02-04 09:39 <DIR> d-------- c:\documents and settings\Jason\Application Data\MSNInstaller
2009-02-02 23:21 . 2009-02-02 23:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Dell
2009-02-02 23:13 . 2009-02-02 23:13 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-02 23:13 . 2009-02-02 23:13 <DIR> d-------- c:\documents and settings\Jason\Application Data\Malwarebytes
2009-02-02 23:13 . 2009-02-02 23:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-02 23:13 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-02 23:13 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-02 19:35 . 2005-06-01 00:28 9,606 --a------ c:\windows\system32\NEWSOFT
2009-02-02 19:35 . 2009-02-02 19:35 264 --a------ c:\windows\setup.iss
2009-02-02 19:34 . 2009-02-02 19:34 <DIR> d-------- c:\windows\system32\Color
2009-02-02 19:34 . 2009-02-02 19:34 <DIR> d-------- c:\program files\NewSoft
2009-02-02 19:34 . 2009-02-02 19:34 <DIR> d-------- c:\program files\Common Files\PDFView
2009-02-02 19:34 . 2009-02-02 19:34 <DIR> d-------- c:\program files\Common Files\NewSoft
2009-02-02 19:34 . 1997-10-14 05:19 11,776 --a------ c:\windows\system32\pmsbfn32.dll
2009-02-02 19:27 . 2009-02-02 19:27 <DIR> d-------- c:\program files\Common Files\ScanSoft Shared
2009-02-02 19:27 . 2009-02-02 19:27 <DIR> d-------- c:\documents and settings\Jason\Application Data\ScanSoft
2009-02-02 19:27 . 2009-02-02 19:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\ScanSoft
2009-02-02 19:27 . 2009-02-02 19:27 412 --a------ c:\windows\MAXLINK.INI
2009-02-02 19:26 . 2009-02-02 19:26 <DIR> d-------- c:\program files\ScanSoft
2009-02-02 19:22 . 2009-02-02 19:22 <DIR> d-------- c:\program files\Common Files\CANON
2009-02-02 19:18 . 2009-02-02 19:18 <DIR> d--h----- c:\windows\system32\CanonIJ Uninstaller Information
2009-02-02 19:18 . 2009-02-02 19:18 <DIR> d--h----- c:\program files\CanonBJ
2009-02-02 19:18 . 2009-02-02 19:18 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonBJ
2009-02-02 19:18 . 2007-03-23 11:30 1,400,832 --a------ c:\windows\system32\CNC300C.DLL
2009-02-02 19:18 . 2007-05-01 00:00 215,040 --a------ c:\windows\system32\CNMLM90.DLL
2009-02-02 19:18 . 2007-03-19 05:35 200,704 --a------ c:\windows\system32\CNC300L.DLL
2009-02-02 19:18 . 2007-03-15 09:12 188,416 --a------ c:\windows\system32\CNC300O.DLL
2009-02-02 19:18 . 2007-04-25 14:22 151,552 --a------ c:\windows\system32\CNCF2Lc.DLL
2009-02-02 19:18 . 2007-04-25 14:15 106,496 --a------ c:\windows\system32\CNCFMSc.EXE
2009-02-02 19:18 . 2007-03-23 11:29 98,304 --a------ c:\windows\system32\CNC300I.DLL
2009-02-02 19:18 . 2007-04-25 14:19 3,584 --a------ c:\windows\system32\CNCFLcUS.DLL
2009-02-02 19:18 . 2007-04-25 14:19 3,072 --a------ c:\windows\system32\CNCFLcJP.DLL
2009-02-02 19:17 . 2009-02-02 19:45 <DIR> d-------- c:\program files\Canon
2009-02-02 16:56 . 2004-08-04 00:56 21,504 --a------ c:\windows\system32\hidserv.dll
2009-02-02 16:56 . 2004-08-04 00:56 21,504 --a------ c:\windows\system32\dllcache\hidserv.dll
2009-01-21 02:17 . 2009-01-21 02:17 <DIR> d-------- c:\documents and settings\Chris\Application Data\AOL
2009-01-21 02:16 . 2009-01-21 02:16 <DIR> d-------- c:\documents and settings\Chris\Application Data\InstallShield
2009-01-21 02:15 . 2009-02-03 23:15 <DIR> d-------- c:\documents and settings\Chris

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-17 22:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-17 05:13 --------- d-----w c:\program files\Trend Micro
2009-02-13 05:14 --------- d-----w c:\program files\Lavasoft
2009-02-13 05:14 --------- d-----w c:\program files\Google
2009-02-13 05:14 --------- d-----w c:\program files\Common Files\AOL
2009-02-13 05:13 --------- d-----w c:\program files\VCW VicMan's Photo Editor
2009-02-13 05:11 --------- d-----w c:\program files\GemMaster
2009-02-12 05:17 --------- d-----w c:\documents and settings\Jason\Application Data\Roxio
2009-02-11 09:39 --------- d-----w c:\documents and settings\Jason\Application Data\LimeWire
2009-02-09 21:25 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-02-09 21:23 --------- d-----w c:\documents and settings\Jason\Application Data\AOL
2009-02-05 20:08 --------- d-----w c:\program files\Java
2009-02-05 20:00 --------- d-----w c:\program files\Windows Media Connect 2
2009-02-05 20:00 --------- d-----w c:\program files\RGB
2009-02-05 20:00 --------- d-----w c:\program files\NetWaiting
2009-02-05 20:00 --------- d-----w c:\program files\Modem Helper
2009-02-05 20:00 --------- d-----w c:\program files\Microsoft Works
2009-02-05 20:00 --------- d-----w c:\program files\LimeWire
2009-02-04 14:42 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-04 14:38 --------- d-----w c:\program files\Dell
2009-02-04 14:37 --------- d-----w c:\documents and settings\All Users\Application Data\Gtek
2008-10-15 21:21 87,232 ----a-w c:\documents and settings\Jason\Application Data\GDIPFONTCACHEV1.DAT
2007-05-21 10:38 44,624 ----a-w c:\documents and settings\Guest\atgpcdec.dll
2007-05-21 10:38 202,320 ----a-w c:\documents and settings\Guest\atcliun.exe
2007-05-21 10:38 112,208 ----a-w c:\documents and settings\Guest\atmgr.exe
2007-05-21 10:38 108,184 ----a-w c:\documents and settings\Guest\atgpcext.dll
2007-02-04 05:19 1,775,527 ----a-w c:\program files\up.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 c:\windows\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 1118208]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 86102]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-05 136600]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 198184]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-11 509784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 c:\windows\stsystra.exe]
"MBMon"="CTMBHA.DLL" [2006-06-29 c:\windows\system32\CTMBHA.DLL]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-02 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\9454bc73530]
2009-02-10 16:36 135168 c:\windows\system32\gpkcsp32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MP3 Rocket\\MP3Rocket_on_startup.exe"=
"c:\\Program Files\\MP3 Rocket\\MP3Rocket.exe"=
"c:\\Program Files\\MP3-Xtreme\\Shareaza.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8100:TCP"= 8100:TCP:Apache Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-11 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-17 28544]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-08-30 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-30 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-08-30 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-08-30 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-08-30 262215]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2007-12-27 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2007-12-27 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2007-12-27 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2007-12-27 59520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autorun.exe
\Shell\Install\command - bin\eva\evasetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-11 23:41]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe


.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061002
mStart Page = hxxp://www.comcast.net/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://url.adtrgt.com/cpv.jsp?p=111211&aid=7&partnerMin=0.001&ron=on&ronMin=0.0005&ip=75.136.193.158&context=ozilla+Firefox+Start+Page&url=http%253A%252F%252Fwww.google.com%252Ffirefox%253Fclient%253Dfirefox-a%2526rls%253Dorg.mozilla%253Aen-US%253Aofficial&selectedKeyword=google&selectedListingId=7412807
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Jason New\Application Data\Mozilla\Firefox\Profiles\hgdnzqkr.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 21:05:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\windows\System32\gpkcsp32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\docume~1\JASONN~1\LOCALS~1\temp\clclean.0001
c:\windows\ehome\ehmsas.exe
c:\program files\Dell AIO Printer A940\dlbabmon.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
.
**************************************************************************
.
Completion time: 2009-02-19 21:12:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-20 02:12:00

Pre-Run: 166,583,652,352 bytes free
Post-Run: 167,439,740,928 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

318 --- E O F --- 2009-02-20 00:19:53

Attached Files

  • Attached File  log.txt   22.8KB   5 downloads


#5 JMT856

JMT856
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 19 February 2009 - 09:32 PM

Hijackthis (fresh log) :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:50 PM, on 2/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\DOCUME~1\JASONN~1\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061002
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061002
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://url.adtrgt.com/cpv.jsp?p=111211&...stingId=7412807
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: 9454bc73530 - C:\WINDOWS\System32\gpkcsp32.dll
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 12534 bytes

Attached Files



#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 20 February 2009 - 05:38 AM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\system32\1.tmp
c:\windows\system32\gpkcsp32.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\9454bc73530]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 JMT856

JMT856
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 20 February 2009 - 04:37 PM

ComboFix 09-02-19.01 - Jason New 2009-02-20 16:17:08.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.113 [GMT -5:00]
Running from: c:\documents and settings\Jason New\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jason New\Desktop\CFScript.txt
AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Outdated)
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled*
* Created a new restore point

FILE ::
c:\windows\system32\1.tmp
c:\windows\system32\gpkcsp32.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jason New\Application Data\02000000bd9bfe61530C.manifest
c:\documents and settings\Jason New\Application Data\02000000bd9bfe61530O.manifest
c:\documents and settings\Jason New\Application Data\02000000bd9bfe61530P.manifest
c:\documents and settings\Jason New\Application Data\02000000bd9bfe61530S.manifest
c:\windows\GnuHashes.ini
c:\windows\system32\gpkcsp32.dll
c:\windows\system32\GroupPolicy000.dat

.
((((((((((((((((((((((((( Files Created from 2009-01-20 to 2009-02-20 )))))))))))))))))))))))))))))))
.

2009-02-20 15:28 . 2009-02-20 15:28 <DIR> d-------- c:\documents and settings\Jason New\Application Data\AdobeUM
2009-02-19 19:27 . 2009-02-19 19:27 <DIR> d-------- c:\windows\ERUNT
2009-02-19 19:12 . 2009-02-19 20:44 <DIR> d-------- C:\SDFix
2009-02-17 17:18 . 2009-02-17 17:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Cad Zone
2009-02-17 17:06 . 2009-02-17 17:06 <DIR> d-------- C:\WCOMMS
2009-02-17 17:06 . 2009-02-17 17:06 77,824 --a------ c:\windows\system32\NWKL2_32.DLL
2009-02-17 17:06 . 2009-02-17 17:06 40,352 --a------ c:\windows\system32\drivers\Usbkey.sys
2009-02-17 17:06 . 2009-02-17 17:06 28,672 --a------ c:\windows\system32\KL2DLL32.DLL
2009-02-17 17:06 . 2009-02-17 17:06 24,136 --a------ c:\windows\system32\ppmon.exe
2009-02-17 17:06 . 2009-02-17 17:06 20,912 --a------ c:\windows\system32\drivers\parclass.sys
2009-02-17 17:06 . 2009-02-17 17:06 12,480 --a------ c:\windows\system32\KL2N.DLL
2009-02-17 17:06 . 2009-02-17 17:06 8,968 --a------ c:\windows\system32\KL2DLL.DLL
2009-02-17 17:06 . 2009-02-17 17:06 7,440 --a------ c:\windows\system32\ppmon.dll
2009-02-17 17:06 . 2009-02-17 17:06 5,164 --a------ C:\kl2log.htm
2009-02-17 17:06 . 2009-02-17 17:06 1 --a------ c:\windows\system32\onlylana.dat
2009-02-17 17:06 . 2009-02-17 17:06 0 --a------ c:\windows\system32\tcpipsvr.dat
2009-02-17 16:55 . 2006-11-30 16:24 86,016 --a------ c:\windows\system32\custmon32.dll
2009-02-17 16:54 . 2009-02-17 17:00 <DIR> d-------- c:\program files\CAD Zone
2009-02-17 16:53 . 2009-02-17 16:54 <DIR> d-------- c:\documents and settings\Jason New\Application Data\Canon
2009-02-17 15:30 . 2009-02-17 15:30 <DIR> d-------- c:\documents and settings\Jason New\Application Data\LimeWire
2009-02-17 11:55 . 2009-02-17 11:55 <DIR> d-------- c:\documents and settings\Jason New\Application Data\InstallShield
2009-02-17 02:07 . 2009-02-17 02:07 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-02-17 00:00 . 2009-02-17 00:00 <DIR> d-------- c:\program files\Panda Security
2009-02-17 00:00 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-02-16 22:47 . 2009-02-20 00:11 <DIR> d-------- c:\documents and settings\Jason New
2009-02-16 22:41 . 2009-02-16 22:41 230 --a------ c:\windows\system32\spupdsvc.inf
2009-02-15 13:31 . 2009-02-19 18:41 <DIR> d-------- C:\Netgear
2009-02-13 00:15 . 2009-02-15 15:54 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-13 00:14 . 2009-02-13 00:14 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-02-13 00:14 . 2009-02-13 00:14 <DIR> d-------- c:\documents and settings\Chris\Application Data\Malwarebytes
2009-02-12 20:06 . 2009-02-12 20:06 0 --a------ c:\windows\system32\53F.tmp
2009-02-12 00:01 . 2009-02-11 23:44 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-11 23:45 . 2009-02-11 23:42 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-11 23:38 . 2009-02-13 00:14 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-11 22:53 . 2009-02-12 00:11 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-11 22:53 . 2009-02-11 22:53 1,409 --a------ c:\windows\QTFont.for
2009-02-11 18:25 . 2009-02-11 18:25 4,128 --a------ C:\INFCACHE.1
2009-02-10 17:35 . 2009-02-10 17:35 <DIR> d-------- c:\documents and settings\Jason\Application Data\MixMeister Technology
2009-02-10 17:34 . 2009-02-13 00:12 <DIR> d-------- c:\program files\MixMeister Studio 7.2.2
2009-02-10 17:18 . 2009-02-10 17:19 <DIR> d--hs---- c:\windows\LocalPolicy
2009-02-10 16:36 . 2009-02-19 21:05 <DIR> d--hs---- c:\windows\system32\LocalService32
2009-02-07 04:00 . 2009-02-13 00:12 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-05 15:08 . 2009-02-05 15:08 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-05 15:00 . 2009-02-05 15:00 8,192 --ahs---- c:\windows\Thumbs.db
2009-02-05 14:56 . 2009-02-05 14:56 <DIR> d-------- c:\documents and settings\Chris\Application Data\MySpace
2009-02-04 09:39 . 2009-02-04 09:39 <DIR> d-------- c:\documents and settings\Jason\Application Data\MSNInstaller
2009-02-02 23:21 . 2009-02-02 23:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Dell
2009-02-02 23:13 . 2009-02-02 23:13 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-02 23:13 . 2009-02-02 23:13 <DIR> d-------- c:\documents and settings\Jason\Application Data\Malwarebytes
2009-02-02 23:13 . 2009-02-02 23:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-02 23:13 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-02 23:13 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-02 19:35 . 2005-06-01 00:28 9,606 --a------ c:\windows\system32\NEWSOFT
2009-02-02 19:35 . 2009-02-02 19:35 264 --a------ c:\windows\setup.iss
2009-02-02 19:34 . 2009-02-02 19:34 <DIR> d-------- c:\windows\system32\Color
2009-02-02 19:34 . 2009-02-02 19:34 <DIR> d-------- c:\program files\NewSoft
2009-02-02 19:34 . 2009-02-02 19:34 <DIR> d-------- c:\program files\Common Files\PDFView
2009-02-02 19:34 . 2009-02-02 19:34 <DIR> d-------- c:\program files\Common Files\NewSoft
2009-02-02 19:34 . 1997-10-14 05:19 11,776 --a------ c:\windows\system32\pmsbfn32.dll
2009-02-02 19:27 . 2009-02-02 19:27 <DIR> d-------- c:\program files\Common Files\ScanSoft Shared
2009-02-02 19:27 . 2009-02-02 19:27 <DIR> d-------- c:\documents and settings\Jason\Application Data\ScanSoft
2009-02-02 19:27 . 2009-02-02 19:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\ScanSoft
2009-02-02 19:27 . 2009-02-02 19:27 412 --a------ c:\windows\MAXLINK.INI
2009-02-02 19:26 . 2009-02-02 19:26 <DIR> d-------- c:\program files\ScanSoft
2009-02-02 19:22 . 2009-02-02 19:22 <DIR> d-------- c:\program files\Common Files\CANON
2009-02-02 19:18 . 2009-02-02 19:18 <DIR> d--h----- c:\windows\system32\CanonIJ Uninstaller Information
2009-02-02 19:18 . 2009-02-02 19:18 <DIR> d--h----- c:\program files\CanonBJ
2009-02-02 19:18 . 2009-02-02 19:18 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonBJ
2009-02-02 19:18 . 2007-03-23 11:30 1,400,832 --a------ c:\windows\system32\CNC300C.DLL
2009-02-02 19:18 . 2007-05-01 00:00 215,040 --a------ c:\windows\system32\CNMLM90.DLL
2009-02-02 19:18 . 2007-03-19 05:35 200,704 --a------ c:\windows\system32\CNC300L.DLL
2009-02-02 19:18 . 2007-03-15 09:12 188,416 --a------ c:\windows\system32\CNC300O.DLL
2009-02-02 19:18 . 2007-04-25 14:22 151,552 --a------ c:\windows\system32\CNCF2Lc.DLL
2009-02-02 19:18 . 2007-04-25 14:15 106,496 --a------ c:\windows\system32\CNCFMSc.EXE
2009-02-02 19:18 . 2007-03-23 11:29 98,304 --a------ c:\windows\system32\CNC300I.DLL
2009-02-02 19:18 . 2007-04-25 14:19 3,584 --a------ c:\windows\system32\CNCFLcUS.DLL
2009-02-02 19:18 . 2007-04-25 14:19 3,072 --a------ c:\windows\system32\CNCFLcJP.DLL
2009-02-02 19:17 . 2009-02-02 19:45 <DIR> d-------- c:\program files\Canon
2009-02-02 16:56 . 2004-08-04 00:56 21,504 --a------ c:\windows\system32\hidserv.dll
2009-02-02 16:56 . 2004-08-04 00:56 21,504 --a------ c:\windows\system32\dllcache\hidserv.dll
2009-01-21 02:17 . 2009-01-21 02:17 <DIR> d-------- c:\documents and settings\Chris\Application Data\AOL
2009-01-21 02:16 . 2009-01-21 02:16 <DIR> d-------- c:\documents and settings\Chris\Application Data\InstallShield
2009-01-21 02:15 . 2009-02-03 23:15 <DIR> d-------- c:\documents and settings\Chris

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-17 22:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-17 05:13 --------- d-----w c:\program files\Trend Micro
2009-02-13 05:14 --------- d-----w c:\program files\Lavasoft
2009-02-13 05:14 --------- d-----w c:\program files\Google
2009-02-13 05:14 --------- d-----w c:\program files\Common Files\AOL
2009-02-13 05:13 --------- d-----w c:\program files\VCW VicMan's Photo Editor
2009-02-13 05:11 --------- d-----w c:\program files\GemMaster
2009-02-12 05:17 --------- d-----w c:\documents and settings\Jason\Application Data\Roxio
2009-02-11 09:39 --------- d-----w c:\documents and settings\Jason\Application Data\LimeWire
2009-02-09 21:25 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-02-09 21:23 --------- d-----w c:\documents and settings\Jason\Application Data\AOL
2009-02-05 20:08 --------- d-----w c:\program files\Java
2009-02-05 20:00 --------- d-----w c:\program files\Windows Media Connect 2
2009-02-05 20:00 --------- d-----w c:\program files\RGB
2009-02-05 20:00 --------- d-----w c:\program files\NetWaiting
2009-02-05 20:00 --------- d-----w c:\program files\Modem Helper
2009-02-05 20:00 --------- d-----w c:\program files\Microsoft Works
2009-02-05 20:00 --------- d-----w c:\program files\LimeWire
2009-02-04 14:42 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-04 14:38 --------- d-----w c:\program files\Dell
2009-02-04 14:37 --------- d-----w c:\documents and settings\All Users\Application Data\Gtek
2008-10-15 21:21 87,232 ----a-w c:\documents and settings\Jason\Application Data\GDIPFONTCACHEV1.DAT
2007-05-21 10:38 44,624 ----a-w c:\documents and settings\Guest\atgpcdec.dll
2007-05-21 10:38 202,320 ----a-w c:\documents and settings\Guest\atcliun.exe
2007-05-21 10:38 112,208 ----a-w c:\documents and settings\Guest\atmgr.exe
2007-05-21 10:38 108,184 ----a-w c:\documents and settings\Guest\atgpcext.dll
2007-02-04 05:19 1,775,527 ----a-w c:\program files\up.zip
.

((((((((((((((((((((((((((((( SnapShot@2009-02-19_21.11.13.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-20 21:23:57 16,384 ----atw c:\windows\temp\Perflib_Perfdata_414.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 c:\windows\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 1118208]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 86102]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-05 136600]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 198184]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-11 509784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 c:\windows\stsystra.exe]
"MBMon"="CTMBHA.DLL" [2006-06-29 c:\windows\system32\CTMBHA.DLL]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-02 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MP3 Rocket\\MP3Rocket_on_startup.exe"=
"c:\\Program Files\\MP3 Rocket\\MP3Rocket.exe"=
"c:\\Program Files\\MP3-Xtreme\\Shareaza.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8100:TCP"= 8100:TCP:Apache Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-11 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-17 28544]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-08-30 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-30 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-08-30 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-08-30 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-08-30 262215]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2007-12-27 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2007-12-27 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2007-12-27 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2007-12-27 59520]
.
Contents of the 'Scheduled Tasks' folder

2009-02-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-11 23:41]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061002
mStart Page = hxxp://www.comcast.net/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://url.adtrgt.com/cpv.jsp?p=111211&aid=7&partnerMin=0.001&ron=on&ronMin=0.0005&ip=75.136.193.158&context=ozilla+Firefox+Start+Page&url=http%253A%252F%252Fwww.google.com%252Ffirefox%253Fclient%253Dfirefox-a%2526rls%253Dorg.mozilla%253Aen-US%253Aofficial&selectedKeyword=google&selectedListingId=7412807
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Jason New\Application Data\Mozilla\Firefox\Profiles\hgdnzqkr.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-20 16:24:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\docume~1\JASONN~1\LOCALS~1\temp\clclean.0001
c:\program files\Dell AIO Printer A940\dlbabmon.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
.
**************************************************************************
.
Completion time: 2009-02-20 16:31:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-20 21:31:23
ComboFix2.txt 2009-02-20 02:12:07

Pre-Run: 167,414,296,576 bytes free
Post-Run: 167,395,926,016 bytes free

290 --- E O F --- 2009-02-20 00:19:53


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:13 PM, on 2/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\DOCUME~1\JASONN~1\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061002
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061002
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://url.adtrgt.com/cpv.jsp?p=111211&...stingId=7412807
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 12157 bytes

Attached Files



#8 JMT856

JMT856
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 20 February 2009 - 04:40 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:13 PM, on 2/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\DOCUME~1\JASONN~1\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061002
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061002
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://url.adtrgt.com/cpv.jsp?p=111211&...stingId=7412807
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 12157 bytes

Attached Files



#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 21 February 2009 - 12:34 AM

Please download CleanUp! by stevengould.org and save it to your Desktop.
  • Double-click CleanUp452.exe and install CleanUp! to your computer
  • Open CleanUp! and click on Options.. button.
  • Under General tab, choose Standard CleanUp! and then click Ok
  • Click on the CleanUp! button. When it asked you to logoff Windows, click on Yes
  • Let your Windows rebooted (or do it manually) and continue with the next step


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 JMT856

JMT856
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 24 February 2009 - 05:58 PM

fenzodahl512 --

WOW! What a HUGE difference this has made. My desktop hasn't ran this good since I bought it.

Many, many, many thanks for ALL of your help.

Jason

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 24 February 2009 - 09:44 PM

Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware



Read these links about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm



Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users