Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TROJ_VUNDO.ANL C:\WINDOWS\system32\qieqwven.dll


  • This topic is locked This topic is locked
41 replies to this topic

#1 dawn48137

dawn48137

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 28 April 2009 - 02:29 PM

This virus slipped through my trendmicro pcciliion internet security 12 and was unable to quarentine/clean. Also unable to manually delete it. It causes a blue sheild on my desktop taskbar to create pop ups and has slowed my computer down a lot. Included are the dds.txt, highjackthis log scan, and attached is the attach.txt. Thank you for all your help it is greatly appreciated!!

TROJ_VUNDO.ANL C:\WINDOWS\system32\qieqwven


DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by Dawn and Mike at 15:05:49.45 on Tue 04/28/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.653 [GMT -4:00]

AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Updated)
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Dawn and Mike\Local Settings\Temporary Internet Files\Content.IE5\HL7VP9W4\dds[1].scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://us.mc558.mail.yahoo.com/mc/showFolder?fid=Inbox&.rand=632552348&da=0
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by MySpace
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.myspace.com/
mStart Page = hxxp://www.myspace.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: {003edc54-4093-4fec-8653-b12c51713c6a} - c:\windows\system32\qieqwven.dll
BHO: {0075027a-ec38-4a36-b794-d04f499718d5} - c:\windows\system32\qieqwven.dll
BHO: {007db8a9-4093-4fec-8653-b12c51713c6a} - c:\windows\system32\qieqwven.dll
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: &Helper: {2e59498d-7e44-4452-9044-0973b080b9e8} - c:\windows\system32\wincontrol.dll
BHO: Surf Canyon Search Engine Assistant: {5ab7104a-b71f-49ad-9154-f7f8806ae848} - c:\program files\surf canyon\surfcanyon.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: BHO: {abd45510-9b22-41cd-9acd-8182a2da7c63} - c:\windows\system32\iehelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Browser Helper Object: {afd4ad01-58c1-47db-a404-fbe00a6c5486} - c:\program files\common\helper.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: : {f2e8e020-f91e-4a63-a75c-db28df616730} - c:\windows\system32\goqythk.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client for internet explorer\YontooIEClient.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [OE_OEM] "c:\program files\trend micro\internet security 12\tmas_oe\TMAS_OEMon.exe"
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [autochk] rundll32.exe c:\docume~1\networ~1\protect.dll,_IWMPEvents@16
uRun: [AdwareAlert] c:\program files\adwarealert\AdwareAlert.exe -boot
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 12\pccguide.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [BuildBU] c:\dell\bldbubg.exe
mRun: [DLCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCItime.dll,_RunDLLEntry@16
mRun: [dlcimon.exe] "c:\program files\dell aio printer 946\dlcimon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
mRun: [PAV] c:\program files\pav\pav.exe
StartupFolder: c:\documents and settings\dawn and mike\start menu\programs\startup\ChkDisk.dll
StartupFolder: c:\docume~1\dawnan~1\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm011RUUS
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226724229703
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Filter: text/html - {6345143a-d42e-47bf-ab2b-33fddad0e8cf} - c:\windows\system32\dsound3dd.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: yersrwuh - goqythk.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 snrconfn;snrconfn;c:\windows\system32\drivers\snrconfn.sys [2005-8-16 23424]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2009-3-21 28762]
S2 styikbjg;Software Bus Support;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-8-30 205328]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2005-8-30 290889]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2005-8-30 585792]
S2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-8-30 36368]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2005-8-30 262215]
S3 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]

=============== Created Last 30 ================

2009-04-27 21:09 <DIR> --d----- c:\docume~1\dawnan~1\applic~1\zjxenwne
2009-04-27 00:33 373,760 a------- c:\windows\system32\wincontrol.dll
2009-04-27 00:32 <DIR> --d----- c:\program files\common files\Uninstall
2009-04-27 00:32 <DIR> --d----- c:\program files\PAV
2009-04-25 19:28 <DIR> --d----- c:\docume~1\dawnan~1\applic~1\AdwareAlert
2009-04-25 19:28 <DIR> --d----- c:\program files\AdwareAlert
2009-04-23 23:27 <DIR> --d----- c:\docume~1\dawnan~1\applic~1\Desktopicon
2009-04-23 23:27 <DIR> --d----- c:\program files\Unlocker
2009-04-23 01:35 24,064 a--sh--- c:\documents and settings\dawn and mike\protect.dll
2009-04-23 01:35 24,064 a--sh--- c:\windows\system32\autochk.dll
2009-04-23 01:35 <DIR> --dsh--- c:\windows\system32\lowsec
2009-04-22 15:31 314,880 a--sh--- C:\ehthumbs.db
2009-04-17 19:08 <DIR> --d----- c:\docume~1\dawnan~1\applic~1\Windows Search
2009-04-16 22:53 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-16 22:53 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-16 22:53 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-16 22:53 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-04-16 22:53 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-16 22:53 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 22:53 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 22:53 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 22:53 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-16 22:53 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-16 22:52 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 22:52 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-16 22:52 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-04 00:48 <DIR> --d----- c:\docume~1\dawnan~1\applic~1\WildTangent
2009-04-04 00:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WildTangent

==================== Find3M ====================

2009-04-19 19:30 1,138 a------- c:\docume~1\dawnan~1\applic~1\wklnhst.dat
2009-03-21 23:59 28,672 a------- c:\windows\system32\f3PSSavr.scr
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-12 17:56 14,336 a------- c:\windows\system32\svchost.exe
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 a------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 06:20 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 06:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 01:14 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 403,968 a----r-- c:\windows\system32\sdra64.exe
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 07:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 07:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 06:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 06:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 15:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2008-10-02 13:06 61,224 a------- c:\documents and settings\dawn and mike\GoToAssistDownloadHelper.exe
2008-11-20 01:15 88 ---shr-- c:\windows\system32\D92C754414.sys
2008-11-20 01:15 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-10-14 23:36 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092920081006\index.dat
2008-10-14 23:36 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101420081015\index.dat

============= FINISH: 15:06:16.07 ===============

HERE IS MY SCAN FROM HIGHJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:19 AM, on 4/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\DAWNAN~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\EEDPOPLR\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mc558.mail.yahoo.com/mc/showFold...552348&da=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MySpace
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 www.antiwareprotect.com
O2 - BHO: (no name) - {007DB8A9-4093-4FEC-8653-B12C51713C6a} - C:\WINDOWS\system32\qieqwven.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: &Helper - {2E59498D-7E44-4452-9044-0973B080B9E8} - C:\WINDOWS\system32\wincontrol.dll
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: BHO - {ABD45510-9B22-41cd-9ACD-8182A2DA7C63} - C:\WINDOWS\system32\iehelper.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\helper.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {F2E8E020-F91E-4A63-A75C-DB28DF616730} - c:\windows\system32\goqythk.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcimon.exe] "C:\Program Files\Dell AIO Printer 946\dlcimon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKLM\..\Run: [PAV] C:\Program Files\PAV\pav.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\NETWOR~1\protect.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm011RUUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {E1CC21B1-A5FB-466e-A82D-86701EA75256} - C:\Program Files\Surf Canyon\surfcanyon.dll (HKCU)
O9 - Extra 'Tools' menuitem: Surf Canyon Options - {E1CC21B1-A5FB-466e-A82D-86701EA75256} - C:\Program Files\Surf Canyon\surfcanyon.dll (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1226724229703
O18 - Filter hijack: text/html - {6345143a-d42e-47bf-ab2b-33fddad0e8cf} - C:\WINDOWS\system32\dsound3dd.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O20 - Winlogon Notify: yersrwuh - C:\WINDOWS\SYSTEM32\goqythk.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: COM+ System Application (COMSysApp) - CMD Technology, Inc. - (no file)
O23 - Service: dlci_device - - C:\WINDOWS\system32\dlcicoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 11684 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:12:12 PM

Posted 28 April 2009 - 11:01 PM

Hello, dawn48137.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Also, you may want to consider tracking this topic by either adding it to your favourites or clicking the Options button at the top of this thread.

Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your next reply, please include the following:
  • RSIT Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 dawn48137

dawn48137
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 29 April 2009 - 03:15 PM

Hi!! here are the log and info. Thank you for all your help!! I really appreciate it!!
Dawn

HERE IS THE LOG:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dawn and Mike at 2009-04-29 14:59:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 127 GB (86%) free of 147 GB
Total RAM: 1022 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:00:02 PM, on 4/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\common files\mozilla shared\firefox.exe
C:\Documents and Settings\Dawn and Mike\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Dawn and Mike.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mc558.mail.yahoo.com/mc/showFold...552348&da=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MySpace
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 www.antiwareprotect.com
O2 - BHO: (no name) - {003EDC54-4093-4FEC-8653-B12C51713C6a} - C:\WINDOWS\system32\qieqwven.dll
O2 - BHO: (no name) - {0075027A-EC38-4A36-B794-D04F499718D5} - C:\WINDOWS\system32\qieqwven.dll
O2 - BHO: (no name) - {007DB8A9-4093-4FEC-8653-B12C51713C6a} - C:\WINDOWS\system32\qieqwven.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: &Helper - {2E59498D-7E44-4452-9044-0973B080B9E8} - C:\WINDOWS\system32\wincontrol.dll
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: BHO - {ABD45510-9B22-41cd-9ACD-8182A2DA7C63} - C:\WINDOWS\system32\iehelper.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\helper.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {F2E8E020-F91E-4A63-A75C-DB28DF616730} - c:\windows\system32\goqythk.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcimon.exe] "C:\Program Files\Dell AIO Printer 946\dlcimon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKLM\..\Run: [PAV] C:\Program Files\PAV\pav.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\NETWOR~1\protect.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm011RUUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {E1CC21B1-A5FB-466e-A82D-86701EA75256} - C:\Program Files\Surf Canyon\surfcanyon.dll (HKCU)
O9 - Extra 'Tools' menuitem: Surf Canyon Options - {E1CC21B1-A5FB-466e-A82D-86701EA75256} - C:\Program Files\Surf Canyon\surfcanyon.dll (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1226724229703
O18 - Filter hijack: text/html - {6345143a-d42e-47bf-ab2b-33fddad0e8cf} - C:\WINDOWS\system32\dsound3dd.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O20 - Winlogon Notify: yersrwuh - C:\WINDOWS\SYSTEM32\goqythk.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: COM+ System Application (COMSysApp) - CMD Technology, Inc. - (no file)
O23 - Service: dlci_device - - C:\WINDOWS\system32\dlcicoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 11941 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AdwareAlert Scheduled Scan.job
C:\WINDOWS\tasks\At1.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{003EDC54-4093-4FEC-8653-B12C51713C6a}]
C:\WINDOWS\system32\qieqwven.dll [2004-08-10 143872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0075027A-EC38-4A36-B794-D04F499718D5}]
C:\WINDOWS\system32\qieqwven.dll [2004-08-10 143872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{007DB8A9-4093-4FEC-8653-B12C51713C6a}]
C:\WINDOWS\system32\qieqwven.dll [2004-08-10 143872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL [2009-03-21 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2009-03-21 434271]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E59498D-7E44-4452-9044-0973B080B9E8}]
&Helper - C:\WINDOWS\system32\wincontrol.dll [2009-04-27 373760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}]
Surf Canyon Search Engine Assistant - C:\Program Files\Surf Canyon\surfcanyon.dll [2008-08-14 151552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-27 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD45510-9B22-41cd-9ACD-8182A2DA7C63}]
BHO - C:\WINDOWS\system32\iehelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-17 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}]
Browser Helper Object - C:\Program Files\Common\helper.dll [2009-04-20 294924]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-27 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-07-26 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2E8E020-F91E-4A63-A75C-DB28DF616730}]
c:\windows\system32\goqythk.dll [2004-08-10 103424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
Yontoo Layers - C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll [2008-10-01 192960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2009-03-21 434271]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-27 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-02-10 282624]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"pccguide.exe"=C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe [2005-08-30 823362]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2006-09-05 169984]
"BuildBU"=c:\dell\bldbubg.exe [2006-09-05 61440]
"DLCICATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16 []
"dlcimon.exe"=C:\Program Files\Dell AIO Printer 946\dlcimon.exe [2006-02-13 430080]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-05 98304]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-09-24 206064]
"MyWebSearch Plugin"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF []
"My Web Search Bar Search Scope Monitor"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe [2009-03-21 24688]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2009-03-21 32838]
"NapsterShell"=C:\Program Files\Napster\napster.exe /systray []
"autochk"=C:\WINDOWS\system32\autochk.dll [2009-04-23 24064]
"PAV"=C:\Program Files\PAV\pav.exe [2009-04-27 1052672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"=C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe [2006-04-11 176201]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-26 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2009-03-21 32838]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"autochk"=C:\DOCUME~1\NETWOR~1\protect.dll [2009-04-28 24064]
"AdwareAlert"=C:\Program Files\AdwareAlert\AdwareAlert.exe [2009-04-23 9097216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Dawn and Mike\Start Menu\Programs\Startup
ChkDisk.dll
ChkDisk.lnk - C:\WINDOWS\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-10-02 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yersrwuh]
C:\WINDOWS\system32\goqythk.dll [2004-08-10 103424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe


======List of files/folders created in the last 1 months======

2009-04-29 14:59:55 ----D---- C:\rsit
2009-04-29 14:56:35 ----D---- C:\Documents and Settings\Dawn and Mike\Application Data\zjxenwne
2009-04-28 09:32:35 ----SHD---- C:\WINDOWS\CSC
2009-04-27 00:33:03 ----A---- C:\WINDOWS\system32\wincontrol.dll
2009-04-27 00:32:56 ----D---- C:\Program Files\Common Files\Uninstall
2009-04-27 00:32:45 ----D---- C:\Program Files\PAV
2009-04-25 19:28:19 ----D---- C:\Documents and Settings\Dawn and Mike\Application Data\AdwareAlert
2009-04-25 19:28:15 ----D---- C:\Program Files\AdwareAlert
2009-04-25 08:11:44 ----D---- C:\Documents and Settings\Dawn and Mike\Application Data\Mozilla
2009-04-23 23:27:03 ----D---- C:\Documents and Settings\Dawn and Mike\Application Data\Desktopicon
2009-04-23 23:27:02 ----D---- C:\Program Files\Unlocker
2009-04-23 21:10:33 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-23 01:35:46 ----ASH---- C:\WINDOWS\system32\autochk.dll
2009-04-23 01:35:36 ----SHD---- C:\WINDOWS\system32\lowsec
2009-04-22 13:30:37 ----D---- C:\Documents and Settings\Dawn and Mike\Application Data\Help
2009-04-17 19:08:39 ----D---- C:\Documents and Settings\Dawn and Mike\Application Data\Windows Search
2009-04-17 05:44:12 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-17 05:44:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-17 05:38:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-17 05:37:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-17 05:37:06 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-17 05:36:50 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-16 22:52:33 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-04 00:48:18 ----D---- C:\Documents and Settings\Dawn and Mike\Application Data\WildTangent
2009-04-04 00:47:57 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent

======List of files/folders modified in the last 1 months======

2009-04-29 15:00:02 ----D---- C:\Program Files\Trend Micro
2009-04-28 15:51:48 ----D---- C:\WINDOWS\system32
2009-04-28 15:49:51 ----D---- C:\Documents and Settings\All Users\Application Data\Napster
2009-04-28 15:48:27 ----D---- C:\WINDOWS
2009-04-28 14:39:36 ----D---- C:\WINDOWS\system32\Restore
2009-04-28 13:56:29 ----SHD---- C:\System Volume Information
2009-04-28 13:55:35 ----D---- C:\WINDOWS\Prefetch
2009-04-28 13:55:24 ----D---- C:\WINDOWS\system32\drivers
2009-04-28 13:55:05 ----D---- C:\Program Files\Dl_cats
2009-04-28 13:54:48 ----D---- C:\WINDOWS\Temp
2009-04-28 13:54:31 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-28 13:54:27 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-04-28 12:28:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-27 20:47:40 ----SHD---- C:\WINDOWS\Installer
2009-04-27 08:26:44 ----D---- C:\Documents and Settings\Dawn and Mike\Application Data\Move Networks
2009-04-27 00:47:24 ----D---- C:\WINDOWS\Registration
2009-04-27 00:32:56 ----D---- C:\Program Files\Common Files
2009-04-27 00:32:45 ----D---- C:\Program Files
2009-04-25 19:37:09 ----D---- C:\WINDOWS\system32\config
2009-04-25 19:36:47 ----D---- C:\WINDOWS\system32\wbem
2009-04-25 19:29:07 ----D---- C:\Config.Msi
2009-04-25 19:28:20 ----SD---- C:\WINDOWS\Tasks
2009-04-23 21:55:28 ----D---- C:\WINDOWS\Help
2009-04-23 21:09:21 ----D---- C:\WINDOWS\security
2009-04-23 19:56:33 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-04-22 15:31:58 ----D---- C:\Temp
2009-04-22 13:40:37 ----N---- C:\WINDOWS\system.ini
2009-04-22 12:20:47 ----HD---- C:\WINDOWS\inf
2009-04-18 00:55:07 ----D---- C:\Program Files\Common
2009-04-17 15:56:52 ----D---- C:\Program Files\Internet Explorer
2009-04-17 15:56:51 ----D---- C:\WINDOWS\AppPatch
2009-04-17 05:44:18 ----A---- C:\WINDOWS\imsins.BAK
2009-04-17 05:44:15 ----D---- C:\WINDOWS\system32\dllcache
2009-04-17 05:43:54 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-17 05:43:34 ----D---- C:\WINDOWS\system32\en-US
2009-04-17 05:43:08 ----D---- C:\WINDOWS\ie7updates
2009-04-17 05:39:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-17 05:37:58 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-17 05:37:42 ----D---- C:\Program Files\Microsoft ActiveSync
2009-04-06 10:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-04 16:41:22 ----D---- C:\Documents and Settings\Dawn and Mike\Application Data\LimeWire

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\System32\Drivers\tmtdi.sys [2005-08-30 38528]
S2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-09-05 8552]
S2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
S2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
S2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
S2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
S2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
S2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
S2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
S2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
S2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
S2 tm_cfw;Common Firewall Driver; C:\WINDOWS\System32\Drivers\tm_cfw.sys [2005-08-30 1884585]
S2 Tmfilter;Tmfilter; C:\WINDOWS\system32\drivers\TmXPFlt.sys [2008-11-26 205328]
S2 Tmpreflt;Tmpreflt; C:\WINDOWS\system32\drivers\Tmpreflt.sys [2008-11-26 36368]
S2 Vsapint;Vsapint; C:\WINDOWS\system32\drivers\Vsapint.sys [2008-11-26 1195384]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-02-10 1107224]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sfc;sfc; C:\WINDOWS\system32\drivers\sfc.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2004-04-07 1135728]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
S2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
S2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
S2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [2009-03-21 28762]
S2 PcCtlCom;Trend Micro Central Control Component; C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe [2006-09-04 880722]
S2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-09-24 201968]
S2 styikbjg;Software Bus Support; C:\WINDOWS\System32\svchost.exe [2009-03-12 14336]
S2 Tmntsrv;Trend Micro Real-time Service; C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-30 290889]
S2 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-08-30 585792]
S2 tmproxy;Trend Micro Proxy Service; C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-08-30 262215]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
S2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-03-12 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 dlci_device;dlci_device; C:\WINDOWS\system32\dlcicoms.exe [2006-05-11 491520]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 GameConsoleService;GameConsoleService; C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe [2008-01-08 181784]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2008-10-02 16680]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-27 182768]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2009-03-12 14336]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]

-----------------EOF-----------------


AND HERE IS THE INFO:

info.txt logfile of random's system information tool 1.06 2009-04-29 15:00:06

======Uninstall list======

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}
-->MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
946plc32-->MsiExec.exe /I{8D98AF9A-96B2-42B9-A509-46B9A48DA7AD}
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
AdwareAlert-->MsiExec.exe /X{7DA4213B-9FAF-48D9-BE27-E1FAAB66ABDC}
America Online (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20040229.1 en)-->C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Connectivity Services-->C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BearShare-->C:\Program Files\BearShare Applications\BearShare\UninstallSurvey.exe C:\Program Files\BearShare Applications\BearShare\UnwiseLauncher.exe /A C:\PROGRA~1\BEARSH~1\BEARSH~1\INSTALL.LOG
Big Buck Hunter-->C:\Program Files\InstallShield Installation Information\{5834E709-59A7-40CC-B3FF-9EF7E2E22D85}\Setup.exe -runfromtemp -l0x0009 -removeonly
Blackhawk Striker 2-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\C0A0AA4D-C79B-48CA-8843-2B02B626C9E6\Uninstall.exe"
Blue's 123 Time Activities-->C:\WINDOWS\IsUninst.exe -fc:\hegames\Blues123\Uninst.isu -c"c:\hegames\Blues123\Uninst.dll
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell AIO Printer 946-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlciUNST.EXE -NOLICENSE
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Game Console-->"C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Disney's Mickey Mouse Kindergarten-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Disney Interactive\Mickey Mouse Kindergarten\DeIsL1.isu" -c"C:\Program Files\Disney Interactive\Mickey Mouse Kindergarten\Saved Games\Uninst.dll
Disney's Winnie the Pooh Kindergarten-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3EF1460-CCF9-11D4-B231-0050DACD394D}\setup.exe" Uninstall
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
Dreamship Tales-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Dreamship Tales\Uninstall.xml"
EarthLink setup files-->MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon-->MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Get High Speed Internet!-->MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Documents and Settings\Dawn and Mike\Local Settings\Temporary Internet Files\Content.IE5\XSENRBEO\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® PROSet for Wired Connections-->MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
Internet Service Offers Launcher-->MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Standard 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM VERSION=11
Microsoft Encarta Encyclopedia Standard 2006-->MsiExec.exe /I{06040048-3E21-46D6-9A91-D927BA08F41D}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Streets & Trips 2006-->MsiExec.exe /I{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works Suite 2006 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP D:\
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
My Web Search (Webfetti)-->rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll,O
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NetZeroInstallers-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Oregon Trail 5-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Oregon Trail 5\Uninstall.xml"
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Print to Fax-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Reader Rabbit Learn To Read With Phonics-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Reader Rabbit Learn To Read With Phonics\Uninstall.xml"
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Search Assist-->MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WIN

#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:12:12 PM

Posted 29 April 2009 - 06:10 PM

Hello, dawn48137.
Download and Run ComboFix (by sUBs)

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware. Click 'No' to exit

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply, please include the following:
  • ComboFix.txt
  • Fresh HijackThis Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 dawn48137

dawn48137
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 02 May 2009 - 09:16 AM

hey I'n wondering why my last post about the combo fix log/highjack new log isn't posted. I did those last wed. I may have sent them in a personal message and on the forum too. Should I do it all over again?? How irritating!!

#6 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:12:12 PM

Posted 02 May 2009 - 01:09 PM

Hi dawn48137
Couple of things:
1. For the rest of the procedures for the fix, please copy and paste the logs into the thread (yes, it may seem like a really long post, but we're used to it :thumbup2:)

2.No, you do not need to run the tools again, if the logs are generated.
Your combofix log is located at C:\ComboFix.txt
Your Hijackthis log is usually located at C:\Program Files\TrendMicro\HijackThis\hijackthis.log

If you can't find your HJT log, feel free to generate another one (it should take in the order of 30 seconds to create another one). Please do not re-run combofix. If you can't find your combofix log, let me know.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#7 dawn48137

dawn48137
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 02 May 2009 - 01:30 PM

I just re-downloaded combofix and re-scanned, because I didn't get your message till just now. Here are brand new combofix log and highjack log. Thanks so much for your help!!!

ComboFix 09-05-02.4 - Dawn and Mike 05/02/2009 14:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.602 [GMT -4:00]
Running from: c:\documents and settings\Dawn and Mike\Desktop\ComboFix2.exe
AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Updated)
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\UACreexgfvxtufrrnr.sys
c:\windows\system32\UACcahuujpyyhiusqo.log
c:\windows\system32\UACdjklthqfoovyxwp.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkshprkstbcvdykw.log
c:\windows\system32\UACsimthnkhtsdsamf.log
c:\windows\system32\UACstjcfmllhhvmpfw.dll
c:\windows\system32\UACsxdqymqvdkrilln.dat
c:\windows\system32\UACtlcewkmivoiswkb.dll
c:\windows\system32\UACxdapjwrxylnbobt.dll
c:\windows\system32\UACxxrmjnvxpeuysei.dll
c:\windows\system32\qieqwven.dll . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_SFC


((((((((((((((((((((((((( Files Created from 2009-04-02 to 2009-05-02 )))))))))))))))))))))))))))))))
.

2009-04-29 19:27 . 2009-04-29 19:27 -------- d-----w c:\documents and settings\Dawn and Mike\Application Data\zjxenwne
2009-04-29 19:27 . 2009-04-29 19:27 -------- d-----w c:\documents and settings\Dawn and Mike\Local Settings\Application Data\zjxenwne
2009-04-29 18:59 . 2009-04-29 19:00 -------- d-----w C:\rsit
2009-04-28 01:05 . 2009-04-28 01:05 -------- d-----w c:\documents and settings\NetworkService\Application Data\zjxenwne
2009-04-28 01:05 . 2009-04-28 01:05 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\zjxenwne
2009-04-27 04:32 . 2009-04-27 04:32 -------- d-----w c:\program files\Common Files\Uninstall
2009-04-27 04:32 . 2009-04-27 04:32 -------- d-----w c:\program files\PAV
2009-04-25 23:28 . 2009-04-25 23:28 -------- d-----w c:\documents and settings\Dawn and Mike\Application Data\AdwareAlert
2009-04-25 23:28 . 2009-04-25 23:29 -------- d-----w c:\program files\AdwareAlert
2009-04-24 03:27 . 2009-04-24 03:27 -------- d-----w c:\documents and settings\Dawn and Mike\Application Data\Desktopicon
2009-04-24 03:27 . 2009-04-24 03:27 -------- d-----w c:\program files\Unlocker
2009-04-24 01:55 . 2009-04-24 01:55 -------- d-----w c:\documents and settings\Dawn and Mike\Local Settings\Application Data\Help
2009-04-23 08:05 . 2009-04-23 08:05 -------- d-----w c:\documents and settings\Joey and Evan.WUBZY\Application Data\zjxenwne
2009-04-23 08:05 . 2009-04-23 08:05 -------- d-----w c:\documents and settings\Joey and Evan.WUBZY\Local Settings\Application Data\zjxenwne
2009-04-17 23:08 . 2009-04-17 23:08 -------- d-----w c:\documents and settings\Dawn and Mike\Application Data\Windows Search
2009-04-17 02:53 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-17 02:53 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-17 02:53 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 02:53 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-17 02:53 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 02:53 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 02:53 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 02:53 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 02:53 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 02:53 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 02:52 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-17 02:52 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-06 12:28 . 2009-04-22 20:05 -------- d-----w c:\documents and settings\Joey and Evan.WUBZY\Application Data\Move Networks
2009-04-04 22:06 . 2009-04-04 22:06 -------- d-----w c:\documents and settings\Joey and Evan.WUBZY\Application Data\Sonic
2009-04-04 22:06 . 2009-04-04 22:06 -------- d-----w c:\documents and settings\Joey and Evan.WUBZY\Application Data\Leadertech
2009-04-04 04:48 . 2009-04-04 04:48 -------- d-----w c:\documents and settings\Dawn and Mike\Application Data\WildTangent
2009-04-04 04:47 . 2009-04-04 04:48 -------- d-----w c:\documents and settings\All Users\Application Data\WildTangent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 18:17 . 2009-04-25 23:28 512 ----a-w c:\windows\Tasks\AdwareAlert Scheduled Scan.job
2009-05-02 18:17 . 2008-10-02 17:09 -------- d-----w c:\program files\Dl_cats
2009-05-02 18:16 . 2005-08-16 08:49 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-04-29 19:46 . 2008-10-07 14:02 1294 ----a-w c:\documents and settings\Dawn and Mike\Application Data\wklnhst.dat
2009-04-29 19:30 . 2005-08-16 08:18 143872 ----a-w c:\windows\system32\qieqwven.dll
2009-04-29 19:30 . 2005-08-16 08:18 103424 ----a-w c:\windows\system32\qqqbwjj.dll
2009-04-29 19:28 . 2009-02-27 14:23 -------- d-----w c:\program files\Common
2009-04-29 19:00 . 2006-09-05 18:30 -------- d-----w c:\program files\Trend Micro
2009-04-26 23:40 . 2009-04-23 05:35 434 ----a-w c:\windows\Tasks\At1.job
2009-04-22 18:17 . 2008-10-27 20:04 142 ----a-w c:\documents and settings\Joey and Evan.WUBZY\Local Settings\Application Data\fusioncache.dat
2009-04-17 09:37 . 2006-09-05 18:32 -------- d-----w c:\program files\Microsoft ActiveSync
2009-03-29 16:13 . 2008-11-18 17:26 -------- d-----w c:\program files\LimeWire
2009-03-24 23:28 . 2008-10-03 20:30 69840 ----a-w c:\documents and settings\Dawn and Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-24 02:10 . 2009-03-24 02:10 -------- d-----w c:\program files\Common Files\Napster Shared
2009-03-24 02:10 . 2006-09-05 18:23 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-03-24 02:10 . 2006-09-05 18:22 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-23 23:46 . 2009-03-23 23:46 -------- d-----w c:\program files\Sony
2009-03-20 16:10 . 2009-03-20 16:10 -------- d-----w c:\program files\Yontoo Layers Client for Internet Explorer
2009-03-17 16:02 . 2009-03-17 16:02 315 ----a-w c:\windows\EReg515.dat
2009-03-17 16:01 . 2008-10-14 18:04 -------- d-----w c:\program files\Disney Interactive
2009-03-13 14:57 . 2009-03-13 14:57 -------- d-----w c:\program files\Windows Desktop Search
2009-03-13 14:49 . 2008-11-17 02:51 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-12 22:09 . 2009-03-12 20:18 386 --s-a-w c:\windows\system32\2705650917.dat
2009-03-12 21:56 . 2005-08-16 08:18 14336 ----a-w c:\windows\system32\svchost.exe
2009-03-12 04:59 . 2009-03-12 04:58 -------- d-----w c:\program files\BearShare Applications
2009-03-06 14:22 . 2005-08-16 08:18 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2005-08-16 08:18 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2009-03-13 05:23 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2005-08-16 08:18 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2005-08-16 08:18 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2005-08-16 08:18 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2005-08-16 08:18 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2005-08-16 08:18 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2005-08-16 08:18 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2005-08-16 08:18 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2005-08-16 08:18 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-04 02:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2005-08-16 08:18 56832 ----a-w c:\windows\system32\secur32.dll
2008-11-20 05:15 . 2008-11-13 19:40 88 --sh--r c:\windows\system32\D92C754414.sys
2008-11-20 05:15 . 2008-11-13 19:40 3350 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-04-29_19.34.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-02 16:54 . 2009-04-30 18:59 81920 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-02 16:54 . 2009-04-29 18:50 81920 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-02 16:54 . 2009-04-30 18:59 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-10-02 16:54 . 2009-04-29 18:50 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-02 16:54 . 2009-04-30 18:59 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-10-02 16:54 . 2009-04-29 18:50 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{003EDC54-4093-4FEC-8653-B12C51713C6a}]
2009-04-29 19:30 143872 ----a-w c:\windows\system32\qieqwven.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0075027A-EC38-4A36-B794-D04F499718D5}]
2009-04-29 19:30 143872 ----a-w c:\windows\system32\qieqwven.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{007DB8A9-4093-4FEC-8653-B12C51713C6a}]
2009-04-29 19:30 143872 ----a-w c:\windows\system32\qieqwven.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
2009-04-28 00:37 470512 ----a-w c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
2006-07-26 21:05 94208 ----a-w c:\program files\BAE\BAE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2E8E020-F91E-4A63-A75C-DB28DF616730}]
2004-08-10 09:00 103424 ----a-w c:\windows\system32\goqythk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2008-10-01 07:40 192960 ------w c:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-26 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"AdwareAlert"="c:\program files\AdwareAlert\AdwareAlert.exe" [2009-04-23 9097216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-09-05 169984]
"BuildBU"="c:\dell\bldbubg.exe" [2006-09-05 61440]
"DLCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-02-24 73728]
"dlcimon.exe"="c:\program files\Dell AIO Printer 946\dlcimon.exe" [2006-02-14 430080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-05 98304]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-09-24 206064]
"PAV"="c:\program files\PAV\pav.exe" [2009-04-27 1052672]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-02-10 282624]

c:\documents and settings\Joey and Evan.WUBZY\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-5 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - c:\windows\system32\webcheck.dll [2009-02-20 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-02 17:07 10536 ----a-w c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service
"34315:TCP"= 34315:TCP:*:Disabled:@xpsp2res.dll,-22009
"62200:TCP"= 62200:TCP:*:Disabled:@xpsp2res.dll,-22009
"4517:TCP"= 4517:TCP:*:Disabled:@xpsp2res.dll,-22009
"60073:TCP"= 60073:TCP:@xpsp2res.dll,-22009
"34724:TCP"= 34724:TCP:@xpsp2res.dll,-22009

S0 snrconfn;snrconfn;c:\windows\system32\drivers\snrconfn.sys [2004-08-10 23424]
S2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2008-11-26 205328]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-30 290889]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-08-30 585792]
S2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys [2008-11-26 36368]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-08-30 262215]
S3 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe [2006-05-11 491520]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-02 c:\windows\Tasks\AdwareAlert Scheduled Scan.job
- c:\program files\AdwareAlert\AdwareAlert.exe [2009-04-23 11:09]

2009-05-02 c:\windows\Tasks\At1.job
- c:\windows\system32\goqythk.dll [2005-08-16 09:00]
.
- - - - ORPHANS REMOVED - - - -

SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mc558.mail.yahoo.com/mc/showFolder?fid=Inbox&.rand=632552348&da=0
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.myspace.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm011RUUS
IE: {{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
IE: {{B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
IE: {{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-02 14:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(1356)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\searchindexer.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\Common Files\InstallShield\UpdateService\agent.exe
c:\windows\system32\wscript.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-05-02 14:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-02 18:20
ComboFix2.txt 2009-04-29 19:39

Pre-Run: 135,101,501,440 bytes free
Post-Run: 135,995,568,128 bytes free

295 --- E O F --- 2009-04-17 09:44




HERE IS THE HIGHJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:11 PM, on 5/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Dawn and Mike\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mc558.mail.yahoo.com/mc/showFold...552348&da=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: (no name) - {003EDC54-4093-4FEC-8653-B12C51713C6a} - C:\WINDOWS\system32\qieqwven.dll
O2 - BHO: (no name) - {0075027A-EC38-4A36-B794-D04F499718D5} - C:\WINDOWS\system32\qieqwven.dll
O2 - BHO: (no name) - {007DB8A9-4093-4FEC-8653-B12C51713C6a} - C:\WINDOWS\system32\qieqwven.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {F2E8E020-F91E-4A63-A75C-DB28DF616730} - c:\windows\system32\goqythk.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcimon.exe] "C:\Program Files\Dell AIO Printer 946\dlcimon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [PAV] C:\Program Files\PAV\pav.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm011RUUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {E1CC21B1-A5FB-466e-A82D-86701EA75256} - C:\Program Files\Surf Canyon\surfcanyon.dll (HKCU)
O9 - Extra 'Tools' menuitem: Surf Canyon Options - {E1CC21B1-A5FB-466e-A82D-86701EA75256} - C:\Program Files\Surf Canyon\surfcanyon.dll (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1226724229703
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: COM+ System Application (COMSysApp) - CMD Technology, Inc. - (no file)
O23 - Service: dlci_device - - C:\WINDOWS\system32\dlcicoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 9219 bytes

#8 dawn48137

dawn48137
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 02 May 2009 - 01:34 PM

I just wanted to let you know I still have this annoying "personal antivirus" pop-ups that are making everything run slowly if able to run. This one I accidentally downloaded b/c something had popped up and said it was a windows update that I needed from my taskbar. Thanks for all your help!!

#9 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:12:12 PM

Posted 02 May 2009 - 04:43 PM

Hello, dawn48137.
Go to Start > Control Panel > Add or Remove Programs.

Remove the following programs, if they are present.

MyWebSearch

If you are unsure of how to use Add or Remove Programs, the please see this tutorial:
How To Remove An Installed Program From Your Computer

NEXT:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

c:\windows\system32\2705650917.dat
c:\windows\system32\D92C754414.sys
c:\windows\system32\KGyGaAvL.sys


Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

NEXT:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

KillAll::

Driver::
snrconfn

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{003EDC54-4093-4FEC-8653-B12C51713C6a}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0075027A-EC38-4A36-B794-D04F499718D5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{007DB8A9-4093-4FEC-8653-B12C51713C6a}]

File::
c:\windows\system32\qieqwven.dll
c:\windows\system32\qqqbwjj.dll
c:\windows\Tasks\At1.job
c:\windows\system32\drivers\snrconfn.sys
c:\windows\system32\goqythk.dll

Folder::
C:\Program Files\PAV

Save this as CFScript.txt, in the same location as ComboFix.exe

Now, drag and drop CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

In your next reply, please include the following:
  • Jotti Log
  • ComboFix.txt
  • Fresh HijackThis Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#10 dawn48137

dawn48137
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 02 May 2009 - 08:18 PM

I see the mywebsearch under add/remove programs, but it will not let me delete mywebsearch. It gives me this message:

"error loading C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll
The specified module could not be found"

#11 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:12:12 PM

Posted 02 May 2009 - 11:04 PM

Hi there!

Okay, please continue with the rest of the instructions :thumbup2:

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#12 dawn48137

dawn48137
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 03 May 2009 - 01:31 PM

Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1



File to upload & scan:



Service
Service load: 0% 100%

File: 2705650917.dat
Status: OK
MD5: bee61ca69bc4c94d56f0e5e8495a8176
Packers detected: -


Scanner results
Scan taken on 03 May 2009 17:35:44 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Powered by


Disclaimer
Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1


File to upload & scan:



Service
Service load: 0% 100%

File: D92C754414.sys
Status: OK
MD5: 003063ee22b8c6d68b5b4713af7f59b6
Packers detected: -

Scanner results
Scan taken on 03 May 2009 17:40:13 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

to upload & scan:



Service
Service load: 0% 100%

File: KGyGaAvL.sys_
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 1b2c3cd0b1a70f3b148151dbe605b6e8
Packers detected: -


Scanner results
Scan taken on 03 May 2009 17:43:05 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

ComboFix 09-05-02.4 - Dawn and Mike 05/02/2009 14:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.602 [GMT -4:00]
Running from: c:\documents and settings\Dawn and Mike\Desktop\ComboFix2.exe
AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Updated)
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\UACreexgfvxtufrrnr.sys
c:\windows\system32\UACcahuujpyyhiusqo.log
c:\windows\system32\UACdjklthqfoovyxwp.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkshprkstbcvdykw.log
c:\windows\system32\UACsimthnkhtsdsamf.log
c:\windows\system32\UACstjcfmllhhvmpfw.dll
c:\windows\system32\UACsxdqymqvdkrilln.dat
c:\windows\system32\UACtlcewkmivoiswkb.dll
c:\windows\system32\UACxdapjwrxylnbobt.dll
c:\windows\system32\UACxxrmjnvxpeuysei.dll
c:\windows\system32\qieqwven.dll . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_SFC


((((((((((((((((((((((((( Files Created from 2009-04-02 to 2009-05-02 )))))))))))))))))))))))))))))))
.

2009-04-29 19:27 . 2009-04-29 19:27 -------- d-----w c:\documents and settings\Dawn and Mike\Application Data\zjxenwne
2009-04-29 19:27 . 2009-04-29 19:27 -------- d-----w c:\documents and settings\Dawn and Mike\Local Settings\Application Data\zjxenwne
2009-04-29 18:59 . 2009-04-29 19:00 -------- d-----w C:\rsit
2009-04-28 01:05 . 2009-04-28 01:05 -------- d-----w c:\documents and settings\NetworkService\Application Data\zjxenwne
2009-04-28 01:05 . 2009-04-28 01:05 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\zjxenwne
2009-04-27 04:32 . 2009-04-27 04:32 -------- d-----w c:\program files\Common Files\Uninstall
2009-04-27 04:32 . 2009-04-27 04:32 -------- d-----w c:\program files\PAV
2009-04-25 23:28 . 2009-04-25 23:28 -------- d-----w c:\documents and settings\Dawn and Mike\Application Data\AdwareAlert
2009-04-25 23:28 . 2009-04-25 23:29 -------- d-----w c:\program files\AdwareAlert
2009-04-24 03:27 . 2009-04-24 03:27 -------- d-----w c:\documents and settings\Dawn and Mike\Application Data\Desktopicon
2009-04-24 03:27 . 2009-04-24 03:27 -------- d-----w c:\program files\Unlocker
2009-04-24 01:55 . 2009-04-24 01:55 -------- d-----w c:\documents and settings\Dawn and Mike\Local Settings\Application Data\Help
2009-04-23 08:05 . 2009-04-23 08:05 -------- d-----w c:\documents and settings\Joey and Evan.WUBZY\Application Data\zjxenwne
2009-04-23 08:05 . 2009-04-23 08:05 -------- d-----w c:\documents and settings\Joey and Evan.WUBZY\Local Settings\Application Data\zjxenwne
2009-04-17 23:08 . 2009-04-17 23:08 -------- d-----w c:\documents and settings\Dawn and Mike\Application Data\Windows Search
2009-04-17 02:53 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-17 02:53 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-17 02:53 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 02:53 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-17 02:53 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 02:53 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 02:53 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 02:53 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 02:53 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 02:53 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 02:52 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-17 02:52 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-06 12:28 . 2009-04-22 20:05 -------- d-----w c:\documents and settings\Joey and Evan.WUBZY\Application Data\Move Networks
2009-04-04 22:06 . 2009-04-04 22:06 -------- d-----w c:\documents and settings\Joey and Evan.WUBZY\Application Data\Sonic
2009-04-04 22:06 . 2009-04-04 22:06 -------- d-----w c:\documents and settings\Joey and Evan.WUBZY\Application Data\Leadertech
2009-04-04 04:48 . 2009-04-04 04:48 -------- d-----w c:\documents and settings\Dawn and Mike\Application Data\WildTangent
2009-04-04 04:47 . 2009-04-04 04:48 -------- d-----w c:\documents and settings\All Users\Application Data\WildTangent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 18:17 . 2009-04-25 23:28 512 ----a-w c:\windows\Tasks\AdwareAlert Scheduled Scan.job
2009-05-02 18:17 . 2008-10-02 17:09 -------- d-----w c:\program files\Dl_cats
2009-05-02 18:16 . 2005-08-16 08:49 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-04-29 19:46 . 2008-10-07 14:02 1294 ----a-w c:\documents and settings\Dawn and Mike\Application Data\wklnhst.dat
2009-04-29 19:30 . 2005-08-16 08:18 143872 ----a-w c:\windows\system32\qieqwven.dll
2009-04-29 19:30 . 2005-08-16 08:18 103424 ----a-w c:\windows\system32\qqqbwjj.dll
2009-04-29 19:28 . 2009-02-27 14:23 -------- d-----w c:\program files\Common
2009-04-29 19:00 . 2006-09-05 18:30 -------- d-----w c:\program files\Trend Micro
2009-04-26 23:40 . 2009-04-23 05:35 434 ----a-w c:\windows\Tasks\At1.job
2009-04-22 18:17 . 2008-10-27 20:04 142 ----a-w c:\documents and settings\Joey and Evan.WUBZY\Local Settings\Application Data\fusioncache.dat
2009-04-17 09:37 . 2006-09-05 18:32 -------- d-----w c:\program files\Microsoft ActiveSync
2009-03-29 16:13 . 2008-11-18 17:26 -------- d-----w c:\program files\LimeWire
2009-03-24 23:28 . 2008-10-03 20:30 69840 ----a-w c:\documents and settings\Dawn and Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-24 02:10 . 2009-03-24 02:10 -------- d-----w c:\program files\Common Files\Napster Shared
2009-03-24 02:10 . 2006-09-05 18:23 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-03-24 02:10 . 2006-09-05 18:22 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-23 23:46 . 2009-03-23 23:46 -------- d-----w c:\program files\Sony
2009-03-20 16:10 . 2009-03-20 16:10 -------- d-----w c:\program files\Yontoo Layers Client for Internet Explorer
2009-03-17 16:02 . 2009-03-17 16:02 315 ----a-w c:\windows\EReg515.dat
2009-03-17 16:01 . 2008-10-14 18:04 -------- d-----w c:\program files\Disney Interactive
2009-03-13 14:57 . 2009-03-13 14:57 -------- d-----w c:\program files\Windows Desktop Search
2009-03-13 14:49 . 2008-11-17 02:51 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-12 22:09 . 2009-03-12 20:18 386 --s-a-w c:\windows\system32\2705650917.dat
2009-03-12 21:56 . 2005-08-16 08:18 14336 ----a-w c:\windows\system32\svchost.exe
2009-03-12 04:59 . 2009-03-12 04:58 -------- d-----w c:\program files\BearShare Applications
2009-03-06 14:22 . 2005-08-16 08:18 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2005-08-16 08:18 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2009-03-13 05:23 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2005-08-16 08:18 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2005-08-16 08:18 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2005-08-16 08:18 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2005-08-16 08:18 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2005-08-16 08:18 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2005-08-16 08:18 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2005-08-16 08:18 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2005-08-16 08:18 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-04 02:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2005-08-16 08:18 56832 ----a-w c:\windows\system32\secur32.dll
2008-11-20 05:15 . 2008-11-13 19:40 88 --sh--r c:\windows\system32\D92C754414.sys
2008-11-20 05:15 . 2008-11-13 19:40 3350 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-04-29_19.34.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-02 16:54 . 2009-04-30 18:59 81920 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-02 16:54 . 2009-04-29 18:50 81920 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-02 16:54 . 2009-04-30 18:59 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-10-02 16:54 . 2009-04-29 18:50 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-02 16:54 . 2009-04-30 18:59 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-10-02 16:54 . 2009-04-29 18:50 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{003EDC54-4093-4FEC-8653-B12C51713C6a}]
2009-04-29 19:30 143872 ----a-w c:\windows\system32\qieqwven.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0075027A-EC38-4A36-B794-D04F499718D5}]
2009-04-29 19:30 143872 ----a-w c:\windows\system32\qieqwven.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{007DB8A9-4093-4FEC-8653-B12C51713C6a}]
2009-04-29 19:30 143872 ----a-w c:\windows\system32\qieqwven.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
2009-04-28 00:37 470512 ----a-w c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
2006-07-26 21:05 94208 ----a-w c:\program files\BAE\BAE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2E8E020-F91E-4A63-A75C-DB28DF616730}]
2004-08-10 09:00 103424 ----a-w c:\windows\system32\goqythk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2008-10-01 07:40 192960 ------w c:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-26 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"AdwareAlert"="c:\program files\AdwareAlert\AdwareAlert.exe" [2009-04-23 9097216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-09-05 169984]
"BuildBU"="c:\dell\bldbubg.exe" [2006-09-05 61440]
"DLCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-02-24 73728]
"dlcimon.exe"="c:\program files\Dell AIO Printer 946\dlcimon.exe" [2006-02-14 430080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-05 98304]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-09-24 206064]
"PAV"="c:\program files\PAV\pav.exe" [2009-04-27 1052672]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-02-10 282624]

c:\documents and settings\Joey and Evan.WUBZY\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-5 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - c:\windows\system32\webcheck.dll [2009-02-20 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-02 17:07 10536 ----a-w c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service
"34315:TCP"= 34315:TCP:*:Disabled:@xpsp2res.dll,-22009
"62200:TCP"= 62200:TCP:*:Disabled:@xpsp2res.dll,-22009
"4517:TCP"= 4517:TCP:*:Disabled:@xpsp2res.dll,-22009
"60073:TCP"= 60073:TCP:@xpsp2res.dll,-22009
"34724:TCP"= 34724:TCP:@xpsp2res.dll,-22009

S0 snrconfn;snrconfn;c:\windows\system32\drivers\snrconfn.sys [2004-08-10 23424]
S2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2008-11-26 205328]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-30 290889]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-08-30 585792]
S2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys [2008-11-26 36368]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-08-30 262215]
S3 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe [2006-05-11 491520]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-02 c:\windows\Tasks\AdwareAlert Scheduled Scan.job
- c:\program files\AdwareAlert\AdwareAlert.exe [2009-04-23 11:09]

2009-05-02 c:\windows\Tasks\At1.job
- c:\windows\system32\goqythk.dll [2005-08-16 09:00]
.
- - - - ORPHANS REMOVED - - - -

SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mc558.mail.yahoo.com/mc/showFolder?fid=Inbox&.rand=632552348&da=0
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.myspace.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm011RUUS
IE: {{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
IE: {{B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
IE: {{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-02 14:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(1356)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\searchindexer.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\Common Files\InstallShield\UpdateService\agent.exe
c:\windows\system32\wscript.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-05-02 14:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-02 18:20
ComboFix2.txt 2009-04-29 19:39

Pre-Run: 135,101,501,440 bytes free
Post-Run: 135,995,568,128 bytes free

295 --- E O F --- 2009-04-17 09:44
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:27 PM, on 5/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\Dawn and Mike\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mc558.mail.yahoo.com/mc/showFold...552348&da=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {F2E8E020-F91E-4A63-A75C-DB28DF616730} - c:\windows\system32\goqythk.dll (file missing)
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcimon.exe] "C:\Program Files\Dell AIO Printer 946\dlcimon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [PAV] C:\Program Files\PAV\pav.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm011RUUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {E1CC21B1-A5FB-466e-A82D-86701EA75256} - C:\Program Files\Surf Canyon\surfcanyon.dll (HKCU)
O9 - Extra 'Tools' menuitem: Surf Canyon Options - {E1CC21B1-A5FB-466e-A82D-86701EA75256} - C:\Program Files\Surf Canyon\surfcanyon.dll (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1226724229703
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: COM+ System Application (COMSysApp) - CMD Technology, Inc. - (no file)
O23 - Service: dlci_device - - C:\WINDOWS\system32\dlcicoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 9138 bytes

#13 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:12:12 PM

Posted 03 May 2009 - 03:51 PM

Hi there!

It looks to me like you posted up your older combofix log. Please make sure you post the right one. If you cannot find the log, then follow the instructions I gave where you drag the script onto the combofix icon and post up the log that comes then.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#14 dawn48137

dawn48137
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 03 May 2009 - 08:37 PM

Okay I did what you said twice and my computer keeps saying it cannot find the file C:\combofix.txt in which combofix said it saved it's log under at the end of the scan. Ugh I hate computers!! The only thing I can find is the old one on my desktop. ????

#15 dawn48137

dawn48137
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 03 May 2009 - 08:58 PM

ComboFix 09-05-03.1 - Dawn and Mike 05/03/2009 21:48.7 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.810 [GMT -4:00]
Running from: c:\documents and settings\Dawn and Mike\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dawn and Mike\Desktop\CFScript.txt
AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Updated)
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled*

FILE ::
c:\windows\system32\drivers\snrconfn.sys
c:\windows\system32\goqythk.dll
c:\windows\system32\qieqwven.dll
c:\windows\system32\qqqbwjj.dll
c:\windows\Tasks\At1.job
.

((((((((((((((((((((((((( Files Created from 2009-04-04 to 2009-05-04 )))))))))))))))))))))))))))))))
.

2009-05-04 01:01 . 2009-05-04 01:01 -------- d-----w C:\ComboFix2
2009-05-03 17:38 . 2009-05-03 17:38 69840 ----a-w c:\documents and settings\Dawn and Mike\Application Data\GDIPFONTCACHEV1.DAT
2009-04-29 19:27 . 2009-04-29 19:27 -------- d-----w c:\documents and settings\Dawn and Mike\Application Data\zjxenwne
2009-04-29 19:27 . 2009-04-29 19:27 -------- d-----w c:\documents and settings\Dawn and Mike\Local Settings\Application Data\zjxenwne
2009-04-29 18:59 . 2009-04-29 19:00 -------- d-----w C:\rsit
2009-04-28 01:05 . 2009-04-28 01:05 -------- d-----w c:\documents and settings\NetworkService\Application Data\zjxenwne
2009-04-28 01:05 . 2009-04-28 01:05 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\zjxenwne
2009-04-27 04:32 . 2009-04-27 04:32 -------- d-----w c:\program files\Common Files\Uninstall
2009-04-25 23:28 . 2009-04-25 23:28 -------- d-----w c:\documents and settings\Dawn and Mike\Application Data\AdwareAlert
2009-04-25 23:28 . 2009-04-25 23:29 -------- d-----w c:\program files\AdwareAlert
2009-04-24 03:27 . 2009-04-24 03:27 -------- d-----w c:\documents and settings\Dawn and Mike\Application Data\Desktopicon
2009-04-24 03:27 . 2009-04-24 03:27 -------- d-----w c:\program files\Unlocker
2009-04-24 01:55 . 2009-04-24 01:55 -------- d-----w c:\documents and settings\Dawn and Mike\Local Settings\Application Data\Help
2009-04-23 08:05 . 2009-04-23 08:05 -------- d-----w c:\documents and settings\Joey and Evan.WUBZY\Application Data\zjxenwne
2009-04-23 08:05 . 2009-04-23 08:05 -------- d-----w c:\documents and settings\Joey and Evan.WUBZY\Local Settings\Application Data\zjxenwne
2009-04-17 23:08 . 2009-04-17 23:08 -------- d-----w c:\documents and settings\Dawn and Mike\Application Data\Windows Search
2009-04-17 02:53 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-17 02:53 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-17 02:53 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 02:53 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-17 02:53 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 02:53 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 02:53 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 02:53 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 02:53 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 02:53 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 02:52 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-17 02:52 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-06 12:28 . 2009-04-22 20:05 -------- d-----w c:\documents and settings\Joey and Evan.WUBZY\Application Data\Move Networks
2009-04-04 22:06 . 2009-04-04 22:06 -------- d-----w c:\documents and settings\Joey and Evan.WUBZY\Application Data\Sonic
2009-04-04 22:06 . 2009-04-04 22:06 -------- d-----w c:\documents and settings\Joey and Evan.WUBZY\Application Data\Leadertech
2009-04-04 04:48 . 2009-04-04 04:48 -------- d-----w c:\documents and settings\Dawn and Mike\Application Data\WildTangent
2009-04-04 04:47 . 2009-04-04 04:48 -------- d-----w c:\documents and settings\All Users\Application Data\WildTangent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 01:14 . 2005-08-16 08:49 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-04 01:10 . 2009-04-25 23:28 512 ----a-w c:\windows\Tasks\AdwareAlert Scheduled Scan.job
2009-05-04 01:10 . 2008-10-02 17:09 -------- d-----w c:\program files\Dl_cats
2009-05-03 18:28 . 2008-10-07 14:02 1564 ----a-w c:\documents and settings\Dawn and Mike\Application Data\wklnhst.dat
2009-05-03 18:06 . 2005-08-16 08:18 23424 ----a-w c:\windows\system32\drivers\vrybcxny.sys
2009-04-29 19:28 . 2009-02-27 14:23 -------- d-----w c:\program files\Common
2009-04-29 19:00 . 2006-09-05 18:30 -------- d-----w c:\program files\Trend Micro
2009-04-22 18:17 . 2008-10-27 20:04 142 ----a-w c:\documents and settings\Joey and Evan.WUBZY\Local Settings\Application Data\fusioncache.dat
2009-04-17 09:37 . 2006-09-05 18:32 -------- d-----w c:\program files\Microsoft ActiveSync
2009-03-29 16:13 . 2008-11-18 17:26 -------- d-----w c:\program files\LimeWire
2009-03-24 23:28 . 2008-10-03 20:30 69840 ----a-w c:\documents and settings\Dawn and Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-24 02:10 . 2009-03-24 02:10 -------- d-----w c:\program files\Common Files\Napster Shared
2009-03-24 02:10 . 2006-09-05 18:23 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-03-24 02:10 . 2006-09-05 18:22 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-23 23:46 . 2009-03-23 23:46 -------- d-----w c:\program files\Sony
2009-03-20 16:10 . 2009-03-20 16:10 -------- d-----w c:\program files\Yontoo Layers Client for Internet Explorer
2009-03-17 16:02 . 2009-03-17 16:02 315 ----a-w c:\windows\EReg515.dat
2009-03-17 16:01 . 2008-10-14 18:04 -------- d-----w c:\program files\Disney Interactive
2009-03-13 14:57 . 2009-03-13 14:57 -------- d-----w c:\program files\Windows Desktop Search
2009-03-13 14:49 . 2008-11-17 02:51 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-12 22:09 . 2009-03-12 20:18 386 --s-a-w c:\windows\system32\2705650917.dat
2009-03-12 21:56 . 2005-08-16 08:18 14336 ----a-w c:\windows\system32\svchost.exe
2009-03-12 04:59 . 2009-03-12 04:58 -------- d-----w c:\program files\BearShare Applications
2009-03-06 14:22 . 2005-08-16 08:18 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2005-08-16 08:18 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2009-03-13 05:23 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2005-08-16 08:18 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2005-08-16 08:18 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2005-08-16 08:18 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2005-08-16 08:18 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2005-08-16 08:18 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2005-08-16 08:18 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2005-08-16 08:18 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2005-08-16 08:18 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-04 02:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2005-08-16 08:18 56832 ----a-w c:\windows\system32\secur32.dll
2008-11-20 05:15 . 2008-11-13 19:40 88 --sh--r c:\windows\system32\D92C754414.sys
2008-11-20 05:15 . 2008-11-13 19:40 3350 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-04-29_19.34.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-02 16:54 . 2009-04-30 18:59 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-10-02 16:54 . 2009-04-29 18:50 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-02 16:54 . 2009-04-30 18:59 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-10-02 16:54 . 2009-04-29 18:50 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2E8E020-F91E-4A63-A75C-DB28DF616730}]
c:\windows\system32\goqythk.dll [BU]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2008-10-01 07:40 192960 ------w c:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-26 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"AdwareAlert"="c:\program files\AdwareAlert\AdwareAlert.exe" [2009-04-23 9097216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-09-05 169984]
"BuildBU"="c:\dell\bldbubg.exe" [2006-09-05 61440]
"DLCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-02-24 73728]
"dlcimon.exe"="c:\program files\Dell AIO Printer 946\dlcimon.exe" [2006-02-14 430080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-05 98304]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-09-24 206064]
"PAV"="c:\program files\PAV\pav.exe" [BU]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-02-10 282624]

c:\documents and settings\Joey and Evan.WUBZY\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-5 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-02 17:07 10536 ----a-w c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service
"34315:TCP"= 34315:TCP:*:Disabled:@xpsp2res.dll,-22009
"62200:TCP"= 62200:TCP:*:Disabled:@xpsp2res.dll,-22009
"4517:TCP"= 4517:TCP:*:Disabled:@xpsp2res.dll,-22009
"60073:TCP"= 60073:TCP:@xpsp2res.dll,-22009
"34724:TCP"= 34724:TCP:@xpsp2res.dll,-22009

R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2008-11-26 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-30 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-08-30 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys [2008-11-26 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-08-30 262215]
R3 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe [2006-05-11 491520]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-04 c:\windows\Tasks\AdwareAlert Scheduled Scan.job
- c:\program files\AdwareAlert\AdwareAlert.exe [2009-04-23 11:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mc558.mail.yahoo.com/mc/showFolder?fid=Inbox&.rand=632552348&da=0
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.myspace.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm011RUUS
Trusted Zone: musicmatch.com\online
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-03 21:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\SAMLIB.dll

- - - - - - - > 'explorer.exe'(1776)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
.
Completion time: 2009-05-04 21:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-04 01:55
ComboFix2.txt 2009-05-04 01:41
ComboFix3.txt 2009-05-02 18:21
ComboFix4.txt 2009-04-29 19:39

Pre-Run: 135,952,003,072 bytes free
Post-Run: 135,948,705,792 bytes free

229 --- E O F --- 2009-04-17 09:44




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users