Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Rustok-N Virus Removal


  • Please log in to reply
1 reply to this topic

#1 DB DUFFMAN

DB DUFFMAN

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 09 August 2009 - 04:04 PM

My computer has been infected with the Trojan Rustok-N virus and may have others. I have tried instructions left for other with similar problems but they will not work for me. Malwarebytes' Anti-Malware will not run and other similar anti-malware programs will not open up either.

Here are my logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:57 PM, on 8/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mnmsrvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\SYSTEM32\Rpcnet.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\DOCUME~1\KYLEMI~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Kyle Mire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kyle Mire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Kyle Mire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kyle Mire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kyle Mire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 944\memcard.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Dell QuickSet] C:\PROGRA~1\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\17304\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kyle Mire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P10 /q C:\DOCUME~1\KYLEMI~1\LOCALS~1\Temp\HSPERF~1.SH! C:\DOCUME~1\KYLEMI~1\LOCALS~1\Temp\CLCLEA~2.SH! C:\DOCUME~1\KYLEMI~1\LOCALS~1\TEMPOR~1\Content.IE5\SUJCYH80\AIM_UA~1.SH! C:\DOCUME~1\KYLEMI~1\LOCALS~1\TEMPOR~1\Content.IE5\Q5AQEVX2\LAUNCH~2.SH! C:\DOCUME~1\KYLEMI~1\LOCALS~1\TEMPOR~1\Content.IE5\SUJCYH80\APP_1_~1.SH! C:\DOCUME~1\KYLEMI~1\LOCALS~1\TEMPOR~1\Content.IE5\Q5AQEVX2\NO_CON~1.SH! C:\DOCUME~1\KYLEMI~1\LOCALS~1\TEMPOR~1\Content.IE5\Q5AQEVX2\DW_PAS~1.SH! C:\DOCUME~1\KYLEMI~1\LOCALS~1\TEMPOR~1\Content.IE5\SUJCYH80\DC_1_~1.SH! C:\DOCUME~1\KYLEMI~1\LOCALS~1\TEMPOR~1\Content.IE5\Q5AQEVX2\DW_PAS~2.SH! C:\DOCUME~1\KYLEMI~1\LOCALS~1\TEMPOR~1\Content.IE5\OXY74OX7\INDEX_~3.SH! C:\DOCUME~1\KYLEMI~1\LOCALS~1\TEMPOR~1\Content.IE5\O0NTY8LI\APP_2_~1.SH! C:\DOCUME~1\KYLEMI~1\LOCALS~1\TEMPOR~1\Content.IE5\O56X1CZS\INDEX_~1.SH! C:\DOCUME~1\KYLEMI~1\LOCALS~1\TEMPOR~1\Content.IE5\P0RK718K\AIM_UA~2.SH! C:\DOCUME~1\KYLEMI~1\LOCALS~1\TEMPOR~1\Con
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B44DA97-E56D-49C5-8C66-BB365CCFC971}: NameServer = 85.255.112.142,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7FEA9EC-61F7-4C48-8918-FBF341C067DB}: NameServer = 85.255.112.142,85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.142,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.142,85.255.112.187
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\SYSTEM32\Rpcnet.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: TQLLJXCEJTQSUU - Sysinternals - www.sysinternals.com - C:\DOCUME~1\KYLEMI~1\LOCALS~1\Temp\TQLLJXCEJTQSUU.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 17304 bytes



DDS (Ver_09-07-30.01) - NTFSx86
Run by Kyle Mire at 16:51:19.28 on Sun 08/09/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1209 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mnmsrvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\SYSTEM32\Rpcnet.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\DOCUME~1\KYLEMI~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Kyle Mire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kyle Mire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Kyle Mire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kyle Mire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kyle Mire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Kyle Mire\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en
uSearch Bar =
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MtdAcq] c:\program files\creative\shared files\media sniffer\MtdAcq.exe /s
uRun: [Aim6]
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Google Update] "c:\documents and settings\kyle mire\local settings\application data\google\update\GoogleUpdate.exe" /c
uRunOnce: [DelayShred] "c:\program files\mcafee\mshr\shrcl.exe" /p10 /q c:\docume~1\kylemi~1\locals~1\temp\hsperf~1.sh! c:\docume~1\kylemi~1\locals~1\temp\clclea~2.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\sujcyh80\aim_ua~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\q5aqevx2\launch~2.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\sujcyh80\app_1_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\q5aqevx2\no_con~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\q5aqevx2\dw_pas~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\sujcyh80\dc_1_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\q5aqevx2\dw_pas~2.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\oxy74ox7\index_~3.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\o0nty8li\app_2_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\o56x1czs\index_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\p0rk718k\aim_ua~2.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\o0nty8li\no_con~2.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\o0nty8li\dw_pas~3.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\o0nty8li\dc_1_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\o0nty8li\dw_pas~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\rt0zhahg\ernie_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\prip12xj\pobtra~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\xtj8cpqo\aim_ua~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\rt0zhahg\app_1_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\prip12xj\in5d1d~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\8wfdplww\no_con~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\rt0zhahg\dw_pas~2.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\rt0zhahg\dc_1_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\rt0zhahg\dw_pas~3.sh! c:\docume~1\kylemi~1\locals~1\temp\clclea~4.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\cm7n11iv\aim_ua~1.sh! c:\docume~1\kylemi~1\locals~1\temp\clclea~3.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\vzdobv47\aim_ua~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\if18akbd\aim_ua~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\72lb0s81\2b0000~2.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\ge2puwk4\0201e0~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\0zouz05y\aim_ua~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\ge2puwk4\2b0000~2.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\915t6hzh\zcpt7_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\cm7n11iv\no_con~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\cm7n11iv\dw_pas~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\915t6hzh\dc_2_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\0zouz05y\in5d1d~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\cm7n11iv\app_1_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\cm7n11iv\dw_pas~2.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\0zouz05y\aim_ua~2.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\xex6royq\aim_ua~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\ynn34hnq\aim_ua~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\5qd1nt18\cpt2_m~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\2mcvj3nb\aim_ua~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\ge2puwk4\2b0000~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\cfm4fs11\aim_ua~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\wj78yomn\2b0000~2.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\b5nvqerd\no_con~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\t57i9w3g\dw_pas~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\ii8y390v\index_~2.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\t57i9w3g\dc_1_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\b5nvqerd\dw_pas~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\t57i9w3g\app_2_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\b5nvqerd\aim_ua~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\vzdobv47\app_1_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\t57i9w3g\in5d1d~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\vzdobv47\dw_pas~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\vzdobv47\dc_1_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\vzdobv47\no_con~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\vzdobv47\dw_pas~2.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\q2aphhxu\aim_ua~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\2mcvj3nb\zcpt7_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\x12y1om0\dw_pas~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\5qd1nt18\app_1_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\915t6hzh\no_con~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\5qd1nt18\dw_pas~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\915t6hzh\dw_pas~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\t57i9w3g\aim_ua~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\5qd1nt18\dc_1_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\915t6hzh\aim_ua~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\ge2puwk4\behavi~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\x12y1om0\clickt~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\b5nvqerd\zcpt7_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\0zouz05y\app_1_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\cfm4fs11\indexc~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\0zouz05y\dc_1_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\0zouz05y\dw_pas~2.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\ifph19lg\dw_pas~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\if18akbd\aim_ua~2.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\y3x20vcn\dw_pas~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\x12y1om0\behavi~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\wj78yomn\aim_ua~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\915t6hzh\clickt~2.sh! c:\docume~1\kylemi~1\locals~1\temp\cl78c5~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\vzdobv47\no_con~2.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\vzdobv47\dw_pas~3.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\ifph19lg\in2961~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\vzdobv47\dw_pas~4.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\ynn34hnq\dw_pas~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\ynn34hnq\no_con~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\ynn34hnq\app_1_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\t57i9w3g\indexc~3.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\ynn34hnq\dw_pas~2.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\ynn34hnq\dc_1_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\if18akbd\dw_pas~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\q2aphhxu\2b0000~3.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\98ofangt\app_1_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\98ofangt\dw_pas~2.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\t9wgu3wp\dc_1_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\5hzc9cov\in592d~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\98ofangt\no_con~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\98ofangt\dw_pas~3.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\98ofangt\dw_pas~4.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\214cf4dg\app_1_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\214cf4dg\no_con~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\214cf4dg\dw_pas~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\214cf4dg\dw_pas~2.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\a7je1euf\index_~2.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\nuac1z1v\dc_1_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\nuac1z1v\dw_pas~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\d2chjgeo\343862~2.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\zxu3agxm\dw_pas~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\ym7zsgk4\tcode_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\67fc3z6p\no_con~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\ti9oyio2\dc_2_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\67fc3z6p\app_1_~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\ny3f18me\aim_ua~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\d2chjgeo\index_~2.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\ny3f18me\dwb4d5~1.sh! c:\docume~1\kylemi~1\locals~1\tempor~1\content.ie5\67fc3z6p\DW_PAS~1.SH!
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dlcdmon.exe] "c:\program files\dell photo aio printer 944\dlcdmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 944\memcard.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [Dell QuickSet] c:\progra~1\dell\quickset\quickset.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [DLCDCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCDtime.dll,_RunDLLEntry@16
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRunOnce: [!CleanupNetMeetingDispDriver] "c:\windows\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\xxxxx\mbamgui.exe /install /silent
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cleana~1.lnk - c:\program files\cisco systems\clean access agent\CCAAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - hxxp://secure2.comned.com/signuptemplates/securelogin-devel.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 85.255.112.142,85.255.112.187
TCP: {9B44DA97-E56D-49C5-8C66-BB365CCFC971} = 85.255.112.142,85.255.112.187
TCP: {E7FEA9EC-61F7-4C48-8918-FBF341C067DB} = 85.255.112.142,85.255.112.187
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kylemi~1\applic~1\mozilla\firefox\profiles\l0cetjwq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\kyle mire\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-8-8 130936]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-8-5 214024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-29 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-8-6 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-8-5 144704]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-8-8 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-8-8 1097096]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-25 24652]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-8-5 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-8-5 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-8-5 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-8-5 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-8-5 34216]
S3 TQLLJXCEJTQSUU;TQLLJXCEJTQSUU;c:\docume~1\kylemi~1\locals~1\temp\TQLLJXCEJTQSUU.exe [2009-8-9 568192]

=============== Created Last 30 ================

2009-08-09 16:44 <DIR> --d----- c:\program files\Trend Micro
2009-08-09 16:28 <DIR> --d----- c:\program files\xxxxx
2009-08-09 13:51 <DIR> --d----- c:\program files\blahxxx
2009-08-09 13:14 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-09 13:14 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-09 13:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-09 00:26 552 a------- c:\windows\system32\d3d8caps.dat
2009-08-09 00:26 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-08-09 00:21 <DIR> --d----- c:\windows\ERUNT
2009-08-09 00:00 <DIR> --d----- C:\SDFix
2009-08-08 23:34 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-08-08 23:33 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-08-08 23:33 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-08 23:33 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-08-08 23:33 <DIR> --d----- c:\program files\common files\PC Tools
2009-08-08 23:33 <DIR> --d----- c:\program files\Spyware Doctor
2009-08-08 23:33 <DIR> --d----- c:\docume~1\kylemi~1\applic~1\PC Tools
2009-08-08 23:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-07-17 17:31 <DIR> --d----- c:\program files\iPod
2009-07-17 17:31 <DIR> --d----- c:\program files\iTunes

==================== Find3M ====================

2009-08-09 16:21 56,680 a------- c:\windows\system32\Rpcnet.dll
2009-08-09 16:21 17,408 a------- c:\windows\system32\rpcnetp.dll
2009-08-09 16:05 17,408 a------- c:\windows\system32\Rpcnetp.exe
2009-07-05 13:03 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-05 13:03 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-06-29 12:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 12:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 12:12 17,408 -------- c:\windows\system32\corpol.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-22 18:20 56,680 a------- c:\windows\system32\rpcnet.exe
2009-02-03 00:29 20 -c--h--- c:\docume~1\alluse~1\applic~1\PKP_DLds.DAT
2009-02-03 00:25 20 -c--h--- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2007-09-03 23:50 55 ac------ c:\documents and settings\kyle mire\autoexec.bat
2006-10-15 20:02 774,144 ac------ c:\program files\RngInterstitial.dll
2007-01-03 20:49 88 ac-shr-- c:\windows\system32\EC2A989F67.sys
2007-01-03 20:45 56 ac-shr-- c:\windows\system32\F7DB90B60F.sys
2007-01-03 20:49 6,580 ac-sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 16:53:44.70 ===============

Edited by DB DUFFMAN, 09 August 2009 - 09:45 PM.


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:24 AM

Posted 11 August 2009 - 05:43 PM

Hello DB DUFFMAN,

I have tried instructions left for other with similar problems but they will not work for me.


Never copy anyone elses fix! You only make matter worse. Each fix is specific to that users computer.

Malwarebytes' Anti-Malware will not run



If MBAM will not run, go to the program directory of MBAM (e.g. C:\Program FIles\Malwarebytes Antimalware\) then rename mbam.exe to newtool.exe3, double click newtool3.exe to proceed in running a Full scan.

Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Edited by SifuMike, 11 August 2009 - 05:45 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users