Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
2 Pages V   1 2 >  
 Closed TopicStart new topic
Please Help! Too many viruses :-( [CLOSED]
karen7787
post Nov 12 2008, 08:07 PM
Post #1


New Member
*
Posts: 9
OS: Windows XP
I did run McAfee and it found 42!! things. It quaranteed them, but I still have all this internet windows opening up with ads and closing when they feel like it. I can't barely search the internet anymore!! It found trojans and malware, droppers, alertsomethings. McAffee is not showing anything anymore. [bleep]! I use this computer to work!!! Does this log from hijack show something? I don't see names of trojans here. McFee found and quarantined GenericPUP.x, GenericPUP.d, Generic.dx, Vundo.gen.k, generic downloader.ab, FakeAlert-AB-dldr, JS/Downloader-BDO, JS/FakeAlert.AB.dldr, Generic.dx, Generic Back Door, Vundo, Generic Dropper.bm, Generic Dropper, Generic Downloader.s, New Malware.bl.
=======================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:19 PM, on 11/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\prun.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Karen\gotomypc_437.exe
C:\DOCUME~1\Karen\LOCALS~1\Temp\G2_437\g2viewer.ex e
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080602
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080602
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {9E91EF7B-6846-45C3-A8AB-67CF7C900783} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\SAV\sav.exe
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prun.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\SAV\sav.exe
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prun.exe"
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-18\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [prunnet] "C:\WINDOWS\system32\prun.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [gadcom] "C:\Documents and Settings\NetworkService\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836 AC4FA7C8833201749139 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-***5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-***5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL bnkqaz.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 10876 bytes

Update:

I did a scan with mcfee again and it found 5 other things!!! It quarantineed them. Now I'm very concerned because mcfee had gotten rid of everything a few hours earlier and now there's more. It was generic.dx and generic dropper. What good does it do to remove those things if they keep coming back.

I'm very afraid about my job. I telecommute and need to log in remotely to one of their computers. Can I infect them? I don't want to cause anybody problems and I'm afraid they'll get upset and don't let me work for them any longer.

This started when I tried to download some pictures of when Sarah Palin was younger. My computer suddenly got slow and when I did cntrl +alt+del I saw one of the programs was called Hey Dummy! I frantically closed that and since there was an anti-virus program that came up, I thought it was the one that came with the computer and I clicked on it. I then realized something was off and canceled it. After that, when I tried to look pages on the internet I would be directed to one with an ad similar to what I was searching for. I also got those annoying pop-ups for the antivirus 2008 and then 2009.

I also got voice ads, but since most were related to Dell (my pc is Dell) I thought they were just spamming me. Then I wanted to watch a movie on Netflix and I couldn't. I called them and told me that in order to view movies I had to upgrade to IE7. I did and all those things disappeared. I was very happy for 1 week.

Now, yesterday or I don't know if it was on Monday. I got two Trojan alerts while I was on the internet. I get internet browsers opening one after another with ad sites. I can't barely use my internet anymore. During the day it's not so bad, but after 5 they start stronger and at night it's much worse. Last night, I had to send an important e-mail and I would type and the computer would not do my keystrokes. Right now, my comp is very, very slow when I type. Like when I was running a computer that had windows 3.1 and barely any memory.

I'm a home-worker and have access to personal information we need to input into the computer. I'm afraid someone is going to do something bad with my IP and it will seem I was the one that did it.

Thanks again for any help you can give me.



This post has been edited by karen7787: Nov 12 2008, 10:59 PM
Go to the top of the page
 
+Quote Post
RatHat
post Nov 13 2008, 02:33 AM
Post #2


GeekU Mod
Group Icon
Posts: 7,823
From: Lake Mabprachan, Thailand
OS: XP SP2 ~ Vista Ultimate
Hi there,

Welcome to GeeksToGo.


OK firstly, I need you to print out each post I make so that you can refer to it while we fix your computer. This is because there will be times when you are unable to be online to read my instructions, and I will want you to do everything very carefully. I also need you to follow my instructions in the order that they are given. If however, you cannot carry out one of them, please continue on with the next and let me know what you were unsuccessful with. Please ensure you have word wrap turned off in Notepad. To do this, open Notepad, choose Format, then ensure Word Wrap is Un-checked. (Word Wrap makes reading your logs difficult).

Next, I would like to make sure that you can view hidden files and folders (if possible);
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading SELECT Show hidden files and folders.
  • UNCHECK the Hide protected operating system files (recommended) option.
  • UNCHECK the Hide extensions for known file types option.
  • Click Yes to confirm.
  • Click OK.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Please attach the second file; Attach.txt. To attach a file, do the following:
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on to insert the attachment into your post

Regards,
RatHat
Go to the top of the page
 
+Quote Post
karen7787
post Nov 14 2008, 02:24 AM
Post #3


New Member
*
Posts: 9
OS: Windows XP
Hi Rat Hat,

Thanks so much for looking into my problem. Last night the computer was supposedly clear and this morning when I booted the system I had as wilogon.exe error and I found another trojan(generic downloader.q)

I decided to do two scans today. AntiSuperSpyware and Malwarebytes. I got the scanners from a site that is supposed to be safe.

The ASA found over 272 things. My McAfee went crazy telling me of many trojans that were stored on the ASA application. My puter seemed slow as well. I deleted ASA, ran McAfee again and it was clean.

I then downloaded Malwarebytes and it was going fine. It had found 22 things. ( I know there's more stuff at the computer than McAfee can detect). All of a sudden I had many virus alerts coming from McAfee. These are password stealers :-( and my computer is dragging, I can't barely type. The keys feel very heavy.

What happened here? Were these two downloads infected? When I ran SAS I got generic.dx, vundo.gen.k, vundo, vundo.gen.m, generic downloader.x. When I ran Malwarebytes I got generic downloader.x, generic packed, generic downloader.z, generic PWS.y, generic.dx, generic downlaoder.q, generic backdoor and AdClicker-GP.

The Malwarebytes found different things like a highjacker, malware trace and MS Juan.
=====================================
I had done what you said in your posting last night, but decided to redo it when that happened, so this is the most current one. I noticed some weird icons under My Documents right now so I just redid this.


DDS (Version 1.0) - NTFSx86
Run by Karen at 0:14:27.64 on Fri 11/14/2008
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.271 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Karen\Desktop\dds.scr

============== Psuedo HJT Report ===============

uStart Page = hxxp://att.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080602
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = "c:\program files\msn gaming zone\windows\chkrzm.exe"
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
uRun: [DellAutomatedPCTuneUp] "c:\program files\dellautomatedpctuneup\PTAgnt.exe" /startup
uRun: [Yahoo! Pager] 1
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
StartupFolder: c:\docume~1\karen\startm~1\programs\startup\adobem~1.lnk - c:\program files\adobe media player\Adobe Media Player.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\at&tse~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: GoToAssist -c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui -igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL bnkqaz.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\khfFuRIc

============= SERVICES / DRIVERS ===============

R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys
R2 IJPLMSVC;PIXMA Extended Survey Program;c:\program files\canon\ijplm\IJPLMSVC.EXE
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;\??\c:\windows\system32\drivers\OEM02Afx.sys
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys
S3 GoToAssist;GoToAssist;"c:\program files\citrix\gotoassist\514\g2aservice.exe" Start=service

=============== Created Last 30 ================

2008-11-13 22:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WinZip
2008-11-13 22:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WinZipSE
2008-11-13 22:50 <DIR> --d----- c:\program files\WinZip Self-Extractor
2008-11-13 20:10 <DIR> --d----- c:\docume~1\karen\applic~1\Malwarebytes
2008-11-13 20:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-11-13 18:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-11-13 18:28 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-11-13 18:28 <DIR> --d----- c:\docume~1\karen\applic~1\SUPERAntiSpyware.com
2008-11-13 18:10 <DIR> --d----- c:\windows\pss
2008-11-13 00:35 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-13 00:35 73,728 a------- c:\windows\system32\javacpl.cpl
2008-11-12 23:04 <DIR> --d----- c:\program files\Executive Software
2008-11-12 21:08 <DIR> --d----- c:\program files\CCleaner
2008-11-12 16:32 <DIR> --d----- c:\program files\Trend Micro
2008-11-12 02:12 1,584,954 ---sh--- c:\windows\system32\guinxjbo.ini
2008-11-11 14:03 143 a------- c:\windows\system32\mcrh.tmp
2008-11-11 11:00 <DIR> --d----- c:\docume~1\karen\applic~1\IUpd721
2008-11-11 02:13 1,578,158 ---sh--- c:\windows\system32\nlcxqemo.ini
2008-11-11 00:08 1,578,121 ---sh--- c:\windows\system32\emsorihe.ini
2008-11-11 00:07 928,383 a--sh--- c:\windows\system32\cIRuFfhk.ini2
2008-11-11 00:07 930,731 a--sh--- c:\windows\system32\cIRuFfhk.ini
2008-11-11 00:01 <DIR> --d----- c:\windows\system32\sX3i19
2008-11-11 00:01 <DIR> --d----- c:\temp\PRE45
2008-11-11 00:01 <DIR> --d----- C:\Temp
2008-11-10 21:49 8,192 a------- c:\windows\n
2008-10-31 19:20 <DIR> --d----- c:\windows\network diagnostic
2008-10-31 19:19 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
2008-10-31 19:19 267,776 -------- c:\windows\system32\dllcache\iertutil.dll
2008-10-31 19:19 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2008-10-31 19:19 383,488 -------- c:\windows\system32\dllcache\ieapfltr.dll
2008-10-31 19:19 63,488 -------- c:\windows\system32\dllcache\icardie.dll
2008-10-31 19:19 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-31 19:19 2,455,488 -------- c:\windows\system32\dllcache\ieapfltr.dat
2008-10-31 19:19 991,232 -------- c:\windows\system32\dllcache\ieframe.dll.mui
2008-10-31 19:19 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2008-10-29 19:52 <DIR> --d----- c:\docume~1\karen\applic~1\Reallusion
2008-10-29 19:52 <DIR> --d----- c:\docume~1\karen\applic~1\tmp

==================== Find3M ====================

2008-11-13 19:10 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-10-30 19:30 <DIR> --d----- c:\docume~1\karen\applic~1\Canon
2008-10-20 23:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CanonIJPLM
2008-10-15 08:57 332,800 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-13 21:44 <DIR> --d----- c:\program files\BrainfuseSupQuickConnect
2008-10-12 14:27 <DIR> --d----- c:\program files\TryMedia
2008-10-12 00:32 <DIR> --d----- c:\program files\SAV
2008-10-04 22:33 <DIR> --d----- c:\docume~1\karen\applic~1\DataSafeOnline
2008-09-28 18:15 <DIR> --d----- c:\program files\Adobe Media Player
2008-09-15 03:57 1,846,016 a------- c:\windows\system32\win32k.sys
2008-09-15 03:57 1,846,016 -------- c:\windows\system32\dllcache\win32k.sys
2008-09-05 00:10 <DIR> --d----- c:\docume~1\karen\applic~1\Move Networks
2008-08-28 02:04 333,056 -------- c:\windows\system32\dllcache\srv.sys
2008-08-27 12:54 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-08-25 00:37 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-08-22 21:56 635,848 -------- c:\windows\system32\dllcache\iexplore.exe
2008-08-22 21:54 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-08-19 21:38 1,023,488 -------- c:\windows\system32\dllcache\browseui.dll
2008-08-19 21:38 474,112 -------- c:\windows\system32\dllcache\shlwapi.dll
2008-08-19 21:38 1,494,528 -------- c:\windows\system32\dllcache\shdocvw.dll
2008-08-19 21:38 1,054,208 -------- c:\windows\system32\dllcache\danim.dll
2008-08-19 21:38 151,040 -------- c:\windows\system32\dllcache\cdfview.dll
2008-06-06 18:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Dell
2008-06-01 17:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Uninstall
2008-06-01 17:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SupportSoft
2004-08-10 10:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI
2008-06-01 17:39 76 ---shr-- c:\windows\CT4CET.bin

============= FINISH: 0:14:50.59 ===============

Thanks again for all your help.



Attached File(s)
Attached File  Attach.text.zip ( 4.32K ) Number of downloads: 449
 
Go to the top of the page
 
+Quote Post
RatHat
post Nov 14 2008, 02:48 AM
Post #4


GeekU Mod
Group Icon
Posts: 7,823
From: Lake Mabprachan, Thailand
OS: XP SP2 ~ Vista Ultimate
Karen,

Please don't run any other programs to remove this problem unless I tell you to.


Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    (If you are not sure how to disable your AntiVirus and AntiSpyware programs, please see this tutorial)

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)
Note: %SystemDrive% is usually, C:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


So in your next reply, include the contents of Combofix.txt and lopR.txt

Regards,
RatHat
Go to the top of the page
 
+Quote Post
karen7787
post Nov 14 2008, 09:39 PM
Post #5


New Member
*
Posts: 9
OS: Windows XP
Hi Rat Hat,

Thanks and will do! :-)

Here is the combofix log:

ComboFix 08-11-13.01 - Karen 2008-11-14 18:29:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.462 [GMT -8:00]
Running from: c:\documents and settings\Karen\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Karen\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\documents and settings\NetworkService\Application Data\gadcom
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\SAV
c:\windows\system32\cIRuFfhk.ini
c:\windows\system32\cIRuFfhk.ini2
c:\windows\system32\emsorihe.ini
c:\windows\system32\guinxjbo.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\MSINET.oca
c:\windows\system32\nlcxqemo.ini
c:\windows\system32\pac.txt
c:\windows\system32\UJ7orxHL.exe.a_a
c:\windows\system32\x64
c:\windows\Tasks\efwfpqui.job

.Here is the other one:


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU T2370 @ 1.73GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A08
USER : Karen ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan (Activated)
Firewall : McAfee Personal Firewall (Activated)
C:\ (Local Disk) - NTFS - Total:105 Go (Free:95 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( Fri 11/14/2008|18:44 )

--------------------\\ Listing folders in APPLIC~1

[09/28/2008|06:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[08/18/2008|11:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CanonBJ
[10/20/2008|11:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CanonIJPLM
[07/11/2008|11:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[06/06/2008|06:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Dell
[06/01/2008|05:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[06/01/2008|05:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Gtek
[06/01/2008|05:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[11/13/2008|08:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[06/05/2008|12:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[10/11/2008|11:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[06/01/2008|05:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[06/05/2008|05:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Motive
[08/10/2004|10:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[06/01/2008|05:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[11/13/2008|06:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[06/01/2008|05:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft
[11/14/2008|06:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[06/01/2008|05:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Uninstall
[06/06/2008|06:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[11/13/2008|10:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WinZip
[11/13/2008|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WinZipSE

[06/01/2008|05:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> GTek
[08/10/2004|10:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[06/01/2008|05:38] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> InstallShield
[06/01/2008|05:53] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[06/01/2008|05:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun

[09/28/2008|06:15] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Adobe
[10/30/2008|07:30] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Canon
[10/29/2008|08:09] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Creative
[06/05/2008|01:13] C:\DOCUME~1\Karen\APPLIC~1\<DIR> CyberLink
[10/04/2008|10:33] C:\DOCUME~1\Karen\APPLIC~1\<DIR> DataSafeOnline
[06/05/2008|05:09] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Google
[06/05/2008|01:02] C:\DOCUME~1\Karen\APPLIC~1\<DIR> GTek
[10/16/2008|09:32] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Help
[08/10/2004|10:08] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Identities
[06/01/2008|05:38] C:\DOCUME~1\Karen\APPLIC~1\<DIR> InstallShield
[11/11/2008|11:00] C:\DOCUME~1\Karen\APPLIC~1\<DIR> IUpd721
[06/05/2008|05:09] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Macromedia
[11/13/2008|08:10] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Malwarebytes
[10/12/2008|01:58] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Microsoft
[06/05/2008|06:50] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Motive
[09/05/2008|12:10] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Move Networks
[10/29/2008|07:52] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Reallusion
[06/01/2008|05:35] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Sun
[11/13/2008|07:10] C:\DOCUME~1\Karen\APPLIC~1\<DIR> SUPERAntiSpyware.com
[10/29/2008|07:52] C:\DOCUME~1\Karen\APPLIC~1\<DIR> tmp

[08/10/2004|09:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[10/26/2008|04:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Adobe
[10/11/2008|11:10] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Google
[11/11/2008|12:07] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> IUpd721
[10/11/2008|11:10] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Macromedia
[08/10/2004|09:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[11/12/2008|03:41] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> NI.GSCNS
[11/05/2008|11:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Sun

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[11/13/2008 11:00 PM][--a------] C:\WINDOWS\tasks\At120.job
[11/13/2008 10:00 PM][--a------] C:\WINDOWS\tasks\At119.job
[11/13/2008 09:00 PM][--a------] C:\WINDOWS\tasks\At118.job
[11/13/2008 08:00 PM][--a------] C:\WINDOWS\tasks\At117.job
[11/14/2008 06:00 PM][--a------] C:\WINDOWS\tasks\At115.job
[11/13/2008 07:00 PM][--a------] C:\WINDOWS\tasks\At116.job
[11/14/2008 05:00 PM][--a------] C:\WINDOWS\tasks\At114.job
[11/14/2008 03:00 PM][--a------] C:\WINDOWS\tasks\At112.job
[11/14/2008 04:00 PM][--a------] C:\WINDOWS\tasks\At113.job
[11/14/2008 02:00 PM][--a------] C:\WINDOWS\tasks\At111.job
[11/13/2008 01:00 PM][--a------] C:\WINDOWS\tasks\At110.job
[11/13/2008 12:00 PM][--a------] C:\WINDOWS\tasks\At109.job
[11/13/2008 11:00 AM][--a------] C:\WINDOWS\tasks\At108.job
[11/11/2008 09:03 AM][--a------] C:\WINDOWS\tasks\At106.job
[11/11/2008 10:00 AM][--a------] C:\WINDOWS\tasks\At107.job
[11/11/2008 10:53 AM][--a------] C:\WINDOWS\tasks\At105.job
[11/14/2008 07:00 AM][--a------] C:\WINDOWS\tasks\At104.job
[11/14/2008 06:00 AM][--a------] C:\WINDOWS\tasks\At103.job
[11/11/2008 05:00 AM][--a------] C:\WINDOWS\tasks\At102.job
[11/11/2008 04:00 AM][--a------] C:\WINDOWS\tasks\At101.job
[11/14/2008 03:00 AM][--a------] C:\WINDOWS\tasks\At100.job
[11/13/2008 02:00 AM][--a------] C:\WINDOWS\tasks\At99.job
[11/14/2008 01:00 AM][--a------] C:\WINDOWS\tasks\At98.job
[11/14/2008 12:41 AM][--a------] C:\WINDOWS\tasks\At97.job
[11/13/2008 11:00 PM][--a------] C:\WINDOWS\tasks\At96.job
[11/13/2008 10:00 PM][--a------] C:\WINDOWS\tasks\At95.job
[11/13/2008 09:00 PM][--a------] C:\WINDOWS\tasks\At94.job
[11/13/2008 08:00 PM][--a------] C:\WINDOWS\tasks\At93.job
[11/13/2008 07:00 PM][--a------] C:\WINDOWS\tasks\At92.job
[11/14/2008 06:00 PM][--a------] C:\WINDOWS\tasks\At91.job
[11/14/2008 05:00 PM][--a------] C:\WINDOWS\tasks\At90.job
[11/14/2008 04:00 PM][--a------] C:\WINDOWS\tasks\At89.job
[11/14/2008 03:00 PM][--a------] C:\WINDOWS\tasks\At88.job
[11/14/2008 02:00 PM][--a------] C:\WINDOWS\tasks\At87.job
[11/13/2008 01:00 PM][--a------] C:\WINDOWS\tasks\At86.job
[11/13/2008 12:00 PM][--a------] C:\WINDOWS\tasks\At85.job
[11/13/2008 11:00 AM][--a------] C:\WINDOWS\tasks\At84.job
[11/11/2008 10:00 AM][--a------] C:\WINDOWS\tasks\At83.job
[11/11/2008 09:03 AM][--a------] C:\WINDOWS\tasks\At82.job
[11/11/2008 09:03 AM][--a------] C:\WINDOWS\tasks\At81.job
[11/14/2008 07:00 AM][--a------] C:\WINDOWS\tasks\At80.job
[11/14/2008 06:00 AM][--a------] C:\WINDOWS\tasks\At79.job
[11/11/2008 05:00 AM][--a------] C:\WINDOWS\tasks\At78.job
[11/11/2008 04:00 AM][--a------] C:\WINDOWS\tasks\At77.job
[11/14/2008 03:00 AM][--a------] C:\WINDOWS\tasks\At76.job
[11/13/2008 02:00 AM][--a------] C:\WINDOWS\tasks\At75.job
[11/14/2008 01:00 AM][--a------] C:\WINDOWS\tasks\At74.job
[11/14/2008 12:30 AM][--a------] C:\WINDOWS\tasks\At73.job
[11/13/2008 11:00 PM][--a------] C:\WINDOWS\tasks\At72.job
[11/13/2008 10:00 PM][--a------] C:\WINDOWS\tasks\At71.job
[11/13/2008 09:00 PM][--a------] C:\WINDOWS\tasks\At70.job
[11/13/2008 08:00 PM][--a------] C:\WINDOWS\tasks\At69.job
[11/13/2008 07:00 PM][--a------] C:\WINDOWS\tasks\At68.job
[11/14/2008 06:00 PM][--a------] C:\WINDOWS\tasks\At67.job
[11/14/2008 05:00 PM][--a------] C:\WINDOWS\tasks\At66.job
[11/14/2008 04:00 PM][--a------] C:\WINDOWS\tasks\At65.job
[11/14/2008 03:00 PM][--a------] C:\WINDOWS\tasks\At64.job
[11/14/2008 02:00 PM][--a------] C:\WINDOWS\tasks\At63.job
[11/13/2008 01:00 PM][--a------] C:\WINDOWS\tasks\At62.job
[11/13/2008 12:00 PM][--a------] C:\WINDOWS\tasks\At61.job
[11/13/2008 11:00 AM][--a------] C:\WINDOWS\tasks\At60.job
[11/11/2008 10:00 AM][--a------] C:\WINDOWS\tasks\At59.job
[11/11/2008 09:03 AM][--a------] C:\WINDOWS\tasks\At58.job
[11/11/2008 09:03 AM][--a------] C:\WINDOWS\tasks\At57.job
[11/14/2008 07:00 AM][--a------] C:\WINDOWS\tasks\At56.job
[11/14/2008 06:00 AM][--a------] C:\WINDOWS\tasks\At55.job
[11/11/2008 05:00 AM][--a------] C:\WINDOWS\tasks\At54.job
[11/11/2008 04:00 AM][--a------] C:\WINDOWS\tasks\At53.job
[11/14/2008 03:00 AM][--a------] C:\WINDOWS\tasks\At52.job
[11/13/2008 02:00 AM][--a------] C:\WINDOWS\tasks\At51.job
[11/14/2008 01:00 AM][--a------] C:\WINDOWS\tasks\At50.job
[11/14/2008 12:30 AM][--a------] C:\WINDOWS\tasks\At49.job
[11/13/2008 11:00 PM][--a------] C:\WINDOWS\tasks\At48.job
[11/13/2008 10:00 PM][--a------] C:\WINDOWS\tasks\At47.job
[11/13/2008 09:00 PM][--a------] C:\WINDOWS\tasks\At46.job
[11/13/2008 08:00 PM][--a------] C:\WINDOWS\tasks\At45.job
[11/13/2008 07:00 PM][--a------] C:\WINDOWS\tasks\At44.job
[11/14/2008 06:00 PM][--a------] C:\WINDOWS\tasks\At43.job
[11/14/2008 05:00 PM][--a------] C:\WINDOWS\tasks\At42.job
[11/14/2008 04:00 PM][--a------] C:\WINDOWS\tasks\At41.job
[11/14/2008 03:00 PM][--a------] C:\WINDOWS\tasks\At40.job
[11/14/2008 02:00 PM][--a------] C:\WINDOWS\tasks\At39.job
[11/13/2008 12:00 PM][--a------] C:\WINDOWS\tasks\At37.job
[11/13/2008 01:00 PM][--a------] C:\WINDOWS\tasks\At38.job
[11/13/2008 11:00 AM][--a------] C:\WINDOWS\tasks\At36.job
[11/11/2008 10:00 AM][--a------] C:\WINDOWS\tasks\At35.job
[11/11/2008 09:03 AM][--a------] C:\WINDOWS\tasks\At34.job
[11/11/2008 09:03 AM][--a------] C:\WINDOWS\tasks\At33.job
[11/14/2008 07:00 AM][--a------] C:\WINDOWS\tasks\At32.job
[11/14/2008 06:00 AM][--a------] C:\WINDOWS\tasks\At31.job
[11/11/2008 05:00 AM][--a------] C:\WINDOWS\tasks\At30.job
[11/14/2008 03:00 AM][--a------] C:\WINDOWS\tasks\At28.job
[11/11/2008 04:00 AM][--a------] C:\WINDOWS\tasks\At29.job
[11/13/2008 02:00 AM][--a------] C:\WINDOWS\tasks\At27.job
[11/14/2008 01:00 AM][--a------] C:\WINDOWS\tasks\At26.job
[11/14/2008 12:39 AM][--a------] C:\WINDOWS\tasks\At25.job
[11/13/2008 11:00 PM][--a------] C:\WINDOWS\tasks\At24.job
[11/13/2008 10:00 PM][--a------] C:\WINDOWS\tasks\At23.job
[11/13/2008 09:00 PM][--a------] C:\WINDOWS\tasks\At22.job
[11/13/2008 08:00 PM][--a------] C:\WINDOWS\tasks\At21.job
[11/13/2008 07:00 PM][--a------] C:\WINDOWS\tasks\At20.job
[11/14/2008 06:00 PM][--a------] C:\WINDOWS\tasks\At19.job
[11/14/2008 04:00 PM][--a------] C:\WINDOWS\tasks\At17.job
[11/14/2008 05:00 PM][--a------] C:\WINDOWS\tasks\At18.job
[11/14/2008 03:00 PM][--a------] C:\WINDOWS\tasks\At16.job
[11/14/2008 02:00 PM][--a------] C:\WINDOWS\tasks\At15.job
[11/13/2008 01:00 PM][--a------] C:\WINDOWS\tasks\At14.job
[11/13/2008 12:00 PM][--a------] C:\WINDOWS\tasks\At13.job
[11/13/2008 11:00 AM][--a------] C:\WINDOWS\tasks\At12.job
[11/11/2008 10:00 AM][--a------] C:\WINDOWS\tasks\At11.job
[11/11/2008 09:03 AM][--a------] C:\WINDOWS\tasks\At10.job
[11/11/2008 09:03 AM][--a------] C:\WINDOWS\tasks\At9.job
[11/14/2008 07:00 AM][--a------] C:\WINDOWS\tasks\At8.job
[11/14/2008 06:00 AM][--a------] C:\WINDOWS\tasks\At7.job
[11/11/2008 05:00 AM][--a------] C:\WINDOWS\tasks\At6.job
[11/11/2008 04:00 AM][--a------] C:\WINDOWS\tasks\At5.job
[11/14/2008 03:00 AM][--a------] C:\WINDOWS\tasks\At4.job
[11/13/2008 02:00 AM][--a------] C:\WINDOWS\tasks\At3.job
[11/14/2008 01:00 AM][--a------] C:\WINDOWS\tasks\At2.job
[11/14/2008 12:10 AM][--a------] C:\WINDOWS\tasks\At1.job
[10/15/2008 12:00 AM][--a------] C:\WINDOWS\tasks\McDefragTask.job
[11/01/2008 12:00 AM][--a------] C:\WINDOWS\tasks\McQcTask.job
[11/14/2008 06:33 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 02:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[06/01/2008|05:49] C:\Program Files\<DIR> Adobe
[09/28/2008|06:15] C:\Program Files\<DIR> Adobe Media Player
[10/13/2008|09:44] C:\Program Files\<DIR> BrainfuseSupQuickConnect
[06/01/2008|05:39] C:\Program Files\<DIR> Broadcom
[08/19/2008|12:54] C:\Program Files\<DIR> Canon
[08/18/2008|11:12] C:\Program Files\<DIR> CanonBJ
[11/12/2008|09:08] C:\Program Files\<DIR> CCleaner
[06/01/2008|05:59] C:\Program Files\<DIR> Citrix
[11/14/2008|06:30] C:\Program Files\<DIR> Common Files
[08/10/2004|10:02] C:\Program Files\<DIR> ComPlus Applications
[06/01/2008|05:42] C:\Program Files\<DIR> CONEXANT
[06/01/2008|05:39] C:\Program Files\<DIR> Creative
[06/01/2008|05:39] C:\Program Files\<DIR> Creative Live! Cam
[06/01/2008|05:56] C:\Program Files\<DIR> CyberLink
[06/01/2008|06:03] C:\Program Files\<DIR> Dell
[06/01/2008|05:48] C:\Program Files\<DIR> Dell DataSafe Online
[06/01/2008|05:55] C:\Program Files\<DIR> Dell Support Center
[06/01/2008|05:58] C:\Program Files\<DIR> DellAutomatedPCTuneUp
[06/01/2008|05:38] C:\Program Files\<DIR> Digital Line Detect
[11/12/2008|11:05] C:\Program Files\<DIR> Executive Software
[06/05/2008|06:04] C:\Program Files\<DIR> Google
[06/01/2008|06:01] C:\Program Files\<DIR> InstallShield Installation Information
[10/31/2008|07:38] C:\Program Files\<DIR> Internet Explorer
[11/13/2008|12:35] C:\Program Files\<DIR> Java
[06/01/2008|05:53] C:\Program Files\<DIR> McAfee
[06/01/2008|05:51] C:\Program Files\<DIR> McAfee.com
[08/13/2008|09:06] C:\Program Files\<DIR> Messenger
[08/10/2004|10:04] C:\Program Files\<DIR> microsoft frontpage
[06/01/2008|05:47] C:\Program Files\<DIR> Microsoft Office
[06/01/2008|06:02] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition
[06/01/2008|06:02] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE
[06/01/2008|05:47] C:\Program Files\<DIR> Microsoft Works
[06/01/2008|05:47] C:\Program Files\<DIR> Microsoft.NET
[06/01/2008|05:38] C:\Program Files\<DIR> Modem Diagnostic Tool
[08/10/2004|10:02] C:\Program Files\<DIR> Movie Maker
[06/01/2008|05:57] C:\Program Files\<DIR> MSECache
[08/10/2004|10:01] C:\Program Files\<DIR> MSN
[08/10/2004|10:01] C:\Program Files\<DIR> MSN Gaming Zone
[06/01/2008|05:34] C:\Program Files\<DIR> MSXML 6.0
[06/01/2008|06:01] C:\Program Files\<DIR> MUSICMATCH
[06/06/2008|06:17] C:\Program Files\<DIR> Netflix
[08/10/2004|10:02] C:\Program Files\<DIR> NetMeeting
[06/01/2008|05:38] C:\Program Files\<DIR> NetWaiting
[08/10/2004|10:01] C:\Program Files\<DIR> Online Services
[06/01/2008|05:33] C:\Program Files\<DIR> Outlook Express
[11/12/2008|04:02] C:\Program Files\<DIR> Registry Mechanic
[06/01/2008|05:58] C:\Program Files\<DIR> Roxio
[07/31/2008|12:12] C:\Program Files\<DIR> SBC Self Support Tool
[06/01/2008|05:41] C:\Program Files\<DIR> Sigmatel
[11/13/2008|07:10] C:\Program Files\<DIR> SUPERAntiSpyware
[06/01/2008|05:20] C:\Program Files\<DIR> Synaptics
[11/12/2008|04:32] C:\Program Files\<DIR> Trend Micro
[10/12/2008|02:27] C:\Program Files\<DIR> TryMedia
[08/10/2004|10:08] C:\Program Files\<DIR> Uninstall Information
[06/06/2008|06:22] C:\Program Files\<DIR> Windows Media Connect 2
[06/06/2008|06:22] C:\Program Files\<DIR> Windows Media Player
[08/10/2004|10:01] C:\Program Files\<DIR> Windows NT
[08/10/2004|10:02] C:\Program Files\<DIR> WindowsUpdate
[11/13/2008|10:53] C:\Program Files\<DIR> WinZip
[11/13/2008|10:50] C:\Program Files\<DIR> WinZip Self-Extractor
[08/10/2004|10:04] C:\Program Files\<DIR> xerox
[06/05/2008|03:10] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[06/01/2008|05:49] C:\Program Files\Common Files\<DIR> Adobe
[09/28/2008|06:15] C:\Program Files\Common Files\<DIR> Adobe AIR
[08/18/2008|11:25] C:\Program Files\Common Files\<DIR> CANON
[06/01/2008|05:39] C:\Program Files\Common Files\<DIR> Creative
[06/01/2008|05:47] C:\Program Files\Common Files\<DIR> DESIGNER
[11/12/2008|11:05] C:\Program Files\Common Files\<DIR> InstallShield
[06/01/2008|05:51] C:\Program Files\Common Files\<DIR> McAfee
[06/01/2008|05:47] C:\Program Files\Common Files\<DIR> Microsoft Shared
[07/31/2008|12:12] C:\Program Files\Common Files\<DIR> Motive
[08/10/2004|10:02] C:\Program Files\Common Files\<DIR> MSSoap
[08/10/2004|09:57] C:\Program Files\Common Files\<DIR> ODBC
[06/01/2008|05:39] C:\Program Files\Common Files\<DIR> Reallusion
[06/01/2008|05:58] C:\Program Files\Common Files\<DIR> Roxio Shared
[08/10/2004|10:02] C:\Program Files\Common Files\<DIR> Services
[06/01/2008|05:58] C:\Program Files\Common Files\<DIR> Sonic Shared
[08/10/2004|09:57] C:\Program Files\Common Files\<DIR> SpeechEngines
[06/01/2008|05:55] C:\Program Files\Common Files\<DIR> supportsoft
[06/01/2008|05:59] C:\Program Files\Common Files\<DIR> SureThing Shared
[06/01/2008|05:33] C:\Program Files\Common Files\<DIR> System
[11/13/2008|07:10] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 57 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Karen\Cookies\karen@advertising[2].txt
C:\DOCUME~1\Karen\Cookies\karen@advertising[3].txt
C:\DOCUME~1\Karen\Cookies\karen@adopt.euroclick[2].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

================================
I noticed the log says McAffee was activated. I did not have an exit option, probably because this software came bundled with the computer. I went in and disabled every option I could find manually before running this. Please let me know if I have to do something differently.

Thanks again,

Karen
Go to the top of the page
 
+Quote Post
RatHat
post Nov 14 2008, 09:49 PM
Post #6


GeekU Mod
Group Icon
Posts: 7,823
From: Lake Mabprachan, Thailand
OS: XP SP2 ~ Vista Ultimate
Karen,

The Combofix log is a lot longer that just the deletions. It contains a lot of information I need to see. Could you post it again please, and make sure that is posted in it's entirety.

Thanks,
RatHat
Go to the top of the page
 
+Quote Post
karen7787
post Nov 14 2008, 09:59 PM
Post #7


New Member
*
Posts: 9
OS: Windows XP
Hi Rat Hat,

Sorry about that. I had not seen the rest... Here is the complete log:

ComboFix 08-11-13.01 - Karen 2008-11-14 18:29:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.462 [GMT -8:00]
Running from: c:\documents and settings\Karen\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Karen\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\documents and settings\NetworkService\Application Data\gadcom
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\SAV
c:\windows\system32\cIRuFfhk.ini
c:\windows\system32\cIRuFfhk.ini2
c:\windows\system32\emsorihe.ini
c:\windows\system32\guinxjbo.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\MSINET.oca
c:\windows\system32\nlcxqemo.ini
c:\windows\system32\pac.txt
c:\windows\system32\UJ7orxHL.exe.a_a
c:\windows\system32\x64
c:\windows\Tasks\efwfpqui.job

.
((((((((((((((((((((((((( Files Created from 2008-10-15 to 2008-11-15 )))))))))))))))))))))))))))))))
.

2008-11-14 00:17 . 2008-11-14 00:17 <DIR> d-------- c:\windows\CD95F661A5C444F5A6AAECDD91C240B7.TMP
2008-11-13 22:53 . 2008-11-13 22:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip
2008-11-13 22:50 . 2008-11-13 22:50 <DIR> d-------- c:\program files\WinZip Self-Extractor
2008-11-13 22:50 . 2008-11-13 22:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZipSE
2008-11-13 20:10 . 2008-11-13 20:10 <DIR> d-------- c:\documents and settings\Karen\Application Data\Malwarebytes
2008-11-13 20:10 . 2008-11-13 20:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-13 18:28 . 2008-11-13 19:10 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-13 18:28 . 2008-11-13 19:10 <DIR> d-------- c:\documents and settings\Karen\Application Data\SUPERAntiSpyware.com
2008-11-13 18:28 . 2008-11-13 18:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-13 00:35 . 2008-11-13 00:35 <DIR> d-------- c:\program files\Java
2008-11-13 00:35 . 2008-11-13 00:35 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-13 00:35 . 2008-11-13 00:35 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-12 23:04 . 2008-11-12 23:05 <DIR> d-------- c:\program files\Executive Software
2008-11-12 21:08 . 2008-11-12 21:08 <DIR> d-------- c:\program files\CCleaner
2008-11-12 16:32 . 2008-11-12 16:32 <DIR> d-------- c:\program files\Trend Micro
2008-11-12 15:59 . 2008-11-14 18:34 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-11 11:00 . 2008-11-11 11:00 <DIR> d-------- c:\documents and settings\Karen\Application Data\IUpd721
2008-11-11 00:07 . 2008-11-11 00:07 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\IUpd721
2008-11-11 00:01 . 2008-11-11 00:09 <DIR> d-------- c:\windows\system32\sX3i19
2008-11-11 00:01 . 2008-11-11 00:01 <DIR> d-------- c:\temp\PRE45
2008-11-11 00:01 . 2008-11-11 00:01 <DIR> d-------- C:\Temp
2008-11-11 00:01 . 2008-11-12 03:41 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\NI.GSCNS
2008-11-10 21:49 . 2008-11-10 21:49 8,192 --a------ c:\windows\n
2008-10-31 19:19 . 2008-10-03 09:41 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll
2008-10-31 19:19 . 2007-04-17 01:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2008-10-31 19:19 . 2007-03-07 21:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2008-10-31 19:19 . 2008-08-25 23:24 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2008-10-31 19:19 . 2008-08-25 23:24 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2008-10-31 19:19 . 2008-08-25 23:24 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2008-10-31 19:19 . 2008-08-25 23:24 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2008-10-31 19:19 . 2008-08-25 23:24 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2008-10-31 19:19 . 2008-08-25 00:38 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-29 20:09 . 2008-10-29 20:09 <DIR> d-------- c:\documents and settings\Karen\Application Data\Creative
2008-10-29 19:52 . 2008-10-29 19:52 <DIR> d-------- c:\documents and settings\Karen\Application Data\tmp
2008-10-29 19:52 . 2008-10-29 19:52 <DIR> d-------- c:\documents and settings\Karen\Application Data\Reallusion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 03:10 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-13 07:05 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-31 18:08 726,008 ----a-w c:\documents and settings\Karen\gotomypc_437.exe
2008-10-31 03:30 --------- d-----w c:\documents and settings\Karen\Application Data\Canon
2008-10-21 07:58 --------- d-----w c:\documents and settings\All Users\Application Data\CanonIJPLM
2008-10-15 16:57 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-14 05:44 --------- d-----w c:\program files\BrainfuseSupQuickConnect
2008-10-12 22:27 --------- d-----w c:\program files\TryMedia
2008-10-05 06:33 --------- d-----w c:\documents and settings\Karen\Application Data\DataSafeOnline
2008-09-29 02:15 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-09-29 02:15 --------- d-----w c:\program files\Adobe Media Player
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ------w c:\windows\system32\dllcache\win32k.sys
2008-08-28 10:04 333,056 ------w c:\windows\system32\dllcache\srv.sys
2008-08-27 20:54 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:37 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-08-20 05:38 474,112 ------w c:\windows\system32\dllcache\shlwapi.dll
2008-08-20 05:38 151,040 ------w c:\windows\system32\dllcache\cdfview.dll
2008-08-20 05:38 1,494,528 ------w c:\windows\system32\dllcache\shdocvw.dll
2008-08-20 05:38 1,054,208 ------w c:\windows\system32\dllcache\danim.dll
2008-08-20 05:38 1,023,488 ------w c:\windows\system32\dllcache\browseui.dll
2008-06-02 01:39 76 --sh--r c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" [X]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-01 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-09 851968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-09 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-09 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-09 137752]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-11 2183168]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2008-03-30 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-01 29744]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-13 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

c:\documents and settings\Karen\Start Menu\Programs\Startup\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2008-09-28 260096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2008-06-05 217088]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-06-01 50688]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-10 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-01 17:59 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R2 IJPLMSVC;PIXMA Extended Survey Program;c:\program files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 97432]
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;c:\windows\system32\Drivers\OEM02Afx.sys [2007-08-28 141376]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2007-08-28 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 7424]
S3 GoToAssist;GoToAssist;c:\program files\Citrix\GoToAssist\514\g2aservice.exe Start=service [ ]
.
Contents of the 'Scheduled Tasks' folder

2008-11-14 c:\windows\Tasks\At1.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-11 c:\windows\Tasks\At10.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At100.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-11 c:\windows\Tasks\At101.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-11 c:\windows\Tasks\At102.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At103.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At104.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-11 c:\windows\Tasks\At105.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-11 c:\windows\Tasks\At106.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-11 c:\windows\Tasks\At107.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-13 c:\windows\Tasks\At108.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-13 c:\windows\Tasks\At109.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-11 c:\windows\Tasks\At11.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-13 c:\windows\Tasks\At110.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At111.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At112.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-15 c:\windows\Tasks\At113.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-15 c:\windows\Tasks\At114.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-15 c:\windows\Tasks\At115.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At116.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At117.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At118.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At119.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-13 c:\windows\Tasks\At12.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At120.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-13 c:\windows\Tasks\At13.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-13 c:\windows\Tasks\At14.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At15.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At16.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-15 c:\windows\Tasks\At17.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-15 c:\windows\Tasks\At18.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-15 c:\windows\Tasks\At19.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At2.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At20.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At21.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At22.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At23.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At24.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At25.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At26.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-13 c:\windows\Tasks\At27.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At28.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-11 c:\windows\Tasks\At29.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-13 c:\windows\Tasks\At3.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-11 c:\windows\Tasks\At30.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At31.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At32.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-11 c:\windows\Tasks\At33.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-11 c:\windows\Tasks\At34.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-11 c:\windows\Tasks\At35.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-13 c:\windows\Tasks\At36.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-13 c:\windows\Tasks\At37.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-13 c:\windows\Tasks\At38.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At39.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At4.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At40.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-15 c:\windows\Tasks\At41.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-15 c:\windows\Tasks\At42.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-15 c:\windows\Tasks\At43.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At44.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At45.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At46.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At47.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At48.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At49.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-11 c:\windows\Tasks\At5.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At50.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-13 c:\windows\Tasks\At51.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At52.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-11 c:\windows\Tasks\At53.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-11 c:\windows\Tasks\At54.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At55.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At56.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-11 c:\windows\Tasks\At57.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-11 c:\windows\Tasks\At58.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-11 c:\windows\Tasks\At59.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-11 c:\windows\Tasks\At6.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-13 c:\windows\Tasks\At60.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-13 c:\windows\Tasks\At61.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-13 c:\windows\Tasks\At62.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At63.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At64.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-15 c:\windows\Tasks\At65.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-15 c:\windows\Tasks\At66.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-15 c:\windows\Tasks\At67.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At68.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At69.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At7.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At70.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At71.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At72.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At73.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At74.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-13 c:\windows\Tasks\At75.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At76.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-11 c:\windows\Tasks\At77.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-11 c:\windows\Tasks\At78.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At79.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At8.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At80.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-11 c:\windows\Tasks\At81.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-11 c:\windows\Tasks\At82.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-11 c:\windows\Tasks\At83.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-13 c:\windows\Tasks\At84.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-13 c:\windows\Tasks\At85.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-13 c:\windows\Tasks\At86.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At87.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At88.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-15 c:\windows\Tasks\At89.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-11 c:\windows\Tasks\At9.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-15 c:\windows\Tasks\At90.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-15 c:\windows\Tasks\At91.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At92.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At93.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At94.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At95.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At96.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At97.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-14 c:\windows\Tasks\At98.job
- c:\windows\system32\UJ7orxHL.exe []

2008-11-13 c:\windows\Tasks\At99.job
- c:\windows\system32\UJ7orxHL.exe []

2008-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://att.yahoo.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = "c:\program files\MSN Gaming Zone\Windows\chkrzm.exe"
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-14 18:34:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\documents and settings\Karen\Application Data\Adobe\Adobe Media Player\Local Store\measurement\store.db-journal 6184 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\explorer.exe
-> ?:\windows\system32\iphlpapi.dll
-> ?:\windows\system32\iphlpapi.dll
-> ?:\windows\system32\iphlpapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Executive Software\DiskeeperLite\DKService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\program files\SBC Self Support Tool\bin\mpbtn.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-11-14 18:37:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-15 02:37:14

Pre-Run: 101,941,026,816 bytes free
Post-Run: 102,611,570,688 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

462 --- E O F --- 2008-11-02 10:01:18

Thanks,

Karen
Go to the top of the page
 
+Quote Post
RatHat
post Nov 15 2008, 01:35 AM
Post #8


GeekU Mod
Group Icon
Posts: 7,823
From: Lake Mabprachan, Thailand
OS: XP SP2 ~ Vista Ultimate
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.


2. Now copy/paste the entire content of the codebox below into the Notepad window:

CODE
File::
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At100.job
c:\windows\Tasks\At101.job
c:\windows\Tasks\At102.job
c:\windows\Tasks\At103.job
c:\windows\Tasks\At104.job
c:\windows\Tasks\At105.job
c:\windows\Tasks\At106.job
c:\windows\Tasks\At107.job
c:\windows\Tasks\At108.job
c:\windows\Tasks\At109.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At110.job
c:\windows\Tasks\At111.job
c:\windows\Tasks\At112.job
c:\windows\Tasks\At113.job
c:\windows\Tasks\At114.job
c:\windows\Tasks\At115.job
c:\windows\Tasks\At116.job
c:\windows\Tasks\At117.job
c:\windows\Tasks\At118.job
c:\windows\Tasks\At119.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At120.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At49.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At50.job
c:\windows\Tasks\At51.job
c:\windows\Tasks\At52.job
c:\windows\Tasks\At53.job
c:\windows\Tasks\At54.job
c:\windows\Tasks\At55.job
c:\windows\Tasks\At56.job
c:\windows\Tasks\At57.job
c:\windows\Tasks\At58.job
c:\windows\Tasks\At59.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At60.job
c:\windows\Tasks\At61.job
c:\windows\Tasks\At62.job
c:\windows\Tasks\At63.job
c:\windows\Tasks\At64.job
c:\windows\Tasks\At65.job
c:\windows\Tasks\At66.job
c:\windows\Tasks\At67.job
c:\windows\Tasks\At68.job
c:\windows\Tasks\At69.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At70.job
c:\windows\Tasks\At71.job
c:\windows\Tasks\At72.job
c:\windows\Tasks\At73.job
c:\windows\Tasks\At74.job
c:\windows\Tasks\At75.job
c:\windows\Tasks\At76.job
c:\windows\Tasks\At77.job
c:\windows\Tasks\At78.job
c:\windows\Tasks\At79.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At80.job
c:\windows\Tasks\At81.job
c:\windows\Tasks\At82.job
c:\windows\Tasks\At83.job
c:\windows\Tasks\At84.job
c:\windows\Tasks\At85.job
c:\windows\Tasks\At86.job
c:\windows\Tasks\At87.job
c:\windows\Tasks\At88.job
c:\windows\Tasks\At89.job
c:\windows\Tasks\At9.job
c:\windows\Tasks\At90.job
c:\windows\Tasks\At91.job
c:\windows\Tasks\At92.job
c:\windows\Tasks\At93.job
c:\windows\Tasks\At94.job
c:\windows\Tasks\At95.job
c:\windows\Tasks\At96.job
c:\windows\Tasks\At97.job
c:\windows\Tasks\At98.job
c:\windows\Tasks\At99.job

FileLook::
c:\windows\n

DirLook::
c:\documents and settings\Karen\Application Data\IUpd721
c:\documents and settings\NetworkService\Application Data\IUpd721
c:\windows\system32\sX3i19
c:\temp\PRE45
c:\documents and settings\NetworkService\Application Data\NI.GSCNS



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.



5. After reboot, (in case it asks to reboot), please post the Combofix.txt report into your next reply.
Go to the top of the page
 
+Quote Post
karen7787
post Nov 15 2008, 09:18 PM
Post #9


New Member
*
Posts: 9
OS: Windows XP
Hi Rat Hat,

Thanks again! Here is the pasted log. Here is what I have noticed since yesterday: messages saying yahoo chat is running on another computer and I don't use that, I was redirected to an ad site while searching the internet, and I'm getting spam from topics related to my emails. When I booted this morning McAfee alerted me to: Tool-Nir.Cmd, but maybe that's one of the programs we are using.

Regards,

Karen
=================================================
ComboFix 08-11-13.02 - Karen 2008-11-15 19:05:47.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.596 [GMT -8:00]
Running from: c:\documents and settings\Karen\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Karen\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At100.job
c:\windows\Tasks\At101.job
c:\windows\Tasks\At102.job
c:\windows\Tasks\At103.job
c:\windows\Tasks\At104.job
c:\windows\Tasks\At105.job
c:\windows\Tasks\At106.job
c:\windows\Tasks\At107.job
c:\windows\Tasks\At108.job
c:\windows\Tasks\At109.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At110.job
c:\windows\Tasks\At111.job
c:\windows\Tasks\At112.job
c:\windows\Tasks\At113.job
c:\windows\Tasks\At114.job
c:\windows\Tasks\At115.job
c:\windows\Tasks\At116.job
c:\windows\Tasks\At117.job
c:\windows\Tasks\At118.job
c:\windows\Tasks\At119.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At120.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At49.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At50.job
c:\windows\Tasks\At51.job
c:\windows\Tasks\At52.job
c:\windows\Tasks\At53.job
c:\windows\Tasks\At54.job
c:\windows\Tasks\At55.job
c:\windows\Tasks\At56.job
c:\windows\Tasks\At57.job
c:\windows\Tasks\At58.job
c:\windows\Tasks\At59.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At60.job
c:\windows\Tasks\At61.job
c:\windows\Tasks\At62.job
c:\windows\Tasks\At63.job
c:\windows\Tasks\At64.job
c:\windows\Tasks\At65.job
c:\windows\Tasks\At66.job
c:\windows\Tasks\At67.job
c:\windows\Tasks\At68.job
c:\windows\Tasks\At69.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At70.job
c:\windows\Tasks\At71.job
c:\windows\Tasks\At72.job
c:\windows\Tasks\At73.job
c:\windows\Tasks\At74.job
c:\windows\Tasks\At75.job
c:\windows\Tasks\At76.job
c:\windows\Tasks\At77.job
c:\windows\Tasks\At78.job
c:\windows\Tasks\At79.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At80.job
c:\windows\Tasks\At81.job
c:\windows\Tasks\At82.job
c:\windows\Tasks\At83.job
c:\windows\Tasks\At84.job
c:\windows\Tasks\At85.job
c:\windows\Tasks\At86.job
c:\windows\Tasks\At87.job
c:\windows\Tasks\At88.job
c:\windows\Tasks\At89.job
c:\windows\Tasks\At9.job
c:\windows\Tasks\At90.job
c:\windows\Tasks\At91.job
c:\windows\Tasks\At92.job
c:\windows\Tasks\At93.job
c:\windows\Tasks\At94.job
c:\windows\Tasks\At95.job
c:\windows\Tasks\At96.job
c:\windows\Tasks\At97.job
c:\windows\Tasks\At98.job
c:\windows\Tasks\At99.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At100.job
c:\windows\Tasks\At101.job
c:\windows\Tasks\At102.job
c:\windows\Tasks\At103.job
c:\windows\Tasks\At104.job
c:\windows\Tasks\At105.job
c:\windows\Tasks\At106.job
c:\windows\Tasks\At107.job
c:\windows\Tasks\At108.job
c:\windows\Tasks\At109.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At110.job
c:\windows\Tasks\At111.job
c:\windows\Tasks\At112.job
c:\windows\Tasks\At113.job
c:\windows\Tasks\At114.job
c:\windows\Tasks\At115.job
c:\windows\Tasks\At116.job
c:\windows\Tasks\At117.job
c:\windows\Tasks\At118.job
c:\windows\Tasks\At119.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At120.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At49.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At50.job
c:\windows\Tasks\At51.job
c:\windows\Tasks\At52.job
c:\windows\Tasks\At53.job
c:\windows\Tasks\At54.job
c:\windows\Tasks\At55.job
c:\windows\Tasks\At56.job
c:\windows\Tasks\At57.job
c:\windows\Tasks\At58.job
c:\windows\Tasks\At59.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At60.job
c:\windows\Tasks\At61.job
c:\windows\Tasks\At62.job
c:\windows\Tasks\At63.job
c:\windows\Tasks\At64.job
c:\windows\Tasks\At65.job
c:\windows\Tasks\At66.job
c:\windows\Tasks\At67.job
c:\windows\Tasks\At68.job
c:\windows\Tasks\At69.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At70.job
c:\windows\Tasks\At71.job
c:\windows\Tasks\At72.job
c:\windows\Tasks\At73.job
c:\windows\Tasks\At74.job
c:\windows\Tasks\At75.job
c:\windows\Tasks\At76.job
c:\windows\Tasks\At77.job
c:\windows\Tasks\At78.job
c:\windows\Tasks\At79.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At80.job
c:\windows\Tasks\At81.job
c:\windows\Tasks\At82.job
c:\windows\Tasks\At83.job
c:\windows\Tasks\At84.job
c:\windows\Tasks\At85.job
c:\windows\Tasks\At86.job
c:\windows\Tasks\At87.job
c:\windows\Tasks\At88.job
c:\windows\Tasks\At89.job
c:\windows\Tasks\At9.job
c:\windows\Tasks\At90.job
c:\windows\Tasks\At91.job
c:\windows\Tasks\At92.job
c:\windows\Tasks\At93.job
c:\windows\Tasks\At94.job
c:\windows\Tasks\At95.job
c:\windows\Tasks\At96.job
c:\windows\Tasks\At97.job
c:\windows\Tasks\At98.job
c:\windows\Tasks\At99.job

.
((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-15 11:39 . 2008-11-15 11:39 1,393 --a------ c:\windows\imsins.BAK
2008-11-14 18:42 . 2008-11-14 18:46 <DIR> d-------- C:\Lop SD
2008-11-14 00:17 . 2008-11-14 00:17 <DIR> d-------- c:\windows\CD95F661A5C444F5A6AAECDD91C240B7.TMP
2008-11-13 22:53 . 2008-11-13 22:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip
2008-11-13 22:50 . 2008-11-13 22:50 <DIR> d-------- c:\program files\WinZip Self-Extractor
2008-11-13 22:50 . 2008-11-13 22:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZipSE
2008-11-13 20:10 . 2008-11-13 20:10 <DIR> d-------- c:\documents and settings\Karen\Application Data\Malwarebytes
2008-11-13 20:10 . 2008-11-13 20:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-13 18:28 . 2008-11-13 19:10 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-13 18:28 . 2008-11-13 19:10 <DIR> d-------- c:\documents and settings\Karen\Application Data\SUPERAntiSpyware.com
2008-11-13 18:28 . 2008-11-13 18:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-13 00:35 . 2008-11-13 00:35 <DIR> d-------- c:\program files\Java
2008-11-13 00:35 . 2008-11-13 00:35 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-13 00:35 . 2008-11-13 00:35 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-12 23:04 . 2008-11-12 23:05 <DIR> d-------- c:\program files\Executive Software
2008-11-12 21:08 . 2008-11-12 21:08 <DIR> d-------- c:\program files\CCleaner
2008-11-12 16:32 . 2008-11-12 16:32 <DIR> d-------- c:\program files\Trend Micro
2008-11-12 15:59 . 2008-11-15 18:48 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-11 11:00 . 2008-11-11 11:00 <DIR> d-------- c:\documents and settings\Karen\Application Data\IUpd721
2008-11-11 00:07 . 2008-11-11 00:07 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\IUpd721
2008-11-11 00:01 . 2008-11-11 00:09 <DIR> d-------- c:\windows\system32\sX3i19
2008-11-11 00:01 . 2008-11-11 00:01 <DIR> d-------- c:\temp\PRE45
2008-11-11 00:01 . 2008-11-11 00:01 <DIR> d-------- C:\Temp
2008-11-11 00:01 . 2008-11-12 03:41 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\NI.GSCNS
2008-11-10 21:49 . 2008-11-10 21:49 8,192 --a------ c:\windows\n
2008-10-31 19:19 . 2008-10-03 09:41 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll
2008-10-31 19:19 . 2007-04-17 01:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2008-10-31 19:19 . 2007-03-07 21:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2008-10-31 19:19 . 2008-08-25 23:24 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2008-10-31 19:19 . 2008-08-25 23:24 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2008-10-31 19:19 . 2008-08-25 23:24 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2008-10-31 19:19 . 2008-08-25 23:24 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2008-10-31 19:19 . 2008-08-25 23:24 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2008-10-31 19:19 . 2008-08-25 00:38 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-29 20:09 . 2008-10-29 20:09 <DIR> d-------- c:\documents and settings\Karen\Application Data\Creative
2008-10-29 19:52 . 2008-10-29 19:52 <DIR> d-------- c:\documents and settings\Karen\Application Data\tmp
2008-10-29 19:52 . 2008-10-29 19:52 <DIR> d-------- c:\documents and settings\Karen\Application Data\Reallusion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 03:10 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-13 07:05 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-31 18:08 726,008 ----a-w c:\documents and settings\Karen\gotomypc_437.exe
2008-10-31 03:30 --------- d-----w c:\documents and settings\Karen\Application Data\Canon
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-21 07:58 --------- d-----w c:\documents and settings\All Users\Application Data\CanonIJPLM
2008-10-15 16:57 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-14 05:44 --------- d-----w c:\program files\BrainfuseSupQuickConnect
2008-10-12 22:27 --------- d-----w c:\program files\TryMedia
2008-10-05 06:33 --------- d-----w c:\documents and settings\Karen\Application Data\DataSafeOnline
2008-09-29 02:15 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-09-29 02:15 --------- d-----w c:\program files\Adobe Media Player
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:42 1,106,944 ------w c:\windows\system32\dllcache\msxml3.dll
2008-08-30 04:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll
2008-08-28 10:04 333,056 ------w c:\windows\system32\dllcache\srv.sys
2008-08-27 20:54 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:37 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-08-20 05:38 474,112 ------w c:\windows\system32\dllcache\shlwapi.dll
2008-08-20 05:38 151,040 ------w c:\windows\system32\dllcache\cdfview.dll
2008-08-20 05:38 1,494,528 ------w c:\windows\system32\dllcache\shdocvw.dll
2008-08-20 05:38 1,054,208 ------w c:\windows\system32\dllcache\danim.dll
2008-08-20 05:38 1,023,488 ------w c:\windows\system32\dllcache\browseui.dll
2008-06-02 01:39 76 --sh--r c:\windows\CT4CET.bin
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\n -- Unable to find Resource table header.
MD5: d4abd8add18c1e907024490c9612e84e

---- Directory of c:\documents and settings\Karen\Application Data\IUpd721 ----

2008-11-12 02:51 5571 --a------ c:\documents and settings\Karen\Application Data\IUpd721\Logs\scns.log

---- Directory of c:\documents and settings\NetworkService\Application Data\IUpd721 ----

2008-11-11 10:41 9221 --a------ c:\documents and settings\NetworkService\Application Data\IUpd721\Logs\scns.log

---- Directory of c:\documents and settings\NetworkService\Application Data\NI.GSCNS ----

2008-11-11 00:02 23 --a------ c:\documents and settings\NetworkService\Application Data\NI.GSCNS\settings.ini
2008-11-11 00:02 222 --a------ c:\documents and settings\NetworkService\Application Data\NI.GSCNS\dl.ini

---- Directory of c:\temp\PRE45 ----


---- Directory of c:\windows\system32\sX3i19 ----



((((((((((((((((((((((((((((( snapshot@2008-11-14_18.36.44.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-05 09:41:45 453,120 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2008-11-15 01:11:08 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-16 02:55:30 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-11-15 01:11:08 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-16 02:55:30 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-11-14 13:51:46 53,838 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-16 02:52:54 53,838 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-14 13:51:46 382,260 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-16 02:52:54 382,260 ----a-w c:\windows\system32\perfh009.dat
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-11-16 02:48:47 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_82c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" [X]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-01 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-09 851968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-09 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-09 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-09 137752]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-11 2183168]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2008-03-30 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-01 29744]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-13 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

c:\documents and settings\Karen\Start Menu\Programs\Startup\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2008-09-28 260096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2008-06-05 217088]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-06-01 50688]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-10 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-01 17:59 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R2 IJPLMSVC;PIXMA Extended Survey Program;c:\program files\Canon\IJPLM\IJPLMSVC.EXE [2008-08-19 97432]
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;\??\c:\windows\system32\Drivers\OEM02Afx.sys [2008-06-01 141376]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2008-06-01 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2008-06-01 7424]
S3 GoToAssist;GoToAssist;"c:\program files\Citrix\GoToAssist\514\g2aservice.exe" Start=service [2008-06-01 16680]
.
Contents of the 'Scheduled Tasks' folder

2008-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 19:07:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-15 19:08:45
ComboFix-quarantined-files.txt 2008-11-16 03:08:33
ComboFix2.txt 2008-11-15 02:37:23

Pre-Run: 102,395,199,488 bytes free
Post-Run: 102,532,460,544 bytes free

441 --- E O F --- 2008-11-15 19:39:50
Go to the top of the page
 
+Quote Post
RatHat
post Nov 15 2008, 09:42 PM
Post #10


GeekU Mod
Group Icon
Posts: 7,823
From: Lake Mabprachan, Thailand
OS: XP SP2 ~ Vista Ultimate
Hi Karen,

Lets run another Combofix script:

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.


2. Now copy/paste the entire content of the codebox below into the Notepad window:

CODE
File::
c:\windows\imsins.BAK
c:\windows\n

Folder::
c:\documents and settings\Karen\Application Data\IUpd721
c:\documents and settings\NetworkService\Application Data\IUpd721
c:\documents and settings\NetworkService\Application Data\NI.GSCNS
c:\temp\PRE45
c:\windows\system32\sX3i19

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=-



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.



5. After reboot, (in case it asks to reboot), please post the Combofix.txt report into your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download ATF Cleaner by Atribune.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Next, update Malware Bytes Anti Malware, then run a full scan:
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Go to the top of the page
 
+Quote Post
karen7787
post Nov 15 2008, 11:13 PM
Post #11


New Member
*
Posts: 9
OS: Windows XP
Rat Hat,

Thanks so much for your prompt response. :-)

What the message I got before said was: You have been disconnected from chat because you have signed in to Yahoo Messenger from another computer or device.

Here are the two logs:

ComboFix 08-11-14.01 - Karen 2008-11-15 20:03:53.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.549 [GMT -8:00]
Running from: c:\documents and settings\Karen\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Karen\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\imsins.BAK
c:\windows\n
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Karen\Application Data\IUpd721
c:\documents and settings\Karen\Application Data\IUpd721\Logs\scns.log
c:\documents and settings\NetworkService\Application Data\IUpd721
c:\documents and settings\NetworkService\Application Data\IUpd721\Logs\scns.log
c:\documents and settings\NetworkService\Application Data\NI.GSCNS
c:\documents and settings\NetworkService\Application Data\NI.GSCNS\dl.ini
c:\documents and settings\NetworkService\Application Data\NI.GSCNS\settings.ini
c:\temp\PRE45
c:\windows\imsins.BAK
c:\windows\n
c:\windows\system32\sX3i19

.
((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-14 18:42 . 2008-11-14 18:46 <DIR> d-------- C:\Lop SD
2008-11-14 00:17 . 2008-11-14 00:17 <DIR> d-------- c:\windows\CD95F661A5C444F5A6AAECDD91C240B7.TMP
2008-11-13 22:53 . 2008-11-13 22:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip
2008-11-13 22:50 . 2008-11-13 22:50 <DIR> d-------- c:\program files\WinZip Self-Extractor
2008-11-13 22:50 . 2008-11-13 22:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZipSE
2008-11-13 20:10 . 2008-11-13 20:10 <DIR> d-------- c:\documents and settings\Karen\Application Data\Malwarebytes
2008-11-13 20:10 . 2008-11-13 20:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-13 18:28 . 2008-11-13 19:10 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-13 18:28 . 2008-11-13 19:10 <DIR> d-------- c:\documents and settings\Karen\Application Data\SUPERAntiSpyware.com
2008-11-13 18:28 . 2008-11-13 18:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-13 00:35 . 2008-11-13 00:35 <DIR> d-------- c:\program files\Java
2008-11-13 00:35 . 2008-11-13 00:35 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-13 00:35 . 2008-11-13 00:35 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-12 23:04 . 2008-11-12 23:05 <DIR> d-------- c:\program files\Executive Software
2008-11-12 21:08 . 2008-11-12 21:08 <DIR> d-------- c:\program files\CCleaner
2008-11-12 16:32 . 2008-11-12 16:32 <DIR> d-------- c:\program files\Trend Micro
2008-11-12 15:59 . 2008-11-15 18:48 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-11 00:01 . 2008-11-15 20:04 <DIR> d-------- C:\Temp
2008-10-31 19:19 . 2008-10-03 09:41 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll
2008-10-31 19:19 . 2007-04-17 01:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2008-10-31 19:19 . 2007-03-07 21:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2008-10-31 19:19 . 2008-08-25 23:24 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2008-10-31 19:19 . 2008-08-25 23:24 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2008-10-31 19:19 . 2008-08-25 23:24 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2008-10-31 19:19 . 2008-08-25 23:24 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2008-10-31 19:19 . 2008-08-25 23:24 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2008-10-31 19:19 . 2008-08-25 00:38 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-29 20:09 . 2008-10-29 20:09 <DIR> d-------- c:\documents and settings\Karen\Application Data\Creative
2008-10-29 19:52 . 2008-10-29 19:52 <DIR> d-------- c:\documents and settings\Karen\Application Data\tmp
2008-10-29 19:52 . 2008-10-29 19:52 <DIR> d-------- c:\documents and settings\Karen\Application Data\Reallusion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 03:10 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-13 07:05 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-31 18:08 726,008 ----a-w c:\documents and settings\Karen\gotomypc_437.exe
2008-10-31 03:30 --------- d-----w c:\documents and settings\Karen\Application Data\Canon
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-21 07:58 --------- d-----w c:\documents and settings\All Users\Application Data\CanonIJPLM
2008-10-15 16:57 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-14 05:44 --------- d-----w c:\program files\BrainfuseSupQuickConnect
2008-10-12 22:27 --------- d-----w c:\program files\TryMedia
2008-10-05 06:33 --------- d-----w c:\documents and settings\Karen\Application Data\DataSafeOnline
2008-09-29 02:15 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-09-29 02:15 --------- d-----w c:\program files\Adobe Media Player
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:42 1,106,944 ------w c:\windows\system32\dllcache\msxml3.dll
2008-08-30 04:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll
2008-08-28 10:04 333,056 ------w c:\windows\system32\dllcache\srv.sys
2008-08-27 20:54 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:37 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-08-20 05:38 474,112 ------w c:\windows\system32\dllcache\shlwapi.dll
2008-08-20 05:38 151,040 ------w c:\windows\system32\dllcache\cdfview.dll
2008-08-20 05:38 1,494,528 ------w c:\windows\system32\dllcache\shdocvw.dll
2008-08-20 05:38 1,054,208 ------w c:\windows\system32\dllcache\danim.dll
2008-08-20 05:38 1,023,488 ------w c:\windows\system32\dllcache\browseui.dll
2008-06-02 01:39 76 --sh--r c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((( snapshot@2008-11-14_18.36.44.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-05 09:41:45 453,120 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2008-11-15 01:11:08 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-16 02:55:30 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-11-15 01:11:08 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-16 02:55:30 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-11-14 13:51:46 53,838 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-16 02:52:54 53,838 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-14 13:51:46 382,260 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-16 02:52:54 382,260 ----a-w c:\windows\system32\perfh009.dat
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-11-16 02:48:47 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_82c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-01 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-09 851968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-09 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-09 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-09 137752]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-11 2183168]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2008-03-30 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-01 29744]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-13 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

c:\documents and settings\Karen\Start Menu\Programs\Startup\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2008-09-28 260096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2008-06-05 217088]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-06-01 50688]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-10 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-01 17:59 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R2 IJPLMSVC;PIXMA Extended Survey Program;c:\program files\Canon\IJPLM\IJPLMSVC.EXE [2008-08-19 97432]
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;\??\c:\windows\system32\Drivers\OEM02Afx.sys [2008-06-01 141376]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2008-06-01 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2008-06-01 7424]
S3 GoToAssist;GoToAssist;"c:\program files\Citrix\GoToAssist\514\g2aservice.exe" Start=service [2008-06-01 16680]
.
Contents of the 'Scheduled Tasks' folder

2008-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 20:04:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-15 20:05:37
ComboFix-quarantined-files.txt 2008-11-16 04:05:27
ComboFix2.txt 2008-11-16 03:08:46
ComboFix3.txt 2008-11-15 02:37:23

Pre-Run: 102,495,956,992 bytes free
Post-Run: 102,499,418,112 bytes free

194 --- E O F --- 2008-11-15 19:39:50

And:

Malwarebytes' Anti-Malware 1.30
Database version: 1401
Windows 5.1.2600 Service Pack 2

11/15/2008 8:53:27 PM
mbam-log-2008-11-15 (20-53-27).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 82001
Time elapsed: 13 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9e91ef7b-6846-45c3-a8ab-67cf7c900783} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instbndlkeyldr (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks again,

Karen
Go to the top of the page
 
+Quote Post
RatHat
post Nov 15 2008, 11:21 PM
Post #12


GeekU Mod
Group Icon
Posts: 7,823
From: Lake Mabprachan, Thailand
OS: XP SP2 ~ Vista Ultimate
Looking better Karen!

Lets run a double check with Kaspersky WebScanner.
Note: You must use Internet Explorer to run this scan, and you must disable your Anti Virus program during the scan.

Click the Accept button.

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display the results if your system has been infected.
    • Now click on the View scan report link:
  • Click the Save report as button
  • Under Save as type, choose Text file (*.txt)
  • Save the file to your desktop as Kaspersky.txt
  • Copy and paste that information in your next post.


Regards,
RatHat
Go to the top of the page
 
+Quote Post
karen7787
post Nov 16 2008, 08:56 PM
Post #13


New Member
*
Posts: 9
OS: Windows XP
Rat Hat,

Yes, thank you!! :-)

I tried to download Kapersky four times, even went directly to their webpage and I keep getting this message: Starting Java applet has failed! Please go online to use this program.

Please advise.

Regards,

Karen
Go to the top of the page
 
+Quote Post
RatHat
post Nov 16 2008, 09:09 PM
Post #14


GeekU Mod
Group Icon
Posts: 7,823
From: Lake Mabprachan, Thailand
OS: XP SP2 ~ Vista Ultimate
Karen,

Are you using dial up? The Kaspersky scan is an online scan that requires you to be online during the scan. If you have problems with it, as can happen sometimes, try this scan instead:

Please go HERE to run Panda's TotalScan
  • Click Scan Now
  • Agree to allow it to install the required files
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin. This process can take more than an hour, depending on the amount of information stored on your computer.
  • When the scan completes, click the Export to: icon on the right
  • Save it to a convenient location. Post the contents of the TotalScan report in your next reply
Go to the top of the page
 
+Quote Post
karen7787
post Nov 16 2008, 09:18 PM
Post #15


New Member
*
Posts: 9
OS: Windows XP
Hi Rat Hat,

I have the fastest DSL available and I was online, not sure what happened there. I have the latest version of Java as well. I will run the other scan now.

Thanks,

Karen
Go to the top of the page
 
+Quote Post
 

2 Pages V   1 2 >
Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 
RSS Time is now: 21st November 2009 - 01:05 PM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.

© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising
Powered By IP.Board © 2009  IPS, Inc.