Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cannot open My Computer, Control Panel, or anything else [RESOLVED]

Started by herodian , Feb 13 2008 08:20 AM

  • This topic is locked This topic is locked

#1
herodian
Posted 13 February 2008 - 08:20 AM

herodian

    New Member

  • Member
  • Pip
  • 3 posts
Hi, sorry if I miss anything or forget to include anything. Every time Windows starts I get an error message that reads:
"During a scan of files at system startup, potential errors in the system registry were found.
p-07-0100 irql: 1f SYSVER 0xff00024
NT_Kernel error 1256
KMODE_EXCEPTION_NOT_HANDLED"

I can't open My computer or Control panel or anything else. It happened when I tried to download a video converting program. I'm guessing now it wasn't a converting program.

I tried to do the Panda scan but IE froze and Windows basically crashed and disappeared.

Here is my main.txt from Deckard's. I can't get the extra.txt, not sure why. I appreciate any of the help and will be checking this thread very often for updates and any questions or information I can give. Thank you.

EDIT: I just got another error message while typing this. It was titled:
"Your system could become unstable
A potential problem has been detected and windows has been shutdown buggy application to prevent damage to your computer.
****WXYZ.SYS - Address F73120AE base at C00000, Date Stamp 36b072A3
Kernel Debugger Using: Com2(Port0x28F Baud rate 192000)"

Deckard's System Scanner v20071014.68
Run by herod on 2008-02-12 21:52:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as herod.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:25 PM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\herod\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\herod.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.......&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.......&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\wjoiywhx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: {c3b9352b-7b76-5e59-a084-3a2263e5c07d} - {d70c5e36-22a3-480a-95e5-67b7b2539b3c} - C:\WINDOWS\system32\woqrwoyy.dll
O2 - BHO: (no name) - {DF6BDBB3-5DA8-4A99-8CDF-E1D202E03CFE} - C:\WINDOWS\system32\ddaby.dll
O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\urqrrsr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [1817e67f] rundll32.exe "C:\WINDOWS\system32\prinntfw.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\herod\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\herod\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: urqrrsr - C:\WINDOWS\SYSTEM32\urqrrsr.dll
O20 - Winlogon Notify: wjoiywhx - C:\WINDOWS\SYSTEM32\wjoiywhx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 12950 bytes

-- Files created between 2008-01-12 and 2008-02-12 -----------------------------

2008-02-12 21:50:28 0 d-------- C:\Program Files\Trend Micro
2008-02-12 20:02:59 86080 --a------ C:\WINDOWS\system32\prinntfw.dll
2008-02-12 20:00:47 0 d-------- C:\WINDOWS\system32\QuickTime
2008-02-12 20:00:45 0 d-------- C:\Program Files\QuickTime Alternative
2008-02-12 20:00:45 0 d-------- C:\Program Files\Media Player Classic
2008-02-12 19:59:59 93248 --a------ C:\WINDOWS\system32\woqrwoyy.dll
2008-02-12 19:59:20 0 d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2008-02-12 19:58:15 163904 --a------ C:\WINDOWS\system32\wjoiywhx.dll
2008-02-12 19:58:07 163904 --a------ C:\WINDOWS\system32\nceklkhe.dll
2008-02-12 19:56:58 348244 --ahs---- C:\WINDOWS\system32\ybadd.ini2
2008-02-12 19:56:45 334336 --a------ C:\WINDOWS\system32\ddaby.dll
2008-02-12 19:51:39 40960 --a------ C:\WINDOWS\system32\urqrrsr.dll
2008-02-12 19:49:35 356352 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-02-12 18:48:09 0 d-------- C:\WINDOWS\system32\windows media
2008-02-12 18:48:03 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-02-12 18:47:58 0 d-------- C:\Program Files\Windows Media Components
2008-02-12 18:45:56 0 d-------- C:\DECCHECK
2008-02-12 18:23:57 0 d-------- C:\Documents and Settings\herod\Application Data\Sony Corporation
2008-02-12 18:19:19 3654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-02-12 18:16:21 0 d-------- C:\Program Files\Sony
2008-02-12 18:15:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-02-11 14:23:41 0 d-------- C:\Program Files\EA GAMES
2008-02-11 14:23:40 442368 -ra------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2008-02-02 11:09:57 0 d-------- C:\Program Files\SharePod
2008-01-28 16:26:25 0 d-------- C:\Documents and Settings\herod\Application Data\Lexmark Productivity Studio
2008-01-28 16:22:38 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-28 16:13:56 0 d-------- C:\Program Files\Bonjour
2008-01-28 16:04:54 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-28 15:35:20 0 d-------- C:\Program Files\PowerISO
2008-01-24 11:32:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-24 11:32:08 0 d-------- C:\Program Files\Dell Support Center
2008-01-24 11:32:06 0 d-------- C:\Program Files\Common Files\supportsoft
2008-01-23 18:27:08 180736 --a------ C:\Program Files\sumotori.exe
2008-01-23 14:29:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Dell


-- Find3M Report ---------------------------------------------------------------

2008-02-12 21:21:11 0 d-------- C:\Program Files\Lx_cats
2008-02-12 20:08:48 0 d-------- C:\Documents and Settings\herod\Application Data\Azureus
2008-02-12 19:56:52 0 d-------- C:\Program Files\Common Files
2008-02-12 18:21:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-12 18:20:22 0 d-------- C:\Program Files\Sonic
2008-02-12 18:20:06 0 d-------- C:\Program Files\Roxio
2008-02-03 22:39:40 0 d-------- C:\Program Files\World of Warcraft
2008-02-03 12:09:13 0 d-------- C:\Program Files\Absolute Poker
2008-02-02 11:38:53 0 d-------- C:\Documents and Settings\herod\Application Data\Adobe
2008-01-28 16:13:53 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-23 18:27:38 196626 --a------ C:\Program Files\tex00015.tga
2008-01-23 18:27:38 196626 --a------ C:\Program Files\tex00014.tga
2008-01-23 18:27:38 196626 --a------ C:\Program Files\tex00013.tga
2008-01-23 18:27:38 196626 --a------ C:\Program Files\tex00012.tga
2008-01-23 18:27:38 196626 --a------ C:\Program Files\tex00011.tga
2008-01-23 18:27:38 196626 --a------ C:\Program Files\tex00010.tga
2008-01-23 18:27:38 196626 --a------ C:\Program Files\tex00009.tga
2008-01-23 18:27:38 196626 --a------ C:\Program Files\tex00008.tga
2008-01-23 18:27:37 196626 --a------ C:\Program Files\tex00007.tga
2008-01-23 18:27:37 196626 --a------ C:\Program Files\tex00006.tga
2008-01-23 18:27:37 196626 --a------ C:\Program Files\tex00005.tga
2008-01-23 18:27:37 196626 --a------ C:\Program Files\tex00004.tga
2008-01-23 18:27:37 196626 --a------ C:\Program Files\tex00003.tga
2008-01-23 18:27:37 196626 --a------ C:\Program Files\tex00002.tga
2008-01-23 18:27:37 196626 --a------ C:\Program Files\tex00001.tga
2008-01-23 18:27:37 196626 --a------ C:\Program Files\tex00000.tga
2008-01-20 17:35:36 4096 --a------ C:\Documents and Settings\herod\Application Data\dvd.bmk
2008-01-16 11:19:18 0 d-------- C:\Program Files\Dl_cats
2008-01-02 13:44:34 0 d-------- C:\Program Files\Azureus
2008-01-02 13:44:14 0 d-------- C:\Documents and Settings\herod\Application Data\Apple Computer
2008-01-01 21:49:56 0 d-------- C:\Program Files\Magic Video Converter
2008-01-01 21:04:52 0 d-------- C:\Program Files\DivX
2007-12-31 16:29:03 0 d-------- C:\Program Files\iTunes
2007-12-31 16:28:55 0 d-------- C:\Program Files\iPod
2007-12-31 16:27:26 0 d-------- C:\Program Files\QuickTime
2007-12-31 16:24:27 0 d-------- C:\Program Files\Apple Software Update
2007-12-31 16:23:56 0 d-------- C:\Program Files\Common Files\Apple
2007-12-28 01:52:18 0 d-------- C:\Documents and Settings\herod\Application Data\SiteAdvisor
2007-12-19 07:22:52 0 d-------- C:\Program Files\McAfee
2007-12-17 23:34:32 0 d-------- C:\Program Files\SiteAdvisor
2007-12-17 19:23:37 0 d-------- C:\Documents and Settings\herod\Application Data\FaxCtr
2007-12-16 22:32:38 0 d-------- C:\Program Files\Lexmark 2500 Series
2007-12-16 22:32:18 0 d-------- C:\Program Files\Lexmark Fax Solutions
2007-12-16 22:29:15 0 d-------- C:\Program Files\Lexmark Toolbar
2007-12-16 22:15:06 5330 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-16 22:15:06 56 -r-hs---- C:\WINDOWS\system32\E40439C4CD.sys
2007-12-16 17:09:08 0 d-------- C:\Program Files\Mario Paint Composer PC
2007-12-13 20:53:57 0 d-------- C:\Program Files\Replay Converter
2007-12-13 14:52:06 0 d-------- C:\Documents and Settings\herod\Application Data\GetRightToGo
2007-12-13 14:52:01 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-12-11 12:46:02 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 12:44:28 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-12-11 12:44:28 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-12-11 12:44:18 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-11 12:44:18 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-11 12:44:18 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-11 12:44:18 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-11 12:43:44 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-05 21:34:51 88 -r-hs---- C:\WINDOWS\system32\CDC43904E4.sys


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
02/12/2008 07:58 PM 163904 --a------ C:\WINDOWS\system32\wjoiywhx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d70c5e36-22a3-480a-95e5-67b7b2539b3c}]
02/12/2008 08:00 PM 93248 --a------ C:\WINDOWS\system32\woqrwoyy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF6BDBB3-5DA8-4A99-8CDF-E1D202E03CFE}]
02/12/2008 07:56 PM 334336 --a------ C:\WINDOWS\system32\ddaby.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}]
02/12/2008 07:51 PM 40960 --a------ C:\WINDOWS\system32\urqrrsr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 12:01 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/14/2005 11:51 AM]
"SigmatelSysTrayApp"="stsystra.exe" [02/10/2006 09:17 AM C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [06/17/2005 05:56 AM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [10/05/2005 01:12 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 08:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 08:44 AM]
"@"="" []
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [09/13/2005 03:50 PM]
"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [10/20/2005 05:40 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [01/17/2007 04:30 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [02/08/2007 07:39 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 12:10 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [06/13/2006 05:20 AM]
"1817e67f"="C:\WINDOWS\system32\prinntfw.dll" [02/12/2008 08:03 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 03:00 AM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 09:23 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/09/2007 04:06 PM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:54 PM]

C:\Documents and Settings\herod\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2/12/2008 6:16:36 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/23/2006 12:25:16 PM]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [10/20/2005 5:55:40 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E180F496-8A4B-44E2-9FE0-0364E345DB7F}"= C:\WINDOWS\system32\urqrrsr.dll [02/12/2008 07:51 PM 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrrsr]
urqrrsr.dll 02/12/2008 07:51 PM 40960 C:\WINDOWS\system32\urqrrsr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wjoiywhx]
wjoiywhx.dll 02/12/2008 07:58 PM 163904 C:\WINDOWS\system32\wjoiywhx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddaby.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
"C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-02-12 21:52:52 ------------
  • 0

Advertisements

#2
RatHat
Posted 13 February 2008 - 09:24 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there,

Welcome to GeeksToGo. My name is RatHat, and I will help you get through the process of cleaning the malware from your computer.


OK firstly, I need you to print out each post I make so that you can refer to it while we fix your computer. This is because there will be times when you are unable to be online to read my instructions, and I will want you to do everything very carefully. I also need you to follow my instructions in the order that they are given. If however, you cannot carry out one of them, please continue on with the next and let me know what you were unsuccessful with.

Next, I would like to make sure that you can view hidden files and folders;
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading SELECT Show hidden files and folders.
  • UNCHECK the Hide protected operating system files (recommended) option.
  • UNCHECK the Hide extensions for known file types option.
  • Click Yes to confirm.
  • Click OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download VundoFix from Here to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please read this Combofix tutorial before continuing, then follow the instructions below.

Download ComboFix from Here, Here or Here to your Desktop. (If you already have ComboFix, please delete it and download this new version).

When asked to "Save As" save Combofix.exe as Combo-Fix.exe
  • Now physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Save this log to your desktop as Combofix.txt and post it in your next reply.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Now you will need to download Hijackthis and post a log, so please follow the guidelines below:
  • Click here to download HijackThis.exe
  • Save HijackThis.exe to your desktop.
  • Doubleclick on the HijackThis.exe icon on your desktop.
  • By default it will install to C:\Program Files\HijackThis.
  • Continue to follow the rest of the prompts from there
  • Scan your computer and save a logfile
  • Post the log in your next reply.

I would also like you to create an Uninstall list for me:
  • Reopen HijackThis and click on the "Open the Misc Tools section" button.
  • Click on the "Open Uninstall Manager" button. Click the "Save List" button.
  • After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it, then the list should open in notepad.
  • Copy and paste that list here along with the HijackThis log.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


So in your next post I will need the following logs:
  • The contents of Vundofix.txt
  • The contents of Combofix.txt
  • A HijackThis log
  • The HijackThis uninstall list

Regards,
RatHat
  • 0

#3
herodian
Posted 13 February 2008 - 06:58 PM

herodian

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hey thanks a lot for the reply Rathat. At first I couldn't open My Computer to change the view files options. I already had View Hidden Files open though. After those scans I was able to open My Computer and I did the first step.

I don't have a Vundofix.txt, It never came up. It removed quite a few files though. But it couldn't remove C:\WINDOWS\system32\urqrrsr.dll. I rebooted several times and it could never delete it. After completing the vundofix, my computer started with a message that said
"RUNDLL
Error loading C:\WINDOWS\system32\prinntfw.dll
The specified module could not be found."
Is this serious?

Here are the contents of the combofix.txt, the hijackthis log, and the uninstall list. I will be waiting for your reply for more instructions, thanks a lot.

ComboFix 08-02-14.1 - herod 2008-02-13 15:58:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1455 [GMT -7:00]
Running from: C:\Documents and Settings\herod\My Documents\Combo-Fix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\urqrrsr.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
.

2008-02-13 14:32 . 2008-02-13 15:40 <DIR> d-------- C:\VundoFix Backups
2008-02-12 21:50 . 2008-02-12 21:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-12 21:02 . 2008-02-12 21:02 <DIR> d-------- C:\Deckard
2008-02-12 20:00 . 2008-02-12 20:00 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-02-12 20:00 . 2008-02-12 20:00 <DIR> d-------- C:\Program Files\QuickTime Alternative
2008-02-12 20:00 . 2008-02-12 20:00 <DIR> d-------- C:\Program Files\Media Player Classic
2008-02-12 20:00 . 2004-09-23 18:57 747,008 --a------ C:\WINDOWS\system32\Indeo4.qtx
2008-02-12 20:00 . 2002-12-20 12:40 675,328 --a------ C:\WINDOWS\system32\ir50_32.qtx
2008-02-12 20:00 . 2004-10-27 13:01 360,504 --a------ C:\WINDOWS\system32\QTPlugin.ocx
2008-02-12 20:00 . 2004-09-23 18:57 323,072 --a------ C:\WINDOWS\system32\QuickTime.cpl
2008-02-12 20:00 . 2004-01-12 17:57 86,016 --a------ C:\WINDOWS\system32\QuickTime.ax
2008-02-12 20:00 . 2004-09-23 18:57 70,144 --a------ C:\WINDOWS\system32\QuickTimeCheck.ocx
2008-02-12 19:59 . 2008-02-12 19:59 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2008-02-12 19:49 . 2008-02-12 19:49 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2008-02-12 18:48 . 2008-02-12 18:48 <DIR> d-------- C:\WINDOWS\system32\windows media
2008-02-12 18:48 . 2008-02-12 18:50 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-02-12 18:47 . 2008-02-12 18:47 <DIR> d-------- C:\Program Files\Windows Media Components
2008-02-12 18:45 . 2008-02-12 18:45 <DIR> d-------- C:\DECCHECK
2008-02-12 18:23 . 2008-02-12 18:23 <DIR> d-------- C:\Documents and Settings\herod\Application Data\Sony Corporation
2008-02-12 18:20 . 2006-06-13 05:20 94,263 --a------ C:\WINDOWS\DLA.EXE
2008-02-12 18:20 . 2006-06-12 03:30 89,264 --a------ C:\WINDOWS\system32\drivers\DRVMCDB.SYS
2008-02-12 18:20 . 2006-06-13 05:20 61,500 --a------ C:\WINDOWS\system32\DLAAPI_W.DLL
2008-02-12 18:20 . 2006-03-17 05:20 40,544 --a------ C:\WINDOWS\system32\drivers\DRVNDDM.SYS
2008-02-12 18:20 . 2006-03-17 08:34 22,684 --a------ C:\WINDOWS\system32\drivers\DLARTL_N.SYS
2008-02-12 18:20 . 2006-03-17 08:35 5,660 --a------ C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2008-02-12 18:19 . 2006-10-30 13:46 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
2008-02-12 18:19 . 2006-10-30 13:46 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys
2008-02-12 18:19 . 2006-10-30 13:46 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2008-02-12 18:19 . 2006-10-30 13:46 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
2008-02-12 18:19 . 2006-10-30 13:46 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
2008-02-12 18:19 . 2006-10-30 13:46 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-02-12 18:16 . 2008-02-12 18:16 <DIR> d-------- C:\Program Files\Sony
2008-02-12 18:15 . 2008-02-12 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-02-11 14:23 . 2008-02-11 14:23 <DIR> d-------- C:\Program Files\EA GAMES
2008-02-11 14:23 . 2007-08-06 17:28 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-02-02 11:09 . 2008-02-02 12:15 <DIR> d-------- C:\Program Files\SharePod
2008-01-28 16:26 . 2008-01-28 16:26 <DIR> d-------- C:\Documents and Settings\herod\Application Data\Lexmark Productivity Studio
2008-01-28 16:22 . 2008-01-28 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-28 16:13 . 2008-01-28 16:13 <DIR> d-------- C:\Program Files\Bonjour
2008-01-28 16:04 . 2008-01-28 16:04 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-28 15:35 . 2008-01-28 15:35 <DIR> d-------- C:\Program Files\PowerISO
2008-01-24 11:32 . 2008-01-24 11:32 <DIR> d-------- C:\Program Files\Dell Support Center
2008-01-24 11:32 . 2008-01-24 11:32 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-01-24 11:32 . 2008-01-24 11:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-23 18:27 . 2007-07-28 19:28 180,736 --a------ C:\Program Files\sumotori.exe
2008-01-23 14:29 . 2008-01-24 13:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 21:31 --------- d-----w C:\Program Files\Lx_cats
2008-02-13 03:08 --------- d-----w C:\Documents and Settings\herod\Application Data\Azureus
2008-02-13 01:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 01:20 --------- d-----w C:\Program Files\Sonic
2008-02-13 01:20 --------- d-----w C:\Program Files\Roxio
2008-02-04 05:39 --------- d-----w C:\Program Files\World of Warcraft
2008-02-03 19:09 --------- d-----w C:\Program Files\Absolute Poker
2008-01-28 23:13 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-24 01:27 196,626 ----a-w C:\Program Files\tex00015.tga
2008-01-24 01:27 196,626 ----a-w C:\Program Files\tex00014.tga
2008-01-24 01:27 196,626 ----a-w C:\Program Files\tex00013.tga
2008-01-24 01:27 196,626 ----a-w C:\Program Files\tex00012.tga
2008-01-24 01:27 196,626 ----a-w C:\Program Files\tex00011.tga
2008-01-24 01:27 196,626 ----a-w C:\Program Files\tex00010.tga
2008-01-24 01:27 196,626 ----a-w C:\Program Files\tex00009.tga
2008-01-24 01:27 196,626 ----a-w C:\Program Files\tex00008.tga
2008-01-24 01:27 196,626 ----a-w C:\Program Files\tex00007.tga
2008-01-24 01:27 196,626 ----a-w C:\Program Files\tex00006.tga
2008-01-24 01:27 196,626 ----a-w C:\Program Files\tex00005.tga
2008-01-24 01:27 196,626 ----a-w C:\Program Files\tex00004.tga
2008-01-24 01:27 196,626 ----a-w C:\Program Files\tex00003.tga
2008-01-24 01:27 196,626 ----a-w C:\Program Files\tex00002.tga
2008-01-24 01:27 196,626 ----a-w C:\Program Files\tex00001.tga
2008-01-24 01:27 196,626 ----a-w C:\Program Files\tex00000.tga
2008-01-21 01:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-16 18:19 --------- d-----w C:\Program Files\Dl_cats
2008-01-02 20:44 --------- d-----w C:\Program Files\Azureus
2008-01-02 20:44 --------- d-----w C:\Documents and Settings\herod\Application Data\Apple Computer
2008-01-02 04:49 --------- d-----w C:\Program Files\Magic Video Converter
2008-01-02 04:04 --------- d-----w C:\Program Files\DivX
2007-12-31 23:29 --------- d-----w C:\Program Files\iTunes
2007-12-31 23:28 --------- d-----w C:\Program Files\iPod
2007-12-31 23:27 --------- d-----w C:\Program Files\QuickTime
2007-12-31 23:24 --------- d-----w C:\Program Files\Apple Software Update
2007-12-31 23:23 --------- d-----w C:\Program Files\Common Files\Apple
2007-12-31 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-28 08:52 --------- d-----w C:\Documents and Settings\herod\Application Data\SiteAdvisor
2007-12-19 14:22 --------- d-----w C:\Program Files\McAfee
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 06:34 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-18 02:23 --------- d-----w C:\Documents and Settings\herod\Application Data\FaxCtr
2007-12-17 05:32 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2007-12-17 05:32 --------- d-----w C:\Program Files\Lexmark 2500 Series
2007-12-17 05:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\FaxCtr
2007-12-17 05:29 --------- d-----w C:\Program Files\Lexmark Toolbar
2007-12-17 00:09 --------- d-----w C:\Program Files\Mario Paint Composer PC
2007-12-14 03:53 --------- d-----w C:\Program Files\Replay Converter
2007-12-13 21:52 737,280 ----a-w C:\WINDOWS\iun6002.exe
2001-12-06 20:51 458 ----a-w C:\Documents and Settings\Majesty\layout.bin
2001-12-06 20:40 446,464 ----a-w C:\Documents and Settings\Majesty\AutoMenu.exe
2001-11-29 21:37 4,502,863 ----a-w C:\Documents and Settings\Majesty\ArcadeInstallMAJESTYG108f.exe
2001-11-21 19:38 51,953,116 ----a-w C:\Documents and Settings\majestcim\cinedata3.dat
2001-11-21 19:38 37,403,124 ----a-w C:\Documents and Settings\majestcim\cinedata2.dat
2001-05-04 16:15 11,477,656 ----a-w C:\Documents and Settings\Majesty\dx8a.exe
2001-04-11 23:28 54,784 ----a-w C:\Documents and Settings\Majesty\Setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d70c5e36-22a3-480a-95e5-67b7b2539b3c}]
C:\WINDOWS\system32\woqrwoyy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8B1FC3F-D752-4F95-A5D4-96F8561649C3}]
C:\WINDOWS\system32\ddaby.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE72CA55-E524-4476-BB35-F5BE37CDB425}]
C:\WINDOWS\system32\ssqrq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00 15360]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 16:06 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 12:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 11:51 7323648]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 09:17 282624 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 05:56 139264]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 01:12 94208]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44 81920]
"@"="" []
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-13 15:50 73728]
"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-20 17:40 430080]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 16:30 152144]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-02-08 19:39 36904]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-06-13 05:20 127036]
"1817e67f"="C:\WINDOWS\system32\prinntfw.dll" [ ]
"combofix"="C:\WINDOWS\system32\kmd.exe" [2004-08-10 03:00 388608]

C:\Documents and Settings\herod\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-02-12 18:16:36 344064]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-23 12:25:16 24576]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 17:55:40 18432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2007-05-03 23:40 312240 C:\Program Files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2006-08-23 12:34 169984 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 12:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
--a------ 2007-03-05 00:40 20480 C:\Program Files\Lexmark 2500 Series\lxddamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
--a------ 2007-05-03 23:38 291760 C:\Program Files\Lexmark 2500 Series\lxddmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-06 17:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-09 16:06 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-04-25 22:21]
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 17:55]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-04-25 22:21]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 03:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-07 01:57:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-15 08:15:51 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-02-01 08:00:06 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 16:05:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\program files\mcafee\msc\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-02-14 16:12:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-14 23:12:30
.
2008-02-13 14:03:03 --- E O F ---





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:51:47 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\herod\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: {c3b9352b-7b76-5e59-a084-3a2263e5c07d} - {d70c5e36-22a3-480a-95e5-67b7b2539b3c} - C:\WINDOWS\system32\woqrwoyy.dll (file missing)
O2 - BHO: (no name) - {F8B1FC3F-D752-4F95-A5D4-96F8561649C3} - C:\WINDOWS\system32\ddaby.dll (file missing)
O2 - BHO: (no name) - {FE72CA55-E524-4476-BB35-F5BE37CDB425} - C:\WINDOWS\system32\ssqrq.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [1817e67f] rundll32.exe "C:\WINDOWS\system32\prinntfw.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\herod\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\herod\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 12570 bytes




924PLC32
ABBYY FineReader 6.0 Sprint
AbiWord 2.4.5 (remove only)
Absolute Poker
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 7.0
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon
Apple Mobile Device Support
Apple Software Update
Azureus
Barbarian Invasion
Belkin Wireless G Plus Desktop Card
BitPim 0.9.05
Blackhawk Striker 2
Conexant D850 56K V.9x DFVc Modem
Corel Photo Album 6
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Photo AIO Printer 924
Dell Support Center
DellSupport
Diablo II
Digital Content Portal
Digital Line Detect
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Documentation & Support Launcher
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EarthLink setup files
EducateU
ELIcon
ESPNMotion
Full Tilt Poker
Games, Music, & Photos Launcher
GemMaster Mystic
Get High Speed Internet!
GMAT Diagnostic
Google Desktop
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB926239)
ImgBurn (Remove Only)
Intel Matrix Storage Manager
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Intel® Quick Resume Technology Drivers
Intel® Quick Resume Technology Drivers
Intel® Viiv™
Internet Service Offers Launcher
iPod for Windows 2005-06-26
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 6
Learn2 Player (Uninstall Only)
Lexmark 2500 Series
Lexmark Fax Solutions
LimeWire 4.14.10
Magic Video Converter Trial Version (English) 8.0.2.18
Majesty - Gold Edition
McAfee SecurityCenter
McAfee Uninstaller
MCU
Media Center Extender
Media Center Extender
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows XP Video Decoder Checkup Utility
Modem Helper
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch® Jukebox
NetWaiting
NetZeroInstallers
NVIDIA Drivers
OpenOffice.org 2.1
Otto
PDF Settings
PopCap Browser Plugin
PowerISO
QuickTime
QuickTime Alternative 1.47
RealPlayer Basic
River Past Audio Converter Pro
Rome - Total War
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Search Assist
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Sonic Activation Module
Sonic DLA
Sonic Encoders
Sonic Update Manager
Sony Picture Utility
Sony USB Driver
The Sims™ 2 Deluxe
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Media Player
WebCyberCoach 3.2 Dell
Whiskey Militia Desktop Alert
WildTangent Web Driver
Winamp (remove only)
Windows Live Messenger
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
WinZip
WordPerfect Office 12
World of Warcraft
  • 0

#4
RatHat
Posted 13 February 2008 - 09:59 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Please uninstall the following programs:


Azureus
LimeWire 4.14.10
PopCap Browser Plugin
Viewpoint Media Player

  • Go to Start then Settings, then Control Panel
  • Choose Add or Remove Programs
  • Remove all of the above
Note: Azureus and Limewire are conduits for malware, and should be removed. If you choose to install them later, you will open yourself up to re-infection.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: {c3b9352b-7b76-5e59-a084-3a2263e5c07d} - {d70c5e36-22a3-480a-95e5-67b7b2539b3c} - C:\WINDOWS\system32\woqrwoyy.dll (file missing)
O2 - BHO: (no name) - {F8B1FC3F-D752-4F95-A5D4-96F8561649C3} - C:\WINDOWS\system32\ddaby.dll (file missing)
O2 - BHO: (no name) - {FE72CA55-E524-4476-BB35-F5BE37CDB425} - C:\WINDOWS\system32\ssqrq.dll (file missing)
O4 - HKLM\..\Run: [1817e67f] rundll32.exe "C:\WINDOWS\system32\prinntfw.dll",b

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Download and scan with SUPERAntiSypware Free for Home Users
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your version of Java is out of date. Please update to the latest version here (Java Runtime Environment (JRE) 6 Update 4). Once downloaded, install it and then Reboot your computer.

It is most important that you also uninstall older versions of Java.
  • Click Start, Control Panel, Add/Remove Programs.
  • Delete all Java updates except Java ™ 6 Update 4
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please run an online scan with Kaspersky WebScanner. Note: You must use Internet Explorer to run this scan.

Click the Accept button.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display the results if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop as Kaspersky.txt.
  • Copy and paste that information in your next post.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OK, quite a lot to get done, I know, but this should have you nearly clean. In you next post, please include the following logs:

SUPERAntiSpyware Scan Log
Kaspersky.txt
A fresh HijackThis log

And let me know how your computer is behaving now.

Regards,
RatHat
  • 0

#5
herodian
Posted 14 February 2008 - 07:13 PM

herodian

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hey, sorry I took so long. I did those scans when I had time and they were pretty lengthy. Everything seems to be running good again. The computer is running great. I was wondering what are a few spyware or adware programs i should be using? Which combination is best in your opinion? And preferably free programs. Here are the logs in this order; SUPERAntiSpyware Scan Log, Kaspersky.txt, and a fresh HijackThis log.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/14/2008 at 01:33 AM

Application Version : 3.9.1008

Core Rules Database Version : 3402
Trace Rules Database Version: 1394

Scan type : Complete Scan
Total Scan Time : 02:34:15

Memory items scanned : 660
Memory threats detected : 0
Registry items scanned : 7384
Registry threats detected : 0
File items scanned : 131783
File threats detected : 20

Adware.Tracking Cookie
C:\Documents and Settings\herod\Cookies\herod@bizadverts[2].txt
C:\Documents and Settings\herod\Cookies\herod@mediaplex[2].txt
C:\Documents and Settings\herod\Cookies\herod@atdmt[1].txt
C:\Documents and Settings\herod\Cookies\[email protected][1].txt

Malware.Installer-Pkg/Gen
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE

Trojan.Unclassifed/AffiliateBundle
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\URQRRSR.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP402\A0035155.DLL
C:\VUNDOFIX BACKUPS\URQRRSR.DLL.BAD

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP401\A0035114.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP401\A0035129.DLL

Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP401\A0035117.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP401\A0035123.DLL









-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, February 14, 2008 6:01:31 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/02/2008
Kaspersky Anti-Virus database records: 567190
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 138066
Number of viruses found: 3
Number of infected objects: 16
Number of suspicious objects: 0
Duration of the scan process: 02:47:41

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{0965BA53-1AE5-4ECE-9BAA-DA3D2234FEA5}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\RBLDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR8.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\herod\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\herod\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\herod\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\herod\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\herod\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\herod\Local Settings\Application Data\SupportSoft\DellSupportCenter\herod\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\herod\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\herod\Local Settings\History\History.IE5\MSHist012008021420080215\index.dat Object is locked skipped
C:\Documents and Settings\herod\Local Settings\Temp\~DF3F94.tmp Object is locked skipped
C:\Documents and Settings\herod\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\herod\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\herod\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP399\A0031132.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP399\A0031132.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.Small.ieg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP399\A0031132.exe/data.rar Infected: Trojan-Downloader.Win32.Small.ieg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP399\A0031132.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP399\A0031133.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP399\A0031133.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.Small.ieg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP399\A0031133.exe/data.rar Infected: Trojan-Downloader.Win32.Small.ieg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP399\A0031133.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP401\A0035115.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP401\A0035116.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP407\change.log Object is locked skipped
C:\VundoFix Backups\ddaby.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.imh skipped
C:\VundoFix Backups\nceklkhe.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\prinntfw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ssqrq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.imh skipped
C:\VundoFix Backups\wjoiywhx.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\woqrwoyy.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{C96EE61E-CF4F-45F9-A522-83318BE82B17}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\IntelDH.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\sam Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\security Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_46Pyu8D6GqnZG4b Object is locked skipped
C:\WINDOWS\Temp\mcmsc_pIbSacudKjyX633 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_sXqOJ6ULD1mC0ay Object is locked skipped
C:\WINDOWS\Temp\mcmsc_YPTrJgfdLglNB2z Object is locked skipped
C:\WINDOWS\Temp\mcmsc_Z1GaccTqicQ50E7 Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_c00.dat Object is locked skipped
C:\WINDOWS\Temp\sqlite_3QSvDiaiTEBOFPT Object is locked skipped
C:\WINDOWS\Temp\sqlite_3yPJmjkDpubu7Qz Object is locked skipped
C:\WINDOWS\Temp\sqlite_b2qikdXtO9LObLS Object is locked skipped
C:\WINDOWS\Temp\sqlite_cQ3MtJmOXde9hUK Object is locked skipped
C:\WINDOWS\Temp\sqlite_hrQk7zUZZqynU0F Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:15 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\herod\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\herod\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\herod\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 12496 bytes
  • 0

#6
RatHat
Posted 14 February 2008 - 07:42 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hey there,

OK! Well done, your log is clean again! :)

Now lets uninstall Combofix and have a bit of a cleanup:
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
The above procedure will do the following:
  • Delete ComboFix and its associated files and folders.
  • Delete VundoFix backups, if present
  • Delete the C:\Deckard folder, if present
  • Delete the C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.
Please delete any logs or other files we have used during the fixing of your machine.

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


An essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


In addition to Windows updates, you also need to ensure that your version of Java is the latest.Click here to download the latest version (Java Runtime Environment (JRE) 6 Update 4). Once downloaded, install it and then Reboot your computer.

It is most important that you also uninstall older versions of Java.
  • Click Start, Control Panel, Add/Remove Programs.
  • Delete all Java updates except Java ™ 6 Update 4
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OK, now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware
  • SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. A tutorial can be found here.
  • Spybot Search & Destroy a powerful tool which can "search and destroy" nasties that make it onto your system. Now with an Immunize section that will help prevent future infections. A tutorial can be found here.
  • AdAware another very powerful tool which searches and kills nasties that infect your system. A tutorial can be found here. AdAware and Spybot Search & Destroy compliment each other very well.

Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Lastly, it is a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

Temp File Cleaners
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Note: Do NOT run this program if you have XP Professional 64 bit edition.
  • ATF Cleaner A very powerful cleaning program for XP and Windows 2000 only. Note: You may have this already as part of the fixes you have run.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I will keep this log open for the next couple of days, so if you have any further problems post another reply here.

OK, all the best, and stay safe!

Best regards,
RatHat
  • 0

#7
RatHat
Posted 16 February 2008 - 07:45 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP