Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help please...I have trojandownloader and abeot on my computer [CLOSED


  • This topic is locked This topic is locked

#1
jessenchrissy

jessenchrissy

    New Member

  • Member
  • Pip
  • 5 posts
I have a yellow exclamation point saying click here to fix problem. When I click it I get a popup that is antispyware-biz.

Can someone please help?

Here is my hijack report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:29 PM, on 4/2/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\jrxaoykf\pohwnili.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [jrxaoykf] C:\ProgramData\jrxaoykf\pohwnili.exe
O4 - HKCU\..\Run: [DZUGW7Wvx0] C:\ProgramData\zkdcpqxw\dslgjqhy.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [c8xuWiBSJ0] C:\ProgramData\zkdcpqxw\dslgjqhy.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: .protected
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - (no file)
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecu...s/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-w...agi3.0.84.2.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8798 bytes

Edited by jessenchrissy, 02 April 2008 - 10:21 PM.

  • 0

Advertisements


#2
Lusitano

Lusitano

    Trusted Helper

  • Retired Staff
  • 508 posts
Hello

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm


Download ComboFix from Here or Here to your Desktop.
Read first: "How to download and use ComboFix"
If you downloaded ComboFix previously, delete that version and download it again as the tool is frequently updated!
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
  • Be sure to re-enable your anti-virus and other security programs, after ComboFix finished.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Extra-Note: Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist. Please read Combofix's Disclaimer


Regards
  • 0

#3
jessenchrissy

jessenchrissy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thank you very much for taking time to help me out with my computer.
I am not the brightest on the computer side of life, but am getting better.

I hope this is all that you needed.

COMBO FIX LOG

ComboFix 08-04-03.5 - Jesse Mercer 2008-04-05 5:25:26.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1028 [GMT -5:00]
Running from: C:\Users\Jesse Mercer\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.protected
C:\Users\Jesse Mercer\AppData\Roaming\Def\CnsMin.dsc
C:\Users\Jesse Mercer\AppData\Roaming\Def\CnsMin.prf
C:\Users\Jesse Mercer\Desktopblackbird.jpg
C:\Users\Jesse Mercer\DesktopEditorFKWP1.5.exe
C:\Users\Jesse Mercer\DesktopEditorFKWP2.0.exe
C:\Users\Jesse Mercer\Desktopfilemanagerclient.exe
C:\Users\Jesse Mercer\Desktopfkwp1.5.exe
C:\Users\Jesse Mercer\Desktopfkwp2.0.exe
C:\Users\Jesse Mercer\Desktopfwebd.exe
C:\Users\Jesse Mercer\DesktopFWebdEditor.exe
C:\Users\Jesse Mercer\DesktopTrojan.Win32.BlackBird.exe
C:\Windows\system32\AutoRun.inf
C:\Windows\system32\drivers\etc\.protected

.
((((((((((((((((((((((((( Files Created from 2008-03-05 to 2008-04-05 )))))))))))))))))))))))))))))))
.

2008-04-04 11:29 . 2008-04-04 11:30 <DIR> d-------- C:\Program Files\Combo
2008-04-04 11:24 . 2008-04-04 11:25 1,612,758 --a------ C:\Users\Jesse Mercer\ComboFix.exe
2008-04-02 23:40 . 2008-04-03 09:22 <DIR> d-------- C:\Users\All Users\NVIDIA
2008-04-02 23:40 . 2008-04-03 09:22 <DIR> d-------- C:\ProgramData\NVIDIA
2008-04-02 22:01 . 2008-04-02 22:01 691 --a------ C:\Users\Jesse Mercer\AppData\Roaming\GetValue.vbs
2008-04-02 22:01 . 2008-04-02 22:01 35 --a------ C:\Users\Jesse Mercer\AppData\Roaming\SetValue.bat
2008-04-02 21:53 . 2008-04-02 21:54 <DIR> d-------- C:\Users\Jesse Mercer\SmitfraudFix
2008-04-02 21:53 . 2008-04-04 11:07 4,204 --a------ C:\Windows\System32\tmp.reg
2008-04-02 10:47 . 2008-04-02 10:47 <DIR> d-------- C:\Program Files\Realtek
2008-04-02 10:47 . 2008-01-17 07:22 4,907,008 --a------ C:\Windows\RtHDVCpl.exe
2008-04-02 10:47 . 2008-01-25 04:46 2,158,592 --a------ C:\Windows\System32\RtkAPO.dll
2008-04-02 10:47 . 2007-01-12 16:54 520,192 --a------ C:\Windows\RtlExUpd.dll
2008-04-02 10:47 . 2008-04-02 10:47 319,456 --a------ C:\Windows\DIFxAPI.dll
2008-04-02 10:47 . 2008-04-02 10:47 315,392 --a------ C:\Windows\HideWin.exe
2008-04-02 09:04 . 2008-04-02 09:04 <DIR> d-------- C:\PerfLogs
2008-04-02 07:50 . 2008-01-19 02:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-04-02 07:49 . 2008-01-19 01:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-04-02 07:48 . 2008-01-19 02:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-04-02 07:48 . 2008-01-19 02:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-04-02 07:48 . 2008-01-19 02:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-04-02 07:48 . 2008-01-19 02:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-04-02 07:48 . 2008-01-19 02:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-04-02 07:48 . 2008-01-19 02:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-04-02 01:29 . 2008-04-02 01:30 <DIR> d-------- C:\Program Files\Panda Security
2008-04-02 01:01 . 2008-04-02 01:01 <DIR> d-------- C:\Users\Jesse Mercer\AppData\Roaming\SUPERAntiSpyware.com
2008-04-02 01:01 . 2008-04-02 01:01 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-04-02 01:01 . 2008-04-02 01:01 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-04-02 01:01 . 2008-04-02 01:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-02 01:00 . 2008-04-02 01:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-02 00:27 . 2008-04-02 00:27 45 --a------ C:\Windows\System32\nDiagLog.xml
2008-04-01 23:11 . 2008-04-01 23:11 <DIR> d-------- C:\Users\Jesse Mercer\AppData\Roaming\Grisoft
2008-04-01 23:11 . 2008-04-01 23:11 <DIR> d-------- C:\Users\All Users\Grisoft
2008-04-01 23:11 . 2008-04-01 23:11 <DIR> d-------- C:\ProgramData\Grisoft
2008-04-01 23:11 . 2007-05-30 07:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-04-01 21:49 . 2008-04-01 21:49 <DIR> d-------- C:\Deckard
2008-03-31 17:24 . 2008-03-31 17:24 <DIR> d-------- C:\Users\Jesse Mercer\AppData\Roaming\Bitdefender
2008-03-31 17:24 . 2008-03-31 17:25 <DIR> d-------- C:\Users\All Users\BitDefender
2008-03-31 17:24 . 2008-03-31 17:25 <DIR> d-------- C:\ProgramData\BitDefender
2008-03-31 17:24 . 2008-03-31 17:24 <DIR> d-------- C:\Program Files\BitDefender
2008-03-31 17:21 . 2008-03-31 17:24 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-03-31 17:00 . 2008-03-31 17:00 73 --a------ C:\Windows\st_affiliate.ini
2008-03-31 16:21 . 2008-03-31 16:21 <DIR> d-------- C:\Windows\System32\vmm32
2008-03-31 10:40 . 2008-04-05 05:27 <DIR> d-------- C:\Users\Jesse Mercer\AppData\Roaming\Def
2008-03-31 10:40 . 2008-03-31 10:40 <DIR> d-------- C:\Users\Jesse Mercer\AppData\Roaming\Bin
2008-03-31 10:31 . 2008-03-31 10:31 <DIR> d-------- C:\Windows\AntiSpy
2008-03-31 10:31 . 2008-03-31 10:31 137 --a------ C:\Windows\tsiwinfile.dat
2008-03-31 10:13 . 2008-03-31 10:13 3,120 --a------ C:\Windows\System32\DRWSJLAD.ocx
2008-03-31 10:13 . 2008-03-31 10:13 3,120 --a------ C:\Windows\LJRGKDD9.ocx
2008-03-31 10:11 . 2008-03-31 17:30 <DIR> d-------- C:\Users\All Users\Defender Pro
2008-03-31 10:11 . 2008-03-31 17:30 <DIR> d-------- C:\ProgramData\Defender Pro
2008-03-31 10:11 . 2008-03-31 10:30 <DIR> d-------- C:\Program Files\Defender Pro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 13:44 --------- d-----w C:\ProgramData\HP Product Assistant
2008-04-02 15:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-02 15:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-02 14:17 174 --sha-w C:\Program Files\desktop.ini
2008-04-02 14:08 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-02 14:08 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-02 14:08 --------- d-----w C:\Program Files\Windows Mail
2008-04-02 14:08 --------- d-----w C:\Program Files\Windows Journal
2008-04-02 14:08 --------- d-----w C:\Program Files\Windows Defender
2008-04-02 14:08 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-02 14:08 --------- d-----w C:\Program Files\Windows Calendar
2008-04-02 13:03 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-02 13:03 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-02 03:42 --------- d-----w C:\Program Files\Trend Micro
2008-03-31 21:21 --------- d-----w C:\Program Files\Dell
2008-02-19 03:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-13 09:06 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-01-21 14:18 638,976 ----a-w C:\Windows\System32\RtkPgExt.dll
2008-01-19 07:44 986,680 ----a-w C:\Windows\System32\winload.exe
2008-01-19 07:44 926,776 ----a-w C:\Windows\System32\winresume.exe
2008-01-19 07:43 614,968 ----a-w C:\Windows\System32\ci.dll
2008-01-19 07:43 376,376 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-19 07:43 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-01-19 07:43 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-01-19 07:42 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
2008-01-19 07:42 51,768 ----a-w C:\Windows\System32\PSHED.DLL
2008-01-19 07:42 247,352 ----a-w C:\Windows\System32\clfs.sys
2008-01-19 07:42 177,208 ----a-w C:\Windows\System32\halmacpi.dll
2008-01-19 07:42 141,880 ----a-w C:\Windows\System32\halacpi.dll
2008-01-19 07:41 24,120 ----a-w C:\Windows\System32\BOOTVID.DLL
2008-01-19 07:41 21,560 ----a-w C:\Windows\System32\kdusb.dll
2008-01-19 07:41 19,512 ----a-w C:\Windows\System32\kdcom.dll
2008-01-19 07:38 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
2008-01-19 07:38 4,595,712 ----a-w C:\Windows\System32\AuthFWSnapin.dll
2008-01-19 07:38 242,744 ----a-w C:\Windows\System32\rsaenh.dll
2008-01-19 07:38 155,704 ----a-w C:\Windows\System32\dssenh.dll
2008-01-19 07:38 131,640 ----a-w C:\Windows\System32\basecsp.dll
2008-01-19 07:38 103,936 ----a-w C:\Windows\System32\NAPHLPR.DLL
2008-01-19 07:38 1,203,792 ----a-w C:\Windows\System32\ntdll.dll
2008-01-19 07:36 996,352 ----a-w C:\Windows\System32\WMNetMgr.dll
2008-01-19 07:35 98,304 ----a-w C:\Windows\System32\mssitlb.dll
2008-01-19 07:34 98,816 ----a-w C:\Windows\System32\mfps.dll
2008-01-19 07:33 98,304 ----a-w C:\Windows\System32\makecab.exe
2008-01-19 07:32 879,616 ----a-w C:\Windows\System32\Bubbles.scr
2008-01-19 07:32 704,512 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-19 07:32 5,714,432 ----a-w C:\Windows\System32\logon.scr
2008-01-19 07:32 258,048 ----a-w C:\Windows\System32\winspool.drv
2008-01-19 07:32 221,184 ----a-w C:\Windows\System32\Mystify.scr
2008-01-19 07:32 220,672 ----a-w C:\Windows\System32\Ribbons.scr
2008-01-19 07:32 21,504 ----a-w C:\Windows\System32\msacm32.drv
2008-01-19 07:32 166,912 ----a-w C:\Windows\System32\wdmaud.drv
2008-01-19 07:32 1,370,624 ----a-w C:\Windows\System32\Aurora.scr
2008-01-19 07:31 7,680 ----a-w C:\Windows\System32\spwizres.dll
2008-01-19 07:31 57,856 ----a-w C:\Windows\System32\nlsbres.dll
2008-01-19 07:31 118,272 ----a-w C:\Windows\System32\RDPENCDD.dll
2008-01-19 07:30 17,920 ----a-w C:\Windows\System32\netevent.dll
2008-01-19 07:29 705,536 ----a-w C:\Windows\System32\imagesp1.dll
2008-01-19 07:29 58,880 ----a-w C:\Windows\System32\msobjs.dll
2008-01-19 07:28 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-01-19 07:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-01-19 06:01 14,336 ----a-w C:\Windows\System32\tsddd.dll
2008-01-19 06:01 134,656 ----a-w C:\Windows\System32\rdpdd.dll
2008-01-19 05:52 56,320 ----a-w C:\Windows\System32\vga256.dll
2008-01-19 05:52 21,504 ----a-w C:\Windows\System32\vga64k.dll
2008-01-19 05:52 11,776 ----a-w C:\Windows\System32\framebuf.dll
2008-01-19 05:52 10,752 ----a-w C:\Windows\System32\vga.dll
2008-01-19 05:50 14,848 ----a-w C:\Windows\System32\iscsilog.dll
2008-01-19 05:48 20,992 ----a-w C:\Windows\System32\msdtcVSp1res.dll
2008-01-19 05:48 1,291,264 ----a-w C:\Windows\System32\comres.dll
2008-01-19 05:46 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-19 05:39 13,312 ----a-w C:\Windows\System32\WsmRes.dll
2008-01-19 05:37 2,031,616 ----a-w C:\Windows\System32\win32k.sys
2008-01-19 05:36 289,792 ----a-w C:\Windows\System32\atmfd.dll
2008-01-19 05:33 56,320 ----a-w C:\Windows\System32\graftabl.com
2008-01-19 05:31 8,322,048 ----a-w C:\Windows\System32\spwizimg.dll
2008-01-19 05:27 8,704 ----a-w C:\Windows\System32\kd1394.dll
2008-01-19 05:26 605,696 ----a-w C:\Windows\System32\adtschema.dll
2008-01-19 03:17 100,043 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-01-14 12:10 86,528 ----a-w C:\Windows\System32\AERTARen.dll
2008-01-14 12:10 135,168 ----a-w C:\Windows\System32\AERTACap.dll
2008-01-05 11:36 195,122 ----a-w C:\Windows\System32\winrm.vbs
2008-01-05 11:35 80,047 ----a-w C:\Windows\System32\slmgr.vbs
2008-01-05 11:34 15,181 ----a-w C:\Windows\System32\gatherWirelessInfo.vbs
2008-01-05 11:27 96,760 ----a-w C:\Windows\System32\dfshim.dll
2008-01-05 11:27 84,480 ----a-w C:\Windows\System32\mscories.dll
2008-01-05 11:27 282,112 ----a-w C:\Windows\System32\mscoree.dll
2008-01-05 11:27 158,720 ----a-w C:\Windows\System32\mscorier.dll
2008-01-05 11:21 779,800 ----a-w C:\Windows\System32\PresentationNative_v0300.dll
2008-01-05 11:21 579,584 ----a-w C:\Windows\System32\icardagt.exe
2008-01-05 11:21 350,744 ----a-w C:\Windows\System32\PresentationHost.exe
2008-01-05 11:21 33,304 ----a-w C:\Windows\System32\PresentationHostProxy.dll
2008-01-05 11:21 28,672 ----a-w C:\Windows\System32\TsWpfWrp.exe
2008-01-05 11:21 12,198 ----a-w C:\Windows\System32\gatherWiredInfo.vbs
2008-01-05 11:21 11,776 ----a-w C:\Windows\System32\icardres.dll
2008-01-05 11:21 106,520 ----a-w C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2007-12-07 13:10 122 ----a-w C:\Users\Jesse Mercer\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}]
C:\Program Files\PC-Antispyware\IeExtension.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 02:36 2153472 C:\Windows\System32\oobefldr.dll]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 13:09 460784]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 02:33 125952]
"DZUGW7Wvx0"="C:\ProgramData\zkdcpqxw\dslgjqhy.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"c8xuWiBSJ0"="C:\ProgramData\zkdcpqxw\dslgjqhy.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 02:38 1008184]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 01:03 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 07:22 4907008 C:\Windows\RtHDVCpl.exe]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 14:40 16384]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-13 00:24 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-16 17:45 360448]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-17 08:07 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-17 08:07 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-17 08:07 81920]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-11-20 14:02:16 50688]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2178265728-1913057435-1508887540-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{28B8758B-317D-432C-B6FC-A1FD49969A19}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{BDE22885-56FE-431A-B1AE-69CD721F0556}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{0296366C-8DA9-4C19-8234-B6C2D44C26C4}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{57C8BC4C-F45F-442A-B7F1-EA2ACC1905CF}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{5E91FD6D-CA18-49C5-9B83-7DB39F5D5A84}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{53596D9E-EF97-4533-839E-B3F3CBBA14A7}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{771F2FAA-D778-4433-92C9-F1DACEF17C4A}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{02A32A9C-EE7B-40BC-99A3-6499110CEBE6}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{27D9650D-FBA6-4EA4-91F7-30F23D0C3A9A}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{F2B0DE93-201A-4EBB-BCC1-1A8B973A8C0C}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{5B4BA756-640C-4120-A15E-0BBEA81E008C}"= UDP:C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe:Defender Pro
"{C050A92B-7690-4420-9FDE-6A9C6E9496F1}"= TCP:C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe:Defender Pro
"TCP Query User{2C253D0F-F10E-4736-B9AE-F3EA3826D7A3}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{37F609C7-E609-4560-9922-9AF813F991FB}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

R2 AERTFilters;Andrea RT Filters Service;C:\Windows\system32\AERTSrv.exe [2007-12-05 06:17]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-07-11 09:15]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 19:39]
R3 usbprint;Microsoft USB PRINTER Class;C:\Windows\system32\DRIVERS\usbprint.sys [2008-01-19 01:14]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 02:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bdx REG_MULTI_SZ scan

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 05:27:22
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-05 5:27:57
ComboFix-quarantined-files.txt 2008-04-05 10:27:54
Pre-Run: 271,589,826,560 bytes free
Post-Run: 271,563,104,256 bytes free
.
2008-04-03 14:20:48 --- E O F ---


SMITHFRAUDFIX LOG


SmitFraudFix v2.309

Scan done at 5:34:58.90, Sat 04/05/2008
Run from C:\Users\Jesse Mercer\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Jesse Mercer


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Jesse Mercer\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\JESSEM~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOEC62~1.DLL"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller
DNS Server Search Order: 192.168.0.1
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D577F6E2-70F2-44BB-ABF4-23F0D9256AE8}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D577F6E2-70F2-44BB-ABF4-23F0D9256AE8}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D577F6E2-70F2-44BB-ABF4-23F0D9256AE8}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



HIJACKTHIS LOG


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:42 AM, on 4/5/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DZUGW7Wvx0] C:\ProgramData\zkdcpqxw\dslgjqhy.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [c8xuWiBSJ0] C:\ProgramData\zkdcpqxw\dslgjqhy.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecu...s/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-w...agi3.0.84.2.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8850 bytes


Thanks again
Jesse
  • 0

#4
Lusitano

Lusitano

    Trusted Helper

  • Retired Staff
  • 508 posts
Hello,

1. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


2. Please do an online scan with Kaspersky WebScanner

Click on Posted Image

You will be prompted to install an ActiveX component from Kaspersky, Click Posted Image
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Posted Image
  • Now click on Posted Image
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click Posted Image
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post, along whit a new HijackThis log. Also let me know how i your computer its running.

  • 0

#5
jessenchrissy

jessenchrissy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I am running windows Vista and I noticed it said that this download is for windows XP and 2000, should I still run it?
  • 0

#6
Lusitano

Lusitano

    Trusted Helper

  • Retired Staff
  • 508 posts
Try on Panda:

http://www.pandasecu...tivescan/index/
  • 0

#7
Lusitano

Lusitano

    Trusted Helper

  • Retired Staff
  • 508 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP