[codycjb]

my computer is having alot of problems i cant get it to run normally so i have to run in safe mode. i cant get a task manager to run. i tryed updateing windows and other programs i usually run to tix the problem but i cant update anything. when i turn the computer on normally i get a blue screen tellin me i have spyware infection and i cant get past that. heres my log.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:35 PM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\TEMP\BN7.tmp
C:\WINDOWS\system32\drivers\spools.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {014A4822-BB58-44C0-A68E-CB9E579EE4BF} - C:\WINDOWS\system32\atl7.dll
O2 - BHO: (no name) - {10319EB0-7626-0AD9-0412-2800BAC980CA} - C:\WINDOWS\system32\uudgnf.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\John\LOCALS~1\Temp\3D31.tmp/r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\system32\alt.exe.exe
O4 - HKLM\..\Run: [AntiVirusPro] C:\Program Files\AntiVirusPro\AntiVirusPro.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\John\cftmon.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA7945] command /c del "C:\WINDOWS\2020search.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3489] cmd /c del "C:\WINDOWS\2020search.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3822] command /c del "C:\WINDOWS\system32\WER8274.DLL_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1126] cmd /c del "C:\WINDOWS\system32\WER8274.DLL_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8411] command /c del "C:\WINDOWS\system32\ctfmona.exe_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5129] cmd /c del "C:\WINDOWS\system32\ctfmona.exe_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8240] command /c del "C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5140] cmd /c del "C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5620] command /c del "C:\WINDOWS\system32\wsnpoem\video.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9410] cmd /c del "C:\WINDOWS\system32\wsnpoem\video.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4804] command /c del "C:\WINDOWS\system32\wsnpoem\audio.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8480] cmd /c del "C:\WINDOWS\system32\wsnpoem\audio.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\John\MYDOCU~1\SMBOLS~1\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [aromis] C:\WINDOWS\aromis.exe
O4 - HKCU\..\Run: [Ershoihb] "C:\Documents and Settings\John\Application Data\?ecurity\w?wexec.exe"
O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
O4 - HKCU\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe"
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\John\cftmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8184] command /c del "C:\WINDOWS\bjam.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5659] cmd /c del "C:\WINDOWS\bjam.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4741] command /c del "C:\WINDOWS\2020search.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1396] cmd /c del "C:\WINDOWS\2020search.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4732] command /c del "C:\WINDOWS\system32\WER8274.DLL_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8612] cmd /c del "C:\WINDOWS\system32\WER8274.DLL_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9330] command /c del "C:\WINDOWS\system32\ctfmona.exe_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2436] cmd /c del "C:\WINDOWS\system32\ctfmona.exe_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1602] command /c del "C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD826] cmd /c del "C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6956] command /c del "C:\WINDOWS\system32\wsnpoem\video.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3335] cmd /c del "C:\WINDOWS\system32\wsnpoem\video.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1002] command /c del "C:\WINDOWS\system32\wsnpoem\audio.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3950] cmd /c del "C:\WINDOWS\system32\wsnpoem\audio.dll_tobedeleted"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2810EB22-763D-4D0C-9450-64BBD1758685}: NameServer = 85.255.116.52,85.255.112.108
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF10C264-C3DF-47C9-B4C5-CEF2A7A7DBC8}: NameServer = 85.255.116.52,85.255.112.108
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.52 85.255.112.108
O17 - HKLM\System\CS1\Services\Tcpip\..\{2810EB22-763D-4D0C-9450-64BBD1758685}: NameServer = 85.255.116.52,85.255.112.108
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.52 85.255.112.108
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O21 - SSODL: hoYiTukQUTqEw - {D04D1AA3-7AE7-B009-8FF7-1FB6B1BC9023} - C:\WINDOWS\system32\en.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O24 - Desktop Component 0: Desktop Uninstall - C:\WINDOWS\warnhp.html

[Advertisements]

Hi codycjb

welcome back to geekstogo

lets try and get you back into normal mode first.

firstly, do you recognise this address: UkrTeleGroup Ltd., Mechnikova 58/5, 65029 Odessa, Ukraine. is it your ISP? or your company?


===STEP 1====
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O24 - Desktop Component 0: Desktop Uninstall - C:\WINDOWS\warnhp.html

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


===STEP 2====
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

In your next reply could i see:
1. the Report.txt
2. a new hijackthis log
3. and whether you can get back into normal mode?

andrewuk

[andrewuk]

Hi codycjb

welcome back to geekstogo

lets try and get you back into normal mode first.

firstly, do you recognise this address: UkrTeleGroup Ltd., Mechnikova 58/5, 65029 Odessa, Ukraine. is it your ISP? or your company?


===STEP 1====
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O24 - Desktop Component 0: Desktop Uninstall - C:\WINDOWS\warnhp.html

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


===STEP 2====
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

In your next reply could i see:
1. the Report.txt
2. a new hijackthis log
3. and whether you can get back into normal mode?

andrewuk

[codycjb]

ok, i deleted what u told me to on hijackthis,

then i did the sdfix thing and it started and after like a minute it said "the system cannot find the file Specified" i let it sit for awhile after that but nothing happened. so thats as far as i got with that. and still couldnt get into normal mode.

to answner the other question no thats not my company or ip.

heres a new hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:01:34 PM, on 4/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\TEMP\BND.tmp
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\John\LOCALS~1\Temp\3D31.tmp/r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\John\cftmon.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA8240] command /c del "C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5140] cmd /c del "C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5620] command /c del "C:\WINDOWS\system32\wsnpoem\video.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9410] cmd /c del "C:\WINDOWS\system32\wsnpoem\video.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4804] command /c del "C:\WINDOWS\system32\wsnpoem\audio.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8480] cmd /c del "C:\WINDOWS\system32\wsnpoem\audio.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\John\cftmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8184] command /c del "C:\WINDOWS\bjam.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5659] cmd /c del "C:\WINDOWS\bjam.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4741] command /c del "C:\WINDOWS\2020search.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1396] cmd /c del "C:\WINDOWS\2020search.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4732] command /c del "C:\WINDOWS\system32\WER8274.DLL_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8612] cmd /c del "C:\WINDOWS\system32\WER8274.DLL_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9330] command /c del "C:\WINDOWS\system32\ctfmona.exe_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2436] cmd /c del "C:\WINDOWS\system32\ctfmona.exe_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1602] command /c del "C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD826] cmd /c del "C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6956] command /c del "C:\WINDOWS\system32\wsnpoem\video.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3335] cmd /c del "C:\WINDOWS\system32\wsnpoem\video.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1002] command /c del "C:\WINDOWS\system32\wsnpoem\audio.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3950] cmd /c del "C:\WINDOWS\system32\wsnpoem\audio.dll_tobedeleted"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O21 - SSODL: hoYiTukQUTqEw - {D04D1AA3-7AE7-B009-8FF7-1FB6B1BC9023} - C:\WINDOWS\system32\en.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe

Edited by codycjb, 11 April 2008 - 01:07 PM.

[andrewuk]

then i did the sdfix thing and it started and after like a minute it said "the system cannot find the file Specified" i let it sit for awhile after that but nothing happened. so thats as far as i got with that. and still couldnt get into normal mode.

looks like it mostly ran successfully though.


====STEP 1====
could you uninstall the current version of spybot search & destroy that you have - it is out of date. we will install the most recent version when we are done.


====STEP 2====
Please copy (Ctrl C) and paste (Ctrl V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat. Please save it on your desktop.

sc stop Task Scheduler
sc delete Task Scheduler 
exit

do not run this file yet


====STEP 2====
Please download the OTMoveIt2 by OldTimer and Save it to your desktop.

Do NOT run it yet



Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below, if they are present. take your time and make sure you select the correct entries!

F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,C:\WINDOWS\system32\wmsdkns.exe,

O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)

O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\John\LOCALS~1\Temp\3D31.tmp/r
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\John\cftmon.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA8240] command /c del "C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5140] cmd /c del "C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5620] command /c del "C:\WINDOWS\system32\wsnpoem\video.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9410] cmd /c del "C:\WINDOWS\system32\wsnpoem\video.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4804] command /c del "C:\WINDOWS\system32\wsnpoem\audio.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8480] cmd /c del "C:\WINDOWS\system32\wsnpoem\audio.dll_tobedeleted"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\John\cftmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8184] command /c del "C:\WINDOWS\bjam.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5659] cmd /c del "C:\WINDOWS\bjam.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4741] command /c del "C:\WINDOWS\2020search.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1396] cmd /c del "C:\WINDOWS\2020search.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4732] command /c del "C:\WINDOWS\system32\WER8274.DLL_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8612] cmd /c del "C:\WINDOWS\system32\WER8274.DLL_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9330] command /c del "C:\WINDOWS\system32\ctfmona.exe_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2436] cmd /c del "C:\WINDOWS\system32\ctfmona.exe_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1602] command /c del "C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD826] cmd /c del "C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6956] command /c del "C:\WINDOWS\system32\wsnpoem\video.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3335] cmd /c del "C:\WINDOWS\system32\wsnpoem\video.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1002] command /c del "C:\WINDOWS\system32\wsnpoem\audio.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3950] cmd /c del "C:\WINDOWS\system32\wsnpoem\audio.dll_tobedeleted"
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')

O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll

O21 - SSODL: hoYiTukQUTqEw - {D04D1AA3-7AE7-B009-8FF7-1FB6B1BC9023} - C:\WINDOWS\system32\en.dll

O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


Double click FixServices.bat. A window will open and close. This is normal.



Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\WINDOWS\system32\ntos.exe
  C:\WINDOWS\system32\wmsdkns.exe
  C:\WINDOWS\system32\drivers\spools.exe
  C:\DOCUME~1\John\LOCALS~1\Temp\3D31.tmp
  C:\Documents and Settings\John\cftmon.exe
  C:\WINDOWS\SYSTEM32\WLCtrl32.dll
  C:\WINDOWS\system32\en.dll
  Purity

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


In your next reply could i see:
1. the OTMoveIT log
2. a new hijackthis log

andrewuk

Edited by andrewuk, 11 April 2008 - 01:32 PM.

[codycjb]

i did everything u told me, now i cant open any programs or even my computer or my documents.

i get C:\windows\explorer.exe Application not found

Edited by codycjb, 11 April 2008 - 02:04 PM.

[codycjb]

ok i figured out how to get into the c drive i just cant do it from the start menu for some reason. and not a single program will open and i am really freaking out about this. but heres the log from OTmoveit

File move failed. C:\WINDOWS\system32\ntos.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\wmsdkns.exe moved successfully.
C:\WINDOWS\system32\drivers\spools.exe moved successfully.
C:\DOCUME~1\John\LOCALS~1\Temp\3D31.tmp moved successfully.
C:\Documents and Settings\John\cftmon.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\WLCtrl32.dll
C:\WINDOWS\SYSTEM32\WLCtrl32.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\WLCtrl32.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\en.dll
C:\WINDOWS\system32\en.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\en.dll scheduled to be moved on reboot.
< Purity >
C:\Program Files\Outerinfo moved successfully.
C:\Documents and Settings\John\My Documents\sуmbols\sуmbols moved successfully.
C:\Documents and Settings\John\My Documents\sуmbols moved successfully.
C:\Documents and Settings\John\Application Data\ѕecurity moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04112008_155248

Edited by codycjb, 11 April 2008 - 02:12 PM.

[andrewuk]

ok, lets use system restore:

Boot into safe mode. Click the System Restore link. Click the Restore My Computer to an earlier time.

[codycjb]

when i click system restore, it does the same thing as everything else. it brings up the "open with" window like it doesnt know what program to run.

[codycjb]

ok i figured out how to do a system restore, i just had to find the program for it in the open with app. so i did a system restore for a week back and that didnt help anything then i did it again for a month back and still no luck. so i used Otmoveit2 and restored what u told me to move and that fixed the problem of not being able to open my computer or other programs. was some of those files not sapose to be moved or something?
i got into windows in normal mode and i still have a desktop that takes over the screen tellin me i have spyware threat and that that bull. so lets start this again heres a new hijackthis log. looks like most of the stuff u had me delete on there didnt go anywhere.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:37 PM, on 4/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\BN19.tmp
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\John\cftmon.exe
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\John\cftmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O21 - SSODL: hoYiTukQUTqEw - {D04D1AA3-7AE7-B009-8FF7-1FB6B1BC9023} - C:\WINDOWS\system32\en.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe

Edited by codycjb, 11 April 2008 - 03:36 PM.

[andrewuk]

was some of those files not sapose to be moved or something?

they were all bad files, but lets get a fuller scan of your machine before we go any further.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

andrewuk

[codycjb]

Deckard's System Scanner v20071014.68
Run by John on 2008-04-11 18:13:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; unknown error code 0x00000001


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis (run as John.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:16:07 PM, on 4/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\BN19.tmp
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\John\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\John.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O21 - SSODL: hoYiTukQUTqEw - {D04D1AA3-7AE7-B009-8FF7-1FB6B1BC9023} - C:\WINDOWS\system32\en.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe

--
End of file - 9383 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080411-141951-118 O2 - BHO: (no name) - {014A4822-BB58-44C0-A68E-CB9E579EE4BF} - C:\WINDOWS\system32\atl7.dll
backup-20080411-141951-129 O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
backup-20080411-141951-163 O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
backup-20080411-141951-171 O17 - HKLM\System\CCS\Services\Tcpip\..\{2810EB22-763D-4D0C-9450-64BBD1758685}: NameServer = 85.255.116.52,85.255.112.108
backup-20080411-141951-179 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.52 85.255.112.108
backup-20080411-141951-199 O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\John\MYDOCU~1\SMBOLS~1\scanregw.exe" -vt yazb
backup-20080411-141951-212 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
backup-20080411-141951-214 O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\John\cftmon.exe
backup-20080411-141951-246 O4 - HKCU\..\Run: [aromis] C:\WINDOWS\aromis.exe
backup-20080411-141951-257 O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
backup-20080411-141951-264 O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
backup-20080411-141951-276 O21 - SSODL: hoYiTukQUTqEw - {D04D1AA3-7AE7-B009-8FF7-1FB6B1BC9023} - C:\WINDOWS\system32\en.dll
backup-20080411-141951-289 O17 - HKLM\System\CS1\Services\Tcpip\..\{2810EB22-763D-4D0C-9450-64BBD1758685}: NameServer = 85.255.116.52,85.255.112.108
backup-20080411-141951-303 O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
backup-20080411-141951-307 O4 - HKCU\..\Run: [Ershoihb] "C:\Documents and Settings\John\Application Data\?ecurity\w?wexec.exe"
backup-20080411-141951-334 O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
backup-20080411-141951-340 O4 - HKLM\..\Run: [AntiVirusPro] C:\Program Files\AntiVirusPro\AntiVirusPro.exe
backup-20080411-141951-396 O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
backup-20080411-141951-398 O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\system32\alt.exe.exe
backup-20080411-141951-404 O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
backup-20080411-141951-440 O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
backup-20080411-141951-532 O17 - HKLM\System\CCS\Services\Tcpip\..\{CF10C264-C3DF-47C9-B4C5-CEF2A7A7DBC8}: NameServer = 85.255.116.52,85.255.112.108
backup-20080411-141951-577 O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
backup-20080411-141951-592 O4 - HKCU\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe"
backup-20080411-141951-595 O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
backup-20080411-141951-671 O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
backup-20080411-141951-723 O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
backup-20080411-141951-737 O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
backup-20080411-141951-748 O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
backup-20080411-141951-778 O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\John\cftmon.exe
backup-20080411-141951-785 O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
backup-20080411-141951-801 O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
backup-20080411-141951-819 O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
backup-20080411-141951-869 O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
backup-20080411-141951-880 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
backup-20080411-141951-919 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.52 85.255.112.108
backup-20080411-141951-943 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,C:\WINDOWS\system32\ntos.exe,
backup-20080411-141951-953 O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
backup-20080411-141951-976 O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
backup-20080411-141951-995 O2 - BHO: (no name) - {10319EB0-7626-0AD9-0412-2800BAC980CA} - C:\WINDOWS\system32\uudgnf.dll
backup-20080411-142037-709 O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
backup-20080411-142515-898 O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
backup-20080411-143041-124 O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
backup-20080411-143041-697 O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
backup-20080411-143041-917 O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\John\cftmon.exe
backup-20080411-143554-120 O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
backup-20080411-143554-168 O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
backup-20080411-143554-174 O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
backup-20080411-143554-189 O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\John\cftmon.exe
backup-20080411-143554-217 O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
backup-20080411-143554-246 O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
backup-20080411-143554-307 O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
backup-20080411-143554-351 O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
backup-20080411-143554-403 O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
backup-20080411-143554-506 O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
backup-20080411-143554-520 O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
backup-20080411-143554-550 O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
backup-20080411-143554-597 O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
backup-20080411-143554-627 O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
backup-20080411-143554-710 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
backup-20080411-143554-774 O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
backup-20080411-143554-792 O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
backup-20080411-143554-853 O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
backup-20080411-143554-860 O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
backup-20080411-143554-874 O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
backup-20080411-143554-894 O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\John\cftmon.exe
backup-20080411-143924-860 O24 - Desktop Component 0: Desktop Uninstall - C:\WINDOWS\warnhp.html
backup-20080411-155004-128 O4 - HKCU\..\RunOnce: [SpybotDeletingB8184] command /c del "C:\WINDOWS\bjam.dll_tobedeleted"
backup-20080411-155004-147 O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
backup-20080411-155004-162 O4 - HKCU\..\RunOnce: [SpybotDeletingD8612] cmd /c del "C:\WINDOWS\system32\WER8274.DLL_tobedeleted"
backup-20080411-155004-178 O4 - HKLM\..\RunOnce: [SpybotDeletingC5140] cmd /c del "C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe_tobedeleted"
backup-20080411-155004-264 O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
backup-20080411-155004-267 O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\John\LOCALS~1\Temp\3D31.tmp/r
backup-20080411-155004-290 O4 - HKCU\..\RunOnce: [SpybotDeletingB1602] command /c del "C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe_tobedeleted"
backup-20080411-155004-295 O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
backup-20080411-155004-331 O4 - HKLM\..\RunOnce: [SpybotDeletingC8480] cmd /c del "C:\WINDOWS\system32\wsnpoem\audio.dll_tobedeleted"
backup-20080411-155004-344 O4 - HKCU\..\RunOnce: [SpybotDeletingB1002] command /c del "C:\WINDOWS\system32\wsnpoem\audio.dll_tobedeleted"
backup-20080411-155004-345 O4 - HKLM\..\RunOnce: [SpybotDeletingA8240] command /c del "C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe_tobedeleted"
backup-20080411-155004-354 O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
backup-20080411-155004-393 O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
backup-20080411-155004-399 O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
backup-20080411-155004-407 O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
backup-20080411-155004-413 O4 - HKCU\..\RunOnce: [SpybotDeletingD5659] cmd /c del "C:\WINDOWS\bjam.dll_tobedeleted"
backup-20080411-155004-442 O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
backup-20080411-155004-473 O4 - HKLM\..\RunOnce: [SpybotDeletingC9410] cmd /c del "C:\WINDOWS\system32\wsnpoem\video.dll_tobedeleted"
backup-20080411-155004-496 O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
backup-20080411-155004-515 O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
backup-20080411-155004-517 O4 - HKCU\..\RunOnce: [SpybotDeletingD3950] cmd /c del "C:\WINDOWS\system32\wsnpoem\audio.dll_tobedeleted"
backup-20080411-155004-528 O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
backup-20080411-155004-530 O4 - HKLM\..\RunOnce: [SpybotDeletingA5620] command /c del "C:\WINDOWS\system32\wsnpoem\video.dll_tobedeleted"
backup-20080411-155004-531 O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
backup-20080411-155004-573 O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\John\cftmon.exe
backup-20080411-155004-628 O4 - HKCU\..\RunOnce: [SpybotDeletingB9330] command /c del "C:\WINDOWS\system32\ctfmona.exe_tobedeleted"
backup-20080411-155004-660 F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,C:\WINDOWS\system32\wmsdkns.exe,
backup-20080411-155004-678 O4 - HKCU\..\RunOnce: [SpybotDeletingD826] cmd /c del "C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe_tobedeleted"
backup-20080411-155004-690 O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
backup-20080411-155004-730 O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
backup-20080411-155004-735 O4 - HKCU\..\RunOnce: [SpybotDeletingD3335] cmd /c del "C:\WINDOWS\system32\wsnpoem\video.dll_tobedeleted"
backup-20080411-155004-763 O4 - HKCU\..\RunOnce: [SpybotDeletingB4741] command /c del "C:\WINDOWS\2020search.dll_tobedeleted"
backup-20080411-155004-791 O4 - HKCU\..\RunOnce: [SpybotDeletingD1396] cmd /c del "C:\WINDOWS\2020search.dll_tobedeleted"
backup-20080411-155004-804 O4 - HKCU\..\Run: [Yahoo! Pager] 1
backup-20080411-155004-837 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
backup-20080411-155004-843 O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\John\cftmon.exe
backup-20080411-155004-884 O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
backup-20080411-155004-911 O4 - HKLM\..\RunOnce: [SpybotDeletingA4804] command /c del "C:\WINDOWS\system32\wsnpoem\audio.dll_tobedeleted"
backup-20080411-155004-917 O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
backup-20080411-155004-930 O4 - HKCU\..\RunOnce: [SpybotDeletingD2436] cmd /c del "C:\WINDOWS\system32\ctfmona.exe_tobedeleted"
backup-20080411-155004-938 O4 - HKCU\..\RunOnce: [SpybotDeletingB6956] command /c del "C:\WINDOWS\system32\wsnpoem\video.dll_tobedeleted"
backup-20080411-155004-973 O4 - HKCU\..\RunOnce: [SpybotDeletingB4732] command /c del "C:\WINDOWS\system32\WER8274.DLL_tobedeleted"
backup-20080411-155004-996 O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
backup-20080411-155004-997 O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
backup-20080411-155005-174 O21 - SSODL: hoYiTukQUTqEw - {D04D1AA3-7AE7-B009-8FF7-1FB6B1BC9023} - C:\WINDOWS\system32\en.dll
backup-20080411-155005-384 O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe

-- File Associations -----------------------------------------------------------

.exe - exefile - shell\open\command - C:\WINDOWS\system32\drivers\spools.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Qwc05 - c:\windows\system32\drivers\qwc05.sys
R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee; McAfee Personal Firewall>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe <Not Verified; McAfee Inc.; McAfee SpamKiller>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-07 10:07:59 348 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DJ28RP91-John).job


-- Files created between 2008-03-11 and 2008-04-11 -----------------------------

2008-04-11 17:24:53 0 d-------- C:\Documents and Settings\John\Application Data\?ecurity
2008-04-11 17:24:52 91561 --a------ C:\WINDOWS\system32\wmsdkns.exe <Not Verified; Microsoft; XML Media>
2008-04-11 17:24:52 24937 --a------ C:\WINDOWS\system32\drivers\spools.exe
2008-04-11 17:24:52 0 d-------- C:\Program Files\Outerinfo
2008-04-11 17:17:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-11 17:17:02 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-11 17:17:02 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-11 17:17:02 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-11 17:17:02 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-11 17:17:02 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-11 17:17:02 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-11 17:17:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-04-11 17:17:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-11 17:17:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2008-04-11 16:40:28 0 d-------- C:\WINDOWS\network diagnostic
2008-04-11 16:36:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-04-11 15:00:36 10752 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-04-11 14:49:37 0 d-------- C:\WINDOWS\ERUNT
2008-04-09 18:23:19 0 d-------- C:\Program Files\Trend Micro
2008-04-09 18:22:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-04-09 18:20:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-04-09 18:18:40 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-09 18:18:40 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-09 18:18:40 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-09 18:18:40 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-09 18:18:40 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-09 18:18:40 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-09 18:18:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2008-04-09 18:18:39 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-09 18:18:39 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-09 18:16:25 51922 --a------ C:\Documents and Settings\LocalService\cftmon.exe
2008-04-09 18:09:44 12544 --a------ C:\WINDOWS\bjam.dll
2008-04-09 17:38:26 691545 --a------ C:\WINDOWS\unins000.exe
2008-04-09 17:38:26 2542 --a------ C:\WINDOWS\unins000.dat
2008-04-09 07:10:55 0 d-------- C:\Program Files\QdrPack
2008-04-09 06:41:35 71168 --a------ C:\WINDOWS\system32\msiconf.exe
2008-04-08 07:58:52 0 d-------- C:\Documents and Settings\John\Application Data\Anti-Virus-Pro.com
2008-04-08 07:58:40 0 d-------- C:\Program Files\AntiVirusPro
2008-04-08 06:56:26 139776 --a------ C:\WINDOWS\aromis.exe
2008-04-07 10:48:37 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-04-07 10:47:43 25472 --a------ C:\WINDOWS\system32\drivers\Qwc05.sys
2008-04-07 10:46:12 12800 --a------ C:\WINDOWS\system32\~.exe
2008-04-06 22:00:24 28160 --a------ C:\WINDOWS\voiceip.dll
2008-04-06 22:00:24 0 d-------- C:\Program Files\stc
2008-04-06 22:00:23 26112 --a------ C:\WINDOWS\swin32.dll
2008-04-06 22:00:23 10752 --a------ C:\WINDOWS\cdsm32.dll
2008-04-06 22:00:22 15360 --a------ C:\WINDOWS\mssvr.exe
2008-04-06 22:00:22 11776 --a------ C:\WINDOWS\mspphe.dll
2008-04-06 22:00:20 0 d-------- C:\Program Files\180search assistant
2008-04-06 22:00:18 9728 --a------ C:\WINDOWS\salm.exe
2008-04-06 22:00:18 25600 --a------ C:\WINDOWS\180ax.exe
2008-04-06 22:00:17 22272 --a------ C:\WINDOWS\saiemod.dll
2008-04-06 22:00:16 21248 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-04-06 22:00:16 26880 --a------ C:\WINDOWS\msapasrc.dll
2008-04-06 22:00:16 15104 --a------ C:\WINDOWS\msa64chk.dll
2008-04-06 22:00:14 12288 --a------ C:\WINDOWS\system32\SIPSPI32.dll
2008-04-06 22:00:14 13568 --a------ C:\WINDOWS\system32\shdocpe.dll
2008-04-06 22:00:14 11520 --a------ C:\WINDOWS\system32\ntnut32.exe
2008-04-06 22:00:14 14080 --a------ C:\WINDOWS\shdocpl.dll
2008-04-06 22:00:14 31744 --a------ C:\WINDOWS\ntnut.exe
2008-04-06 22:00:13 15616 --a------ C:\WINDOWS\shdocpe.dll
2008-04-06 22:00:12 12288 --a------ C:\WINDOWS\winsb.dll
2008-04-06 22:00:12 27392 --a------ C:\WINDOWS\browserad.dll
2008-04-06 22:00:12 26112 --a------ C:\WINDOWS\aviwrap32.dll
2008-04-06 22:00:12 0 d-------- C:\Program Files\Sysmnt
2008-04-06 22:00:11 8960 --a------ C:\WINDOWS\avisynthex32.dll
2008-04-06 22:00:11 16128 --a------ C:\WINDOWS\avifile32.dll
2008-04-06 22:00:11 15360 --a------ C:\WINDOWS\autodisc32.dll
2008-04-06 22:00:11 17664 --a------ C:\WINDOWS\audiosrv32.dll
2008-04-06 22:00:11 32256 --a------ C:\WINDOWS\ati2dvag32.dll
2008-04-06 22:00:10 18176 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-04-06 22:00:10 12032 --a------ C:\WINDOWS\athprxy32.dll
2008-04-06 22:00:10 29184 --a------ C:\WINDOWS\asycfilt32.dll
2008-04-06 22:00:09 26624 --a------ C:\WINDOWS\changeurl_30.dll
2008-04-06 22:00:09 10496 --a------ C:\WINDOWS\asferror32.dll
2008-04-06 22:00:09 25856 --a------ C:\WINDOWS\apphelp32.dll
2008-04-06 19:25:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-04-06 19:23:21 0 d-------- C:\Program Files\Bat
2008-04-06 19:22:53 0 d-------- C:\Program Files\QdrModule
2008-04-06 19:22:50 0 d-------- C:\Program Files\QdrDrive
2008-04-06 19:22:48 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-04-06 19:22:45 0 d-------- C:\Program Files\ISM
2008-04-05 01:29:14 270694 --a------ C:\WINDOWS\system32\000090.exe
2008-04-04 12:26:00 229527 --a------ C:\WINDOWS\system32\000080.exe
2008-04-01 04:12:22 16 --a------ C:\s3ck
2008-03-28 16:02:15 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-03-28 16:00:35 0 d-------- C:\Program Files\Dell Support Center
2008-03-28 16:00:23 0 d-------- C:\Program Files\Common Files\supportsoft
2008-03-20 00:51:30 16 --a------ C:\s2p8
2008-03-19 11:34:06 16 --a------ C:\s2i4


-- Find3M Report ---------------------------------------------------------------

2008-04-11 17:24:53 0 d-------- C:\Documents and Settings\John\Application Data\?ecurity
2008-04-11 17:15:59 0 d-------- C:\Program Files\Common Files
2008-04-04 16:04:26 5018 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-04 16:04:26 104 -r-hs---- C:\WINDOWS\system32\0628A65766.sys
2008-03-20 16:07:41 0 d-------- C:\Documents and Settings\John\Application Data\Corel
2008-03-04 21:04:45 16 --a------ C:\s1uk
2008-02-23 10:22:10 16 --a------ C:\s3hk


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 09:42 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 07:48 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [10/05/2005 05:12 AM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [03/22/2006 08:27 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/22/2006 08:27 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 12:44 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 12:44 PM]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [07/08/2005 07:18 PM]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [08/12/2005 12:02 AM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 07:29 PM]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 01:05 PM]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [08/12/2005 05:16 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 07:20 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/15/2007 03:12 AM]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [09/26/2005 11:26 AM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [09/08/2005 09:20 PM]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [08/31/2005 01:06 PM]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [08/10/2005 02:49 PM]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [11/11/2005 06:00 PM]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [12/09/2003 03:02 PM]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [11/15/2006 08:07 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 09:35 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 09:32 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 09:36 AM]
"MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [07/26/2005 02:49 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"ntuser"="C:\WINDOWS\system32\drivers\spools.exe" [04/07/2008 10:47 AM]
"MRT"="C:\WINDOWS\system32\MRT.exe" [04/05/2008 10:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/25/2007 09:04 PM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [11/14/2007 06:33 PM]
"ntuser"="C:\WINDOWS\system32\drivers\spools.exe" [04/07/2008 10:47 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [3/22/2006 8:27:10 AM]
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [3/25/2006 3:12:21 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3/22/2006 8:24:19 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"hoYiTukQUTqEw"= {D04D1AA3-7AE7-B009-8FF7-1FB6B1BC9023} - C:\WINDOWS\system32\en.dll [04/16/2007 11:52 AM 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,C:\WINDOWS\system32\ntos.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 04/11/2008 05:21 PM 10752 C:\WINDOWS\system32\WLCtrl32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qwc05.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved]
@="Driver Group"




-- End of Deckard's System Scanner: finished at 2008-04-11 18:17:55 ----------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.53GHz
Percentage of Memory in Use: 79%
Physical Memory (total/avail): 253.98 MiB / 52.21 MiB
Pagefile Memory (total/avail): 624.8 MiB / 305.89 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.65 MiB

C: is Fixed (NTFS) - 71.46 GiB total, 58.89 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD800BB-75JHC0 - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 71.46 GiB - C:
\PARTITION2 - Unknown - 3 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: McAfee Personal Firewall Plus v (McAfee)
AV: McAfee VirusScan v (McAfee) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\WINDOWS\\aromis.exe"="C:\\WINDOWS\\aromis.exe:*:Enabled:enable"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\John\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DJ28RP91
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\John
LOGONSERVER=\\DJ28RP91
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\John\LOCALS~1\Temp
TMP=C:\DOCUME~1\John\LOCALS~1\Temp
USERDOMAIN=DJ28RP91
USERNAME=John
USERPROFILE=C:\Documents and Settings\John
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

John (admin)
L2MFIX (new local, admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /appid=MSK /uninstall=1 /interact=1 /script_proactive=0 /start="c:\PROGRA~1\mcafee.com\agent\uninst\mskremui.dll::uninstall.htm"
--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mpf /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\mpfrem.ui::uninstall.htm
--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mps /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\mpsrem.ui::uninstall.htm
--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
--> C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe
Anti Virus Pro spyware remover --> "C:\Program Files\AntiVirusPro\uninstall.exe"
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Connectivity Services --> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
AT&T Self Support Tool --> C:\WINDOWS\Motive\SBC\MCCUninst.exe
Bat --> "C:\Program Files\Bat\un_BatSetup_15041.exe"
CCC Pathways Program --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A6D29327-F4DE-4401-A5E8-9F58AD26474F} CPL
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digimax Master --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x9 -removeonly
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
Get High Speed Internet! --> MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Speed Monitor --> C:\Program Files\ISM\Uninstall.exe
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark Z600 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBCUN5C.EXE -dLexmark Z600 Series
McAfee Uninstaller --> C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Samsung USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86D6A20D-3910-4441-A3E5-EB6977251C86}\Setup.exe" anything
SBC Yahoo! Applications --> C:\PROGRA~1\Yahoo!\common\uninstall.exe
Search Assist --> MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
URL Assistant --> regsvr32 /u /s "c:\Program Files\BAE\BAE.dll"
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}


-- Application Event Log -------------------------------------------------------

Event Record #/Type997 / Warning
Event Submitted/Written: 04/11/2008 05:21:29 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type996 / Warning
Event Submitted/Written: 04/11/2008 05:21:29 PM
Event ID/Source

[andrewuk]

ok, lets take this a step at a time:

in this post we will fix a file association and run a scan to clear some infections i can see:

====STEP 1====
could you first creat another system restore point.


====STEP 2====
click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /daft
This will open up Deckard's File Association Tool

• Click on the Scan button.
• Select everything it is displaying there
• Click the Fix button.
• Then rescan with DAFT again - it should say now that "All associations are OK"
• Close DAFT if you receive that message. This means that it is fixed now.

====STEP 3====
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


====STEP 4====
Close all other windows before proceeding.

• Double-click on dss.exe and follow the prompts.
• When it has finished, post main.txt

In your next reply could i see:
1. the malwarebytes log
2. the DSS log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

[codycjb]

Malwarebytes' Anti-Malware 1.11
Database version: 615

Scan type: Full Scan (C:\|)
Objects scanned: 95284
Time elapsed: 43 minute(s), 41 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 34
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 27
Files Infected: 153

Memory Processes Infected:
C:\WINDOWS\system32\drivers\spools.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\WLCtrl32.dll (Trojan.Agent) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f663b917-591f-4172-8d87-3d7d729007ca} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bat.batbho (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63f7460b-c831-4142-a4aa-5ec303ec4343} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bat.batbho.1 (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d279bc2b-a85b-4559-8fd9-ddc55f5d402d} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{b80a3586-caa5-41c8-89bf-e617f0b6cfbf} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{689dff39-4075-41af-b5dc-78d2bed94ad6} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{80b1f086-0909-4b1d-86be-0123edebd574} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bbfe44a7-c2aa-4f8a-be0b-fdfb6d3c38bf} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1212bcb8-67dd-475e-8025-9d2198fb8f61} (Adware.AdBand) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{1212bcb8-67dd-475e-8025-9d2198fb8f61} (Adware.AdBand) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8334a30c-49e5-489a-b63d-5b927c1ef46e} (Adware.AdBand) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ism (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WLCtrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d04d1aa3-7ae7-b009-8ff7-1fb6b1bc9023} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\schedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\schedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\schedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\QdrPack (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\QdrModule (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\BATCO (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Batco (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\bat.DLL (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bat (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bat (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AntiVirusPro (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti Virus Pro spyware remover (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\hoYiTukQUTqEw (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ntuser (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ntuser (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\wmsdkns.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\ntos.exe -> Delete on reboot.

Folders Infected:
C:\Program Files\180search assistant (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Delete on reboot.
C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusPro (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusPro\Quarantine (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\QdrDrive (Adware.AdBand) -> Quarantined and deleted successfully.
C:\Program Files\Bat (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\ISM (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrModule (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\stc (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Start Menu\Programs\Internet Speed Monitor (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Anti Virus Pro spyware remover (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Application Data\Anti-Virus-Pro.com (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Application Data\Anti-Virus-Pro.com\AntiVirusPro (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Application Data\Anti-Virus-Pro.com\AntiVirusPro\BrowserObjects (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKCURun (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKLMRun (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\StartMenuAllUsers (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\StartMenuCurrentUser (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKCURun\RunOnce (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKCURun\RunOnceEx (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKLMRun\RunOnce (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKLMRun\RunOnceEx (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Rabio (Adware.Rabio) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Bat\Bat.dll (Adware.Batco) -> Quarantined and deleted successfully.
C:\10.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\11.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\18.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\23.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\26.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\29.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\2D.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\32.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\35.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\4.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\7.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\9.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\D.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\BatSetup.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\bbneww.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\outerinfo.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\rsyncini.exe (Trojan.Shutdowner) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\syswcc32.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\TMP39.tmp (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\RarSFX0\webhdll.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\RarSFX0\whAgent.exe (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\RarSFX0\whiehlpr.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\RarSFX0\whInstaller.exe (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\7.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN10.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN11.tmp (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN12.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN16.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN8A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BNA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BNB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\0OATK6WR\us[1].exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\4D456JCZ\us[1].exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\4D456JCZ\us[2].exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\F78RJKUD\us[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Bat\Bat.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\Bat\un_BatSetup_15041.exe (Adware.Rabio) -> Quarantined and deleted successfully.
C:\Program Files\Bat\X_Bat.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080411-141951-995.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP728\A0020304.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0020322.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0021352.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0022352.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0022369.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0022388.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0023404.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0023423.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0023424.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0023425.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0023428.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0024453.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732\A0028424.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP733\A0029243.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\alsrmhknqlkfqd.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\alt.exe.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctfmonb.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbqhcfedoril.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msiconf.exe (Trojan.Peed) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nmdsf.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pgbmhsbadob.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wmsdkns.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04112008_155248\WINDOWS\system32\wmsdkns.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\180search assistant\180sa.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180search assistant\sau.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files\AntiVirusPro\AntiVirusPro.exe.local (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusPro\AntiVirusPro.exe.log (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusPro\Core.dll (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusPro\database.pkg (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusPro\Localization.dll (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusPro\msvcp71.dll (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusPro\msvcr71.dll (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusPro\Uninstall.exe (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusPro\WndSystem.dll (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\QdrDrive\QdrDrive15.dll (Adware.AdBand) -> Quarantined and deleted successfully.
C:\Program Files\QdrDrive\qdrloader.exe (Adware.AdBand) -> Quarantined and deleted successfully.
C:\Program Files\Bat\Bat.dll.intermediate.manifest (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\Bat\Bat.info (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\Bat\Bat.original (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\Bat\Info.dll (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\Bat\un_BatSetup_15041.txt (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\Bat\X_Bat.log (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\ISM\ism.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\ISM\Uninstall.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrModule\dicy.gz (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrModule\kwdy.gz (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrModule\pckr.dat (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrModule\QdrModule15.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack\QdrPack15.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\stc\csv5p070.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\Ssmgr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Anti Virus Pro spyware remover\Register Anti Virus Pro spyware remover.lnk (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Anti Virus Pro spyware remover\Start Anti Virus Pro spyware remover.lnk (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Anti Virus Pro spyware remover\Uninstall.lnk (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\WINDOWS\aromis.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000080.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000090.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\avifile32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avisynthex32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\aviwrap32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bjam.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\browserad.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cdsm32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\changeurl_30.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msa64chk.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msapasrc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mspphe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssvr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ntnut.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\saiemod.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\salm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\swin32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\voiceip.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSNSA32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntnut32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SIPSPI32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\180ax.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\apphelp32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asferror32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asycfilt32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\athprxy32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvaa32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvag32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\audiosrv32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\autodisc32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\licencia.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\telefonos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\textos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\en.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\~.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\spools.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WLCtrl32.dl_ (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WLCtrl32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\winfrun32.bin (Malware.Trace) -> Quarantined and deleted successfully.
C:\31.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntos.exe (Backdoor.Bot) -> Delete on reboot.
C:\Documents and Settings\LocalService\cftmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\cftmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Anti Virus Pro spyware remover.lnk (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.







Deckard's System Scanner v20071014.68
Run by John on 2008-04-11 19:46:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis (run as John.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:11 PM, on 4/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\WINDOWS\system32\MRT.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\John\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\John.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

[andrewuk]

the DSS log seems to have got cut off, could you repost it please.

andrewuk

[codycjb]

well i got kind of a big problem. i downloaded avg antivirus and then did a restart and when the computer rebooted i get a fatal system error with an all blue screen, safe mode still works but thats it. and it seemed to be fixed after i ran that last scan.