Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan.vundo\ trojan.virtumonde [RESOLVED]


  • This topic is locked This topic is locked

#1
rodfree

rodfree

    Member

  • Member
  • PipPip
  • 27 posts
Hi,
I'm a newbie so I hope I make sense. I seemed to have picked up something from aim or something. I have run all the recommeded programs and everything seems to
run just fine. But three or four days later, my system seems to slow down again. I scanned with advast and malwarebytes and found a couple of infected files with each program. Could not run panda because it tried to infect me every time I tried to download it. Pop ups and redirected web pages have stopped. installed spyhunter to help protect system. ad aware was disabled by infection. SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/27/2008 at 07:21 PM

Application Version : 4.0.1154

Core Rules Database Version : 3448
Trace Rules Database Version: 1439

Scan type : Complete Scan
Total Scan Time : 01:20:03

Memory items scanned : 633
Memory threats detected : 0
Registry items scanned : 6116
Registry threats detected : 0
File items scanned : 94274
File threats detected : 31

Adware.Tracking Cookie
C:\Documents and Settings\Rodney\Cookies\[email protected][2].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][1].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][1].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][2].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][2].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][1].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][1].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][2].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][1].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][1].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][1].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][2].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][2].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][1].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][2].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][1].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][1].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][1].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][1].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][1].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][1].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][1].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][2].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][1].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][2].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][2].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][1].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][1].txt
C:\Documents and Settings\Rodney\Cookies\[email protected][1].txt

Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0003383.DLL

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\MCRH.TMP



hijack this logfile:






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:51 PM, on 4/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH

Jukebox\mmtask.exe
C:\Program Files\Common Files\Microsoft Shared\Works

Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier

.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare

software\bin\EasyShare.exe
C:\Documents and Settings\Rodney\Local

Settings\Temp\temp.frF13F\MS_Update.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32

\Userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-

768834316C61} - C:\Program Files\HP\Smart Web

Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-

58F732D338C0} - C:\Program Files\HP\Smart Web

Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7

-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-

001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-

D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05

\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-

8509-7D2660C9EC98} - C:\Program

Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-

8333-CF10577473F7} - c:\program

files\google\googletoolbar4.dll
O2 - BHO: (no name) - {AE44CD5B-6C39-4495-8120-

68E3E8B291AD} - C:\WINDOWS\system32\awtRkIXn.dll (file

missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-

4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-

009027A5CD4F} - c:\program

files\google\googletoolbar4.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-

9DAF-2561D68B2012} - C:\Program Files\Common

Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32

\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32

\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program

Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program

Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program

Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] C:\Program

Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection]

C:\Program Files\Common Files\Microsoft Shared\Works

Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program

Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4

\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell

Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32

\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher]

"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32

\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1

\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier

.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program

Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupport-] "C:\Program

Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program

Files\Dell Support Center\bin\sprtcmd.exe" /P

DellSupportCenter
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\1.2.908.5008

\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\1.2.908.5008

\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk =

C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk =

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk =

C:\Program Files\Kodak\Kodak EasyShare

software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program

Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MS_Update.lnk = C:\Documents and

Settings\Rodney\Local

Settings\Temp\temp.frF13F\MS_Update.exe
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-

1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace -

{04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program

Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5

-00401C608501} - C:\Program Files\Java\jre1.6.0_05

\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-

A538-10282ABF65E7} - C:\Program Files\HP\Smart Web

Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-

479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web

Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE

-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7

-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0

-818C-5D0987B47C4D} - C:\Program

Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E

-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig -

http://www.verizon.n...ludes/vzTCPConf

ig.CAB
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B}

(SysProWmi Class) -

http://support.dell....iler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}

(QuickTime Object) -

http://a1540.g.akama...205/qtinstall.i

nfo.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3}

(StagingUI Object) -

http://zone.msn.com/...gingUI.cab55579.

cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94}

(PCPitstop Utility) -

http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -

http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}

(ActiveScan 2.0 Installer Class) -

http://acs.pandasoft...abs/as2stubie.c

ab
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess

Object) -

http://zone.msn.com/...kqrp.cab55579.c

ab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN

Games – Buddy Invite) -

http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5}

(SupportSoft External Control) -

http://connect.comca...ast Activation%

20Controls.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3}

(ZonePAChat Object) -

http://zone.msn.com/...hat.cab55579.ca

b
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}

(Windows Live Safety Center Base Module) -

http://cdn.scan.onec.../download/scann

er/wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.micros...te/v6/V5Control

s/en/x86/client/muweb_site.cab?1154924112015
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6}

(Groove Control) -

http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303}

(ZPA_TexasHoldem Object) -

http://zone.msn.com/...txhe.cab55579.c

ab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539}

(Crucial cpcScan) -

http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN

Games - Installer) -

http://cdn2.zone.msn.../ZIntro.cab5557

9.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D}

(Toontown Installer ActiveX Control) -

http://download.toon...4.48/ttinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}

(ActiveDataInfo Class) -

http://www.symantec....sa/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN

Games – Game Communicator) -

http://zone.msn.com/...oxy.cab55579.ca

b
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}

(ActiveDataObj Class) - https://www-

secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell

PC Checkup Installer Control) -

http://pccheckup.del...ll/gtdownde.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941}

(Driver Agent ActiveX Control) -

http://driveragent.c...driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16B077D7-2574-

4927-89C2-7D116C4E4710}: NameServer =

68.87.72.130,68.87.77.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{16B077D7-2574-

4927-89C2-7D116C4E4710}: NameServer =

68.87.72.130,68.87.77.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{16B077D7-2574-

4927-89C2-7D116C4E4710}: NameServer =

68.87.72.130,68.87.77.130
O20 - Winlogon Notify: !SASWinLogon - C:\Program

Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: yayxwtSi - yayxwtSi.dll (file

missing)
O23 - Service: AOL Connectivity Service (AOL ACS) -

America Online, Inc. - C:\PROGRA~1\COMMON~1

\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. -

C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) -

ALWIL Software - C:\Program Files\Alwil Software\Avast4

\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software -

C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software -

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software -

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner -

C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google -

C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation -

C:\Program Files\Common Files\Sony

Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation -

C:\Program Files\Common Files\Sony

Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP -

C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service

(dellsupportcenter) (sprtsvc_dellsupportcenter) -

SupportSoft, Inc. - C:\Program Files\Dell Support

Center\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony

Corporation - C:\Program Files\Common Files\Sony

Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony

Corporation - C:\Program Files\Common Files\Sony

Shared\AVLib\SSScsiSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint

Corporation - C:\Program

Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service

(WANMiniportService) - America Online, Inc. -

C:\WINDOWS\wanmpsvc.exe

--
End of file - 14157 bytes




hjt uninstall list:




3D Groove Playback Engine
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
AIM 6
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20030807.3)
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Audacity 1.2.4
avast! Antivirus
AxCrypt (Remove Only)
Broadcom Management Programs
Buggin' Out (remove only)
CardRd81
CCScore
Christmas Time 3D Screensaver 1.0
Comcast High-Speed Internet Install Wizard
CR2
Dell Digital Jukebox Driver
Dell Media Experience
Dell Solution Center
Dell Support Center
DellSupport
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Funcade
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0.A
HP Photosmart Essential
HP Smart Web Printing
HP Solution Center 7.0
HP Update
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics Driver
Internet Explorer Default Page
iPod for Windows 2006-03-23
ItsDeductible Express
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
kgcbase
Kids Next Door
Kodak EasyShare software
Learn2 Player (Uninstall Only)
Macromedia Flash Player
Madagascar ™ Demo
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Picture It! Photo Premium 9
Microsoft Streets and Trips 2004
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mighty Math Calculating Crew (Remove only)
Modem Event Monitor
Modem Helper
Modem On Hold
MP3 Player Utilities 3.10
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MUSICMATCH® Jukebox
MySpeed PC
netbrdg
OCR Software by I.R.I.S 7.0
Offroad Arena
OfotoXMI
OpenMG Secure Module 4.6.01
OpenOffice.org 2.0
Panda ActiveScan 2.0
PokerStars.net
Pro Media Director Version 1.1.1.1
QuickTime
ScanToWeb
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
SFR
SFR2
SHASTA
Shockwave
skin0001
SKINXSDK
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SonicStage 4.2
Spelling Dictionaries Support For Adobe Reader 8
SpyHunter
staticcr
SUPERAntiSpyware Free Edition
tooltips
TurboTax Basic 2004
Tweak UI
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
V CAST Music Manager
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
VisualRoute
VPRINTOL
WebCyberCoach 3.2 Dell
WebIQ Client Software
WexTech AnswerWorks
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip
WIRELESS



malwarebytes log file:




Malwarebytes' Anti-Malware 1.11
Database version: 690

Scan type: Full Scan (C:\|)
Objects scanned: 137428
Time elapsed: 1 hour(s), 0 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\services (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



first malwarebytes log file(04-21-2008):




Malwarebytes' Anti-Malware 1.11
Database version: 668

Scan type: Quick Scan
Objects scanned: 41389
Time elapsed: 12 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 39
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 85

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\jhxnpxyg.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\Resources\AlrtRam.dll (Trojan.Clicker) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e5330b7a-25c1-4e9a-9898-1192b57bb0eb} (Trojan.Clicker) -> Delete on reboot.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a98d0065-7326-41b5-b8d9-c5b692cdb82f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\AlrtRam (Trojan.Clicker) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ZangoToolbar 4.8.3 (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodney\Application Data\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodney\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\jhxnpxyg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\gyxpnxhj.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\cpbrkpie.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
C:\WINDOWS\Web\def.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodney\Application Data\PC-Cleaner\log.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodney\Application Data\PC-Cleaner\settings.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodney\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodney\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodney\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodney\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodney\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32akttzn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32anticipator.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32awtoolb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32bdn.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32bsva-egihsg52.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32dpcproxy.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32emesx.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\[email protected]@@k.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32hoproxy.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32hxiwlgpm.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32hxiwlgpm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32medup012.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32medup020.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32msgp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32msnbho.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32mssecu.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32msvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32mtr2.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32mwin32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32netode.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32newsd32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ps1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32psof1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32psoft1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32regc64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32regm64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32Rundl1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32sncntr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ssurf022.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ssvchost.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ssvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32sysreq.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32taack.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32taack.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32temp#01.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32thun.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32thun32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32VBIEWER.OCX (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32vbsys2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32vcatchpi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32winlogonpc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32WINWGPX.EXE (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Resources\AlrtRam.dll (Trojan.Clicker) -> Delete on reboot.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\apoxqwfv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodney\Desktopblackbird.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodney\DesktopEditorFKWP1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodney\DesktopEditorFKWP2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodney\Desktopfilemanagerclient.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodney\Desktopfkwp1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodney\Desktopfkwp2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodney\Desktopfwebd.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodney\DesktopFWebdEditor.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodney\DesktopTrojan.Win32.BlackBird.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.


I hope this post is helpful. Thanks in advance, Rodfree.
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Open notepad, click Format, uncheck wordwrap


Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#3
rodfree

rodfree

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Thank you for your quick response. Here are the postings you requested.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:28 PM, on 4/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {AE44CD5B-6C39-4495-8120-68E3E8B291AD} - C:\WINDOWS\system32\awtRkIXn.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupport-] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MS_Update.lnk = C:\Documents and Settings\Rodney\Local Settings\Temp\temp.frF13F\MS_Update.exe
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www.verizon.n...vzTCPConfig.CAB
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/...rp.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - http://connect.comca..... Controls.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1154924112015
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/...he.cab55579.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab55579.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...4.48/ttinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16B077D7-2574-4927-89C2-7D116C4E4710}: NameServer = 68.87.72.130,68.87.77.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{16B077D7-2574-4927-89C2-7D116C4E4710}: NameServer = 68.87.72.130,68.87.77.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{16B077D7-2574-4927-89C2-7D116C4E4710}: NameServer = 68.87.72.130,68.87.77.130
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: yayxwtSi - yayxwtSi.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13881 bytes




ComboFix 08-04-29.3 - Rodney 2008-04-29 22:40:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.56 [GMT -5:00]
Running from: C:\Documents and Settings\Rodney\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rodney\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
The following files were disabled during the run:
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Rodney\Application Data\macromedia\Flash Player\#SharedObjects\9HK8H77N\www.broadcaster.com
C:\Documents and Settings\Rodney\Application Data\macromedia\Flash Player\#SharedObjects\9HK8H77N\www.broadcaster.com\bc_vars.sol
C:\Documents and Settings\Rodney\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Rodney\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\SYSTEM32\dqjtyoih.ini
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\SYSTEM32\enfoapbh.ini
C:\WINDOWS\SYSTEM32\ffucaqpo.ini
C:\WINDOWS\system32\hibqvedq.ini
C:\WINDOWS\SYSTEM32\nxdnhxmt.ini
C:\WINDOWS\SYSTEM32\nXIkRtwa.ini
C:\WINDOWS\SYSTEM32\nXIkRtwa.ini2
C:\WINDOWS\system32\okgjpkfq.ini
C:\WINDOWS\system32\pnmwntxd.ini
C:\WINDOWS\SYSTEM32\qmvgvirc.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))
.

2008-04-27 21:20 . 2008-04-27 21:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-22 00:46 . 2008-04-22 00:46 <DIR> d-------- C:\Program Files\Panda Security
2008-04-21 22:16 . 2008-04-21 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-21 22:15 . 2008-04-22 00:30 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-21 22:15 . 2008-04-21 22:15 <DIR> d-------- C:\Documents and Settings\Rodney\Application Data\SUPERAntiSpyware.com
2008-04-21 22:13 . 2008-04-21 22:13 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-21 21:32 . 2008-04-21 21:32 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 21:32 . 2008-04-21 21:32 <DIR> d-------- C:\Documents and Settings\Rodney\Application Data\Malwarebytes
2008-04-21 21:32 . 2008-04-21 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-21 21:29 . 2008-04-21 21:29 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-15 15:47 . 2008-04-17 22:24 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-13 19:53 . 2008-04-29 22:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-13 19:53 . 2008-04-13 19:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-11 22:45 . 2004-06-09 19:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-11 22:45 . 2004-06-09 19:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-04-11 22:45 . 2004-06-09 19:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-04-11 22:45 . 2008-04-11 22:45 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-11 22:45 . 2008-04-29 22:39 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-11 20:04 . 2008-04-11 20:04 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-09 17:13 . 2008-04-15 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nazefcxe
2008-04-06 22:43 . 2008-04-06 22:43 <DIR> d-------- C:\Documents and Settings\Rodney\MySpeed PC
2008-04-03 17:38 . 2008-04-03 17:39 <DIR> d-------- C:\Program Files\iTunes
2008-04-03 17:35 . 2008-04-10 19:49 <DIR> d-------- C:\Program Files\QuickTime
2008-04-01 17:45 . 2008-04-01 17:47 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts
2008-03-21 15:09 . 2008-03-21 15:09 <DIR> d-------- C:\Documents and Settings\Rodney\Application Data\acccore
2008-03-21 15:07 . 2008-03-21 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-03-21 15:06 . 2008-03-21 15:08 <DIR> d-------- C:\Program Files\AIM6
2008-03-10 19:06 . 2008-03-10 19:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 21:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-25 00:41 2,444 ----a-w C:\Documents and Settings\Rodney\Application Data\wklnhst.dat
2008-04-18 13:59 --------- d-----w C:\Program Files\The Weather Channel FW
2008-04-18 10:29 --------- d-----w C:\Program Files\Lavasoft
2008-04-11 01:04 30,601 ----a-w C:\WINDOWS\Java\x.exe
2008-04-05 01:45 --------- d-----w C:\Documents and Settings\Rodney\Application Data\OpenOffice.org2
2008-04-03 22:41 --------- d-----w C:\Documents and Settings\Rodney\Application Data\Apple Computer
2008-04-03 22:38 --------- d-----w C:\Program Files\iPod
2008-03-21 20:07 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-21 20:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-21 20:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-14 03:33 --------- d-----w C:\Program Files\Java
2008-03-11 00:08 --------- d-----w C:\Documents and Settings\Rodney\Application Data\Lavasoft
2008-03-05 21:03 479,752 ----a-w C:\WINDOWS\SYSTEM32\XAudio2_0.dll
2008-03-05 21:03 238,088 ----a-w C:\WINDOWS\SYSTEM32\xactengine3_0.dll
2008-03-05 21:00 25,608 ----a-w C:\WINDOWS\SYSTEM32\X3DAudio1_3.dll
2008-03-05 20:56 3,786,760 ----a-w C:\WINDOWS\SYSTEM32\D3DX9_37.dll
2008-03-05 20:56 1,420,824 ----a-w C:\WINDOWS\SYSTEM32\D3DCompiler_37.dll
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2008-02-06 04:07 462,864 ----a-w C:\WINDOWS\SYSTEM32\d3dx10_37.dll
2008-01-29 17:02 107,368 ----a-w C:\WINDOWS\SYSTEM32\GEARAspi.dll
2007-05-28 13:51 401,296 ----a-w C:\Documents and Settings\Rodney\setup.exe
2007-05-28 13:51 401,296 ----a-w C:\Documents and Settings\Rodney\DellSupport_En.exe
2006-10-03 00:19 69,816 ----a-w C:\Documents and Settings\Rodney\Application Data\GDIPFONTCACHEV1.DAT
2004-12-07 14:13 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-12-07 14:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-12-07 14:13 69,832 ----a-w C:\Program Files\DSETUP.dll
2004-12-07 14:13 479,432 ----a-w C:\Program Files\dxsetup.exe
2004-12-07 14:13 3,578,547 ----a-w C:\Program Files\ManagedDX.CAB
2004-12-07 14:13 2,249,416 ----a-w C:\Program Files\dsetup32.dll
2004-12-07 14:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-12-07 14:13 13,265,040 ----a-r C:\Program Files\dxnt.cab
2004-12-07 14:13 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-12-07 13:47 20,717 ----a-w C:\Program Files\DirectX SDK EULA.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE44CD5B-6C39-4495-8120-68E3E8B291AD}]
C:\WINDOWS\system32\awtRkIXn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-11-02 14:43 472632]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 20:01 68856]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"DellSupport-"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59 126976]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 19:47 204800]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-04-20 13:24 53248]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-12-05 22:08 50688]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-06-09 19:03:21 36953]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 05:33:46 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-04-22 00:30 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayxwtSi]
yayxwtSi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\SYSTEM32\\USMT\\migwiz.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\SYSTEM32\\java.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MySpeed PC\\msclientpe.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 13:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 13:35]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-10 03:15:40 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-27 08:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart.Rodney.Runs RegistrySmart to optimize your registry.
"2008-04-30 02:04:36 C:\WINDOWS\Tasks\User_Feed_Synchronization-{49F1735D-67E6-4491-A649-079D77F02D28}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 22:51:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-04-29 23:09:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-30 04:09:07

Pre-Run: 12,046,733,312 bytes free
Post-Run: 12,406,759,424 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

231 --- E O F --- 2008-04-09 02:22:49
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\Java\x.exe

SysRst::

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Also post a new HijackThis log
  • 0

#5
rodfree

rodfree

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
hello

Did as you instructed, combofix stalled after it showed the report log(did not touch). No icons returned, no clock, etc. Had to shut down and reboot. Advast icon not in system tray at all. Computer running very slowly now.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:49 PM, on 4/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {AE44CD5B-6C39-4495-8120-68E3E8B291AD} - C:\WINDOWS\system32\awtRkIXn.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupport-] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MS_Update.lnk = C:\Documents and Settings\Rodney\Local Settings\Temp\temp.frF13F\MS_Update.exe
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www.verizon.n...vzTCPConfig.CAB
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/...rp.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - http://connect.comca..... Controls.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1154924112015
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/...he.cab55579.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab55579.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...4.48/ttinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16B077D7-2574-4927-89C2-7D116C4E4710}: NameServer = 68.87.72.130,68.87.77.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{16B077D7-2574-4927-89C2-7D116C4E4710}: NameServer = 68.87.72.130,68.87.77.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{16B077D7-2574-4927-89C2-7D116C4E4710}: NameServer = 68.87.72.130,68.87.77.130
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: yayxwtSi - yayxwtSi.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 14183 bytes





ComboFix 08-04-29.3 - Rodney 2008-04-30 21:49:45.2 - NTFSx86
Running from: C:\Documents and Settings\Rodney\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rodney\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\Java\x.exe
.
The following files were disabled during the run:
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Java\x.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.

2008-04-27 21:20 . 2008-04-27 21:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-22 00:46 . 2008-04-22 00:46 <DIR> d-------- C:\Program Files\Panda Security
2008-04-21 22:16 . 2008-04-21 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-21 22:15 . 2008-04-22 00:30 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-21 22:15 . 2008-04-21 22:15 <DIR> d-------- C:\Documents and Settings\Rodney\Application Data\SUPERAntiSpyware.com
2008-04-21 22:13 . 2008-04-21 22:13 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-21 21:32 . 2008-04-21 21:32 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 21:32 . 2008-04-21 21:32 <DIR> d-------- C:\Documents and Settings\Rodney\Application Data\Malwarebytes
2008-04-21 21:32 . 2008-04-21 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-21 21:29 . 2008-04-21 21:29 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-15 15:47 . 2008-04-17 22:24 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-13 19:53 . 2008-04-29 23:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-13 19:53 . 2008-04-13 19:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-11 22:45 . 2004-06-09 19:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-11 22:45 . 2004-06-09 19:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-04-11 22:45 . 2004-06-09 19:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-04-11 22:45 . 2008-04-11 22:45 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-11 22:45 . 2008-04-29 22:39 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-11 20:04 . 2008-04-11 20:04 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-09 17:13 . 2008-04-15 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nazefcxe
2008-04-06 22:43 . 2008-04-06 22:43 <DIR> d-------- C:\Documents and Settings\Rodney\MySpeed PC
2008-04-03 17:38 . 2008-04-03 17:39 <DIR> d-------- C:\Program Files\iTunes
2008-04-03 17:35 . 2008-04-10 19:49 <DIR> d-------- C:\Program Files\QuickTime
2008-04-01 17:45 . 2008-04-01 17:47 <DIR> d--h----- C:\WINDOWS\msdownld.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 21:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-25 00:41 2,444 ----a-w C:\Documents and Settings\Rodney\Application Data\wklnhst.dat
2008-04-18 13:59 --------- d-----w C:\Program Files\The Weather Channel FW
2008-04-18 10:29 --------- d-----w C:\Program Files\Lavasoft
2008-04-05 01:45 --------- d-----w C:\Documents and Settings\Rodney\Application Data\OpenOffice.org2
2008-04-03 22:41 --------- d-----w C:\Documents and Settings\Rodney\Application Data\Apple Computer
2008-04-03 22:38 --------- d-----w C:\Program Files\iPod
2008-03-21 20:09 --------- d-----w C:\Documents and Settings\Rodney\Application Data\acccore
2008-03-21 20:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-03-21 20:08 --------- d-----w C:\Program Files\AIM6
2008-03-21 20:07 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-21 20:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-21 20:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-14 03:33 --------- d-----w C:\Program Files\Java
2008-03-11 00:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-11 00:08 --------- d-----w C:\Documents and Settings\Rodney\Application Data\Lavasoft
2007-05-28 13:51 401,296 ----a-w C:\Documents and Settings\Rodney\setup.exe
2007-05-28 13:51 401,296 ----a-w C:\Documents and Settings\Rodney\DellSupport_En.exe
2006-10-03 00:19 69,816 ----a-w C:\Documents and Settings\Rodney\Application Data\GDIPFONTCACHEV1.DAT
2004-12-07 14:13 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-12-07 14:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-12-07 14:13 69,832 ----a-w C:\Program Files\DSETUP.dll
2004-12-07 14:13 479,432 ----a-w C:\Program Files\dxsetup.exe
2004-12-07 14:13 3,578,547 ----a-w C:\Program Files\ManagedDX.CAB
2004-12-07 14:13 2,249,416 ----a-w C:\Program Files\dsetup32.dll
2004-12-07 14:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-12-07 14:13 13,265,040 ----a-r C:\Program Files\dxnt.cab
2004-12-07 14:13 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-12-07 13:47 20,717 ----a-w C:\Program Files\DirectX SDK EULA.txt
.

((((((((((((((((((((((((((((( [email protected]_23.07.58.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-30 03:49:34 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-04-30 04:48:32 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-04-30 04:48:40 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5d8.dat
.
((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dc663\Search.dll
2008-03-31 14:20 378368 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000133.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpEngine.dll
2007-03-09 11:25 2321288 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000232.dll
2007-03-09 11:25 2321288 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0004553.dll

C:\Documents and Settings\All Users\Application Data\nazefcxe\xsdsfspu.exe
2008-04-09 17:13 0 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0001287.exe

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18960B7F.exe
2006-12-31 16:22 822732 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0001288.exe

C:\Documents and Settings\Rodney\DesktopEditorFKWP1.5.exe
2008-04-09 17:14 4096 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0004783.exe

C:\Documents and Settings\Rodney\DesktopEditorFKWP2.0.exe
2008-04-09 17:14 4096 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0004784.exe

C:\Documents and Settings\Rodney\Desktopfilemanagerclient.exe
2008-04-09 17:14 4096 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0004785.exe

C:\Documents and Settings\Rodney\Desktopfkwp1.5.exe
2008-04-09 17:14 4096 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0004786.exe

C:\Documents and Settings\Rodney\Desktopfkwp2.0.exe
2008-04-09 17:14 4096 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0004787.exe

C:\Documents and Settings\Rodney\Desktopfwebd.exe
2008-04-09 17:14 4096 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0004788.exe

C:\Documents and Settings\Rodney\DesktopFWebdEditor.exe
2008-04-09 17:14 4096 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0004789.exe

C:\Documents and Settings\Rodney\DesktopTrojan.Win32.BlackBird.exe
2008-04-09 17:14 4096 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0004790.exe

C:\Documents and Settings\Rodney\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe
2008-04-09 17:14 4096 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0004729.exe

C:\Documents and Settings\Rodney\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe
2008-04-09 17:14 4096 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0004730.exe

C:\Documents and Settings\Rodney\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe
2008-04-09 17:14 4096 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0004731.exe

C:\Documents and Settings\Rodney\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe
2008-04-09 17:14 4096 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0004732.exe

C:\Documents and Settings\Rodney\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe
2008-04-09 17:14 4096 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0004733.exe

2008-04-18 04:15 500640 C:\Documents and Settings\Rodney\Local Settings\Application Data\Microsoft\Windows Live OneCare safety scanner\BackUp\WLSC_Backup_2008_04_18_04_14_38.reg
2008-04-18 04:14 76 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0003425.reg

C:\Documents and Settings\Rodney\Local Settings\Application Data\The Weather Channel\Framework\temp\TWCDWSetup.exe
2008-03-10 20:03 234284 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0004550.exe

C:\Program Files\akl\akl.dll
2008-04-09 17:14 4096 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0004724.dll

C:\Program Files\akl\akl.exe
2008-04-09 17:14 4096 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0004725.exe

C:\Program Files\akl\uninstall.exe
2008-04-09 17:14 4096 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0004726.exe

C:\Program Files\akl\unsetup.exe
2008-04-09 17:14 4096 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0004727.exe

2008-04-29 23:48 173432 C:\Program Files\Alwil Software\Avast4\DATA\aswar0.dll
2008-04-13 11:12 169336 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000008.dll
2008-04-21 16:56 169336 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0004686.dll

2008-04-29 23:48 391216 C:\Program Files\Alwil Software\Avast4\DATA\clnr0.dll
2008-04-13 11:12 391216 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000009.dll
2008-04-21 16:56 391216 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0004684.dll

2008-04-29 23:48 9080 C:\Program Files\Alwil Software\Avast4\DATA\exts0.dll
2008-04-13 11:12 9080 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000010.dll
2008-04-21 16:56 9080 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0004685.dll

C:\Program Files\Common Files\Symantec Shared\AdBlocking\ADTRASH.EXE
2004-01-14 19:03 218232 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005465.EXE

C:\Program Files\Common Files\Symantec Shared\AdBlocking\FREADBLK.DLL
2004-01-14 19:04 144512 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005464.DLL

C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
2003-11-21 16:04 126976 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005463.dll

C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
2003-11-21 16:04 169144 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005462.exe

C:\Program Files\Common Files\Symantec Shared\AdBlocking\PXYLOG.DLL
2004-01-14 19:03 287872 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005461.DLL

C:\Program Files\Common Files\Symantec Shared\AdBlocking\SYMAD.DLL
2004-01-14 19:04 304264 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005460.DLL

C:\Program Files\Common Files\Symantec Shared\AdBlocking\SYMWBOPT.DLL
2004-01-14 19:04 169088 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005459.DLL

C:\Program Files\Common Files\Symantec Shared\Antispam\ASENGBAY.DLL
2004-09-26 10:20 156832 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005321.DLL

C:\Program Files\Common Files\Symantec Shared\Antispam\ASENGBWL.DLL
2004-09-26 10:20 62624 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005322.DLL

C:\Program Files\Common Files\Symantec Shared\Antispam\ASENGUR.DLL
2004-09-26 10:20 78992 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005323.DLL

C:\Program Files\Common Files\Symantec Shared\Antispam\ASFILTER.DLL
2004-09-26 10:20 210056 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005324.DLL

C:\Program Files\Common Files\Symantec Shared\Antispam\ASLOADER.DLL
2004-09-26 10:20 70784 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005325.DLL

C:\Program Files\Common Files\Symantec Shared\Antispam\ASLOGHLP.DLL
2004-09-26 10:20 83088 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005326.DLL

C:\Program Files\Common Files\Symantec Shared\Antispam\ASLUCBK.DLL
2004-09-26 10:20 107688 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005327.DLL

C:\Program Files\Common Files\Symantec Shared\Antispam\asOEHook.dll
2004-12-02 15:49 198256 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005481.dll

C:\Program Files\Common Files\Symantec Shared\Antispam\ASOELNCH.EXE
2004-09-26 10:20 38528 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005328.EXE

C:\Program Files\Common Files\Symantec Shared\Antispam\ASSPMEVT.DLL
2004-09-26 10:20 160912 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005329.DLL

C:\Program Files\Common Files\Symantec Shared\Antispam\ASSPMLOG.DLL
2004-09-26 10:20 140416 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005330.DLL

C:\Program Files\Common Files\Symantec Shared\Antispam\ASUNIPLG.DLL
2004-09-26 10:20 103568 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005331.DLL

C:\Program Files\Common Files\Symantec Shared\Antispam\EUDOHELP.EXE
2004-09-26 10:13 81920 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005332.EXE

C:\Program Files\Common Files\Symantec Shared\Antispam\EUDOPLUG.DLL
2004-09-26 10:20 111752 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005333.DLL

C:\Program Files\Common Files\Symantec Shared\Antispam\FRESPAM.DLL
2004-09-26 10:20 222336 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005334.DLL

C:\Program Files\Common Files\Symantec Shared\Antispam\MsouPlug.dll
2005-07-27 18:24 243352 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005335.dll

C:\Program Files\Common Files\Symantec Shared\Antispam\RULEWIZ.EXE
2004-09-26 10:21 78984 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005336.EXE

C:\Program Files\Common Files\Symantec Shared\Antispam\SYMSPAM.DLL
2004-09-26 10:21 738432 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005337.DLL

C:\Program Files\Common Files\Symantec Shared\CCALERT.DLL
2006-11-21 18:36 222824 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005458.DLL

C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
2006-11-21 18:38 52840 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005457.EXE

C:\Program Files\Common Files\Symantec Shared\CCDEC.DLL
2006-11-21 18:37 67176 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005456.DLL

C:\Program Files\Common Files\Symantec Shared\CCEMLPXY.DLL
2006-11-21 18:37 259688 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005455.DLL

C:\Program Files\Common Files\Symantec Shared\CCERRDSP.DLL
2006-11-21 18:37 99944 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005454.DLL

C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
2006-11-21 18:38 192104 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005453.EXE

C:\Program Files\Common Files\Symantec Shared\CCINST.DLL
2006-11-21 18:37 50792 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005452.DLL

C:\Program Files\Common Files\Symantec Shared\CCL30.DLL
2005-03-23 15:34 241264 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005451.DLL

C:\Program Files\Common Files\Symantec Shared\CCL40.DLL
2006-11-21 18:47 377960 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005484.DLL

C:\Program Files\Common Files\Symantec Shared\CCLGVIEW.EXE
2006-11-21 18:38 255592 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005450.EXE

C:\Program Files\Common Files\Symantec Shared\CCLOGIN.DLL
2006-11-21 18:37 112232 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005449.DLL

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
2006-01-29 21:28 270968 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005351.dll

2008-04-27 15:30 312126 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
2008-04-13 11:15 312126 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000005.dll
2008-04-21 17:57 312126 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0004683.dll

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
2006-01-29 21:28 1119888 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005352.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlctnk.dll
2006-01-29 21:28 411256 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005353.dll

C:\Program Files\Common Files\Symantec Shared\CCPROD.DLL
2006-11-21 18:37 42600 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005448.DLL

C:\Program Files\Common Files\Symantec Shared\CCPROSUB.DLL
2006-11-21 18:37 67176 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005447.DLL

C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
2005-02-28 16:56 218736 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005446.EXE

C:\Program Files\Common Files\Symantec Shared\CCPWD.DLL
2005-03-23 15:34 132720 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005445.DLL

C:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE
2005-03-23 15:34 79472 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005444.EXE

C:\Program Files\Common Files\Symantec Shared\CCPXYEVT.DLL
2005-02-28 16:56 292464 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005443.DLL

C:\Program Files\Common Files\Symantec Shared\CCSCAN.DLL
2006-11-21 18:37 211048 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005442.DLL

C:\Program Files\Common Files\Symantec Shared\CCSET.DLL
2006-11-21 18:37 91752 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005483.DLL

C:\Program Files\Common Files\Symantec Shared\CCSETEVT.DLL
2006-11-21 18:37 87656 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005441.DLL

C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
2006-11-21 18:38 169576 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005440.EXE

C:\Program Files\Common Files\Symantec Shared\CCVRTRST.DLL
2006-11-21 18:37 99944 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005482.DLL

C:\Program Files\Common Files\Symantec Shared\ccWebWnd.dll
2006-11-21 18:37 247400 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005439.dll

C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe
2003-11-21 16:04 124096 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005438.exe

C:\Program Files\Common Files\Symantec Shared\Decomposers\DEC2.DLL
2006-11-15 16:13 91800 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005436.DLL

C:\Program Files\Common Files\Symantec Shared\Decomposers\DEC2AMG.DLL
2006-11-15 16:13 120472 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005435.DLL

C:\Program Files\Common Files\Symantec Shared\Decomposers\DEC2ARJ.DLL
2006-11-15 16:13 67224 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005434.DLL

C:\Program Files\Common Files\Symantec Shared\Decomposers\DEC2CAB.DLL
2006-11-15 16:13 83608 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005433.DLL

C:\Program Files\Common Files\Symantec Shared\Decomposers\DEC2EXE.DLL
2003-11-10 14:18 98304 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005432.DLL

C:\Program Files\Common Files\Symantec Shared\Decomposers\DEC2GZIP.DLL
2006-11-15 16:13 104088 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005431.DLL

C:\Program Files\Common Files\Symantec Shared\Decomposers\DEC2ID.DLL
2006-11-15 16:13 59032 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005430.DLL

C:\Program Files\Common Files\Symantec Shared\Decomposers\DEC2LHA.DLL
2006-11-15 16:13 95896 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005429.DLL

C:\Program Files\Common Files\Symantec Shared\Decomposers\DEC2LZ.DLL
2006-11-15 16:13 63128 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005428.DLL

C:\Program Files\Common Files\Symantec Shared\Decomposers\DEC2MIME.DLL
2003-11-10 14:18 118784 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005427.DLL

C:\Program Files\Common Files\Symantec Shared\Decomposers\DEC2RAR.DLL
2006-11-15 16:13 145048 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005426.DLL

C:\Program Files\Common Files\Symantec Shared\Decomposers\DEC2RTF.DLL
2006-11-15 16:14 83608 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005425.DLL

C:\Program Files\Common Files\Symantec Shared\Decomposers\DEC2SS.DLL
2006-11-15 16:14 95896 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005424.DLL

C:\Program Files\Common Files\Symantec Shared\Decomposers\DEC2TAR.DLL
2006-11-15 16:14 67224 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005423.DLL

C:\Program Files\Common Files\Symantec Shared\Decomposers\DEC2TEXT.DLL
2006-11-15 16:14 247448 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005422.DLL

C:\Program Files\Common Files\Symantec Shared\Decomposers\DEC2TNEF.DLL
2006-11-15 16:14 91800 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005421.DLL

C:\Program Files\Common Files\Symantec Shared\Decomposers\DEC2ZIP.DLL
2006-11-15 16:14 210584 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005420.DLL

C:\Program Files\Common Files\Symantec Shared\Decomposers\DECSDK.DLL
2006-11-15 16:14 59032 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005419.DLL

C:\Program Files\Common Files\Symantec Shared\DEFUTDCD.DLL
2005-09-02 20:55 628312 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005418.DLL

C:\Program Files\Common Files\Symantec Shared\DPHTML.DLL
2005-02-28 16:56 128624 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005417.DLL

C:\Program Files\Common Files\Symantec Shared\DPHTTP.DLL
2005-02-28 16:56 42608 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005416.DLL

C:\Program Files\Common Files\Symantec Shared\DPJS.DLL
2005-02-28 16:56 54896 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005415.DLL

C:\Program Files\Common Files\Symantec Shared\DPVBS.DLL
2005-02-28 16:56 54896 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005414.DLL

C:\Program Files\Common Files\Symantec Shared\drWebWnd.dll
2003-11-21 16:04 185536 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005413.dll

C:\Program Files\Common Files\Symantec Shared\ECMLDR32.DLL
2005-12-27 15:33 54904 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005412.DLL

C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2006-12-13 04:00 387384 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005319.sys

C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2006-12-13 04:00 102712 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005320.sys

C:\Program Files\Common Files\Symantec Shared\Help\basics.dll
2003-11-21 16:04 8192 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005300.dll

C:\Program Files\Common Files\Symantec Shared\Help\disable.dll
2005-09-12 15:17 9728 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005301.dll

C:\Program Files\Common Files\Symantec Shared\Help\edisk.dll
2003-11-21 16:04 8192 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005302.dll

C:\Program Files\Common Files\Symantec Shared\Help\emerg.dll
2005-09-12 15:18 9728 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005303.dll

C:\Program Files\Common Files\Symantec Shared\Help\faq.dll
2005-09-12 15:18 9728 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005304.dll

C:\Program Files\Common Files\Symantec Shared\Help\feat_sum.dll
2005-09-12 15:18 9728 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005305.dll

C:\Program Files\Common Files\Symantec Shared\Help\getstart.dll
2003-11-21 16:04 8192 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005306.dll

C:\Program Files\Common Files\Symantec Shared\Help\LU_001.dll
2005-09-12 15:17 9728 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005307.dll

C:\Program Files\Common Files\Symantec Shared\Help\LU_002.dll
2005-09-12 15:17 9728 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005308.dll

C:\Program Files\Common Files\Symantec Shared\Help\LU_005.dll
2005-09-12 15:17 9728 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005309.dll

C:\Program Files\Common Files\Symantec Shared\Help\LU_006.dll
2005-09-12 15:17 9728 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005310.dll

C:\Program Files\Common Files\Symantec Shared\Help\LU_PC.dll
2005-09-12 15:18 9728 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005311.dll

C:\Program Files\Common Files\Symantec Shared\Help\LU_Sub.dll
2005-09-12 15:18 9728 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005312.dll

C:\Program Files\Common Files\Symantec Shared\Help\monitor.dll
2005-09-12 15:18 9728 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005313.dll

C:\Program Files\Common Files\Symantec Shared\Help\NAV_001.dll
2005-09-12 15:17 9728 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005314.dll

C:\Program Files\Common Files\Symantec Shared\Help\options.dll
2005-09-12 15:18 9728 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005315.dll

C:\Program Files\Common Files\Symantec Shared\Help\Supt_CPD.dll
2005-09-12 15:18 9728 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005316.dll

C:\Program Files\Common Files\Symantec Shared\Help\symhelp.dll
2005-09-12 15:18 9728 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005317.dll

C:\Program Files\Common Files\Symantec Shared\Help\unin.dll
2005-09-12 15:18 9728 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005318.dll

C:\Program Files\Common Files\Symantec Shared\IDS\DefUTDCD.dll
2006-02-19 22:21 759504 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005295.dll

C:\Program Files\Common Files\Symantec Shared\IDS\IDSAux.dll
2006-02-19 22:21 190192 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005296.dll

C:\Program Files\Common Files\Symantec Shared\IDS\IdsInst.exe
2006-02-15 18:26 1304312 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005297.exe

C:\Program Files\Common Files\Symantec Shared\IDS\Patch25.dll
2006-02-19 22:21 91232 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005298.dll

C:\Program Files\Common Files\Symantec Shared\IDS\SymIDSLU.dll
2006-02-19 22:21 59048 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005299.dll

C:\Program Files\Common Files\Symantec Shared\IDSDefs\IDSCoLU.exe
2004-07-01 23:23 214240 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005291.exe

C:\Program Files\Common Files\Symantec Shared\IDSDefs\IDSLU.exe
2004-06-29 16:53 197856 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005292.exe

C:\Program Files\Common Files\Symantec Shared\IDSDefs\SymIDSCo.sys
2004-07-01 23:23 170208 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005293.sys

C:\Program Files\Common Files\Symantec Shared\IraLsClt.dll
2004-08-21 10:59 99464 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005411.dll

C:\Program Files\Common Files\Symantec Shared\LiveReg\iraDefA2.dll
2004-08-21 10:59 58504 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005278.dll

C:\Program Files\Common Files\Symantec Shared\LiveReg\IraLrShl.exe
2004-08-21 10:59 132232 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005279.exe

C:\Program Files\Common Files\Symantec Shared\LiveReg\iraLSCl2.dll
2004-08-21 10:59 173192 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005280.dll

C:\Program Files\Common Files\Symantec Shared\LiveReg\iraLSUI.dll
2004-08-21 10:59 259208 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005281.dll

C:\Program Files\Common Files\Symantec Shared\LiveReg\IraVcLc3.dll
2004-08-21 10:59 201864 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005282.dll

C:\Program Files\Common Files\Symantec Shared\LiveReg\IraVcObj.dll
2004-08-21 10:59 177288 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005283.dll

C:\Program Files\Common Files\Symantec Shared\LiveReg\LRCtrl.dll
2004-08-21 10:59 152712 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005284.dll

C:\Program Files\Common Files\Symantec Shared\LiveReg\LRRes.dll
2004-08-21 10:59 156808 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005285.dll

C:\Program Files\Common Files\Symantec Shared\LiveReg\LSCtrl.dll
2004-08-21 10:59 111752 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005286.dll

C:\Program Files\Common Files\Symantec Shared\LiveReg\LSPlugin.dll
2004-08-21 10:59 99464 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005287.dll

C:\Program Files\Common Files\Symantec Shared\LiveReg\symcsub.exe
2004-08-21 10:59 87176 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005288.exe

C:\Program Files\Common Files\Symantec Shared\LiveReg\VCCLNUP.EXE
2004-08-21 10:59 87176 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005289.EXE

C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe
2004-08-21 10:59 128136 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005290.exe

C:\Program Files\Common Files\Symantec Shared\NMain.exe
2005-09-17 02:27 824944 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005410.exe

C:\Program Files\Common Files\Symantec Shared\PEPUtilities\PEPUT001.dll
2005-09-23 06:21 108176 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005409.dll

C:\Program Files\Common Files\Symantec Shared\PFADBLK.DLL
2003-11-10 13:31 95392 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005408.DLL

C:\Program Files\Common Files\Symantec Shared\PFMisc.dll
2003-11-21 16:04 34976 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005407.dll

C:\Program Files\Common Files\Symantec Shared\PFPriv.dll
2003-11-21 16:04 99488 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005406.dll

C:\Program Files\Common Files\Symantec Shared\PFRes.dll
2003-11-21 16:04 28320 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005405.dll

C:\Program Files\Common Files\Symantec Shared\PFSec.dll
2003-11-21 16:04 50336 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005404.dll

C:\Program Files\Common Files\Symantec Shared\PXYHTTP.DLL
2005-02-28 16:56 71280 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005403.DLL

C:\Program Files\Common Files\Symantec Shared\PxyIM.dll
2003-11-21 16:04 21664 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005402.dll

C:\Program Files\Common Files\Symantec Shared\PXYNNTP.DLL
2003-12-08 16:19 36984 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005401.DLL

C:\Program Files\Common Files\Symantec Shared\RCALERT.DLL
2006-11-21 18:39 67176 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005400.DLL

C:\Program Files\Common Files\Symantec Shared\RCAPP.DLL
2006-11-21 18:38 9320 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005399.DLL

C:\Program Files\Common Files\Symantec Shared\RCEMLPXY.DLL
2006-11-21 18:39 13928 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005398.DLL

C:\Program Files\Common Files\Symantec Shared\RCERRDSP.DLL
2006-11-21 18:39 24168 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005397.DLL

C:\Program Files\Common Files\Symantec Shared\RCEVTMGR.DLL
2006-11-21 18:39 9320 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005396.DLL

C:\Program Files\Common Files\Symantec Shared\RCLGVIEW.DLL
2006-11-21 18:39 15976 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005395.DLL

C:\Program Files\Common Files\Symantec Shared\rcNMAIN.dll
2005-09-17 02:27 39536 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005394.dll

C:\Program Files\Common Files\Symantec Shared\RCSETMGR.DLL
2006-11-21 18:39 9832 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005393.DLL

C:\Program Files\Common Files\Symantec Shared\Security Center\sscnav.dll
2004-11-02 17:59 185472 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005392.dll

C:\Program Files\Common Files\Symantec Shared\Security Center\sscnis56.dll
2004-11-02 17:59 189568 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005391.dll

C:\Program Files\Common Files\Symantec Shared\Security Center\sscnis7.dll
2004-11-02 17:59 214144 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005390.dll

C:\Program Files\Common Files\Symantec Shared\Security Center\SYMSCUI.EXE
2006-12-15 14:36 68784 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005389.EXE

C:\Program Files\Common Files\Symantec Shared\Security Center\symscwb.dll
2004-11-02 17:59 279680 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005388.dll

C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe
2004-11-02 17:59 316544 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005387.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\symwscno.exe
2004-11-02 17:59 296064 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005386.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\usrprmpt.exe
2004-11-02 17:59 218240 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005385.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\wschlpr.dll
2004-11-02 17:59 136320 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005384.dll

C:\Program Files\Common Files\Symantec Shared\Security Console\NSC_HLPR.DLL
2006-12-15 14:36 79488 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005383.DLL

C:\Program Files\Common Files\Symantec Shared\Security Console\NSC_WSCR.DLL
2006-12-15 14:36 312960 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005382.DLL

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCAPI.DLL
2006-12-15 14:36 112256 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005381.DLL

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCCOMPN.DLL
2006-12-15 14:36 190080 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005380.DLL

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCDRM.DLL
2006-12-15 14:36 145024 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005379.DLL

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCEXT.DLL
2006-12-15 14:36 386688 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005378.DLL

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCJSBL.DLL
2006-12-15 14:36 128640 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005377.DLL

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCNPLUG.DLL
2006-12-15 14:36 165504 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005376.DLL

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
2006-12-15 14:36 750720 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005375.EXE

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVPS.DLL
2006-12-15 14:36 30848 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005374.DLL

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCTRAY.DLL
2006-12-15 14:36 210560 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005373.DLL

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCUIBL.DLL
2006-12-15 14:36 448128 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005372.DLL

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCUICOR.DLL
2006-12-15 14:36 689792 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005371.DLL

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCUIDAT.DLL
2006-12-15 14:36 9856 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005370.DLL

C:\Program Files\Common Files\Symantec Shared\SEVINST.EXE
2006-12-20 18:38 407256 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005369.EXE

C:\Program Files\Common Files\Symantec Shared\SLTCHK01.dll
2005-09-23 06:21 177808 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005368.dll

C:\Program Files\Common Files\Symantec Shared\SMNLnch.exe
2005-09-01 19:55 54928 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005367.exe

C:\Program Files\Common Files\Symantec Shared\SNDInst.exe
2006-08-07 17:02 38080 {B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0005366.exe

C:\Program
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {AE44CD5B-6C39-4495-8120-68E3E8B291AD} - C:\WINDOWS\system32\awtRkIXn.dll (file missing)
O20 - Winlogon Notify: yayxwtSi - yayxwtSi.dll (file missing)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Dc663\Search.dll

Folder::
C:\Documents and Settings\All Users\Application Data\nazefcxe
C:\Documents and Settings\Rodney\Desktopvirii
C:\Program Files\akl

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Reboot and post a new HijackThis log and tell me how your PC is running
  • 0

#7
rodfree

rodfree

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hello

computer is running much better now. Here is post that you requested:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:26 PM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupport-] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MS_Update.lnk = C:\Documents and Settings\Rodney\Local Settings\Temp\temp.frF13F\MS_Update.exe
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www.verizon.n...vzTCPConfig.CAB
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/...rp.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - http://connect.comca..... Controls.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1154924112015
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/...he.cab55579.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab55579.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...4.48/ttinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16B077D7-2574-4927-89C2-7D116C4E4710}: NameServer = 68.87.72.130,68.87.77.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{16B077D7-2574-4927-89C2-7D116C4E4710}: NameServer = 68.87.72.130,68.87.77.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{16B077D7-2574-4927-89C2-7D116C4E4710}: NameServer = 68.87.72.130,68.87.77.130
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13639 bytes





Here is combofix also:




ComboFix 08-04-29.3 - Rodney 2008-05-01 20:07:33.3 - NTFSx86
Running from: C:\Documents and Settings\Rodney\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rodney\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Dc663\Search.dll
.
The following files were disabled during the run:
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\nazefcxe

.
((((((((((((((((((((((((( Files Created from 2008-04-02 to 2008-05-02 )))))))))))))))))))))))))))))))
.

2008-04-27 21:20 . 2008-04-27 21:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-22 00:46 . 2008-04-22 00:46 <DIR> d-------- C:\Program Files\Panda Security
2008-04-21 22:16 . 2008-04-21 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-21 22:15 . 2008-04-22 00:30 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-21 22:15 . 2008-04-21 22:15 <DIR> d-------- C:\Documents and Settings\Rodney\Application Data\SUPERAntiSpyware.com
2008-04-21 22:13 . 2008-04-21 22:13 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-21 21:32 . 2008-04-21 21:32 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 21:32 . 2008-04-21 21:32 <DIR> d-------- C:\Documents and Settings\Rodney\Application Data\Malwarebytes
2008-04-21 21:32 . 2008-04-21 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-21 21:29 . 2008-04-21 21:29 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-15 15:47 . 2008-04-17 22:24 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-13 19:53 . 2008-04-30 23:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-13 19:53 . 2008-04-13 19:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-11 22:45 . 2004-06-09 19:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-11 22:45 . 2004-06-09 19:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-04-11 22:45 . 2004-06-09 19:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-04-11 22:45 . 2008-04-11 22:45 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-11 22:45 . 2008-04-29 22:39 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-11 20:04 . 2008-04-11 20:04 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-06 22:43 . 2008-04-06 22:43 <DIR> d-------- C:\Documents and Settings\Rodney\MySpeed PC
2008-04-03 17:38 . 2008-04-03 17:39 <DIR> d-------- C:\Program Files\iTunes
2008-04-03 17:35 . 2008-04-10 19:49 <DIR> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 21:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-25 00:41 2,444 ----a-w C:\Documents and Settings\Rodney\Application Data\wklnhst.dat
2008-04-18 13:59 --------- d-----w C:\Program Files\The Weather Channel FW
2008-04-18 10:29 --------- d-----w C:\Program Files\Lavasoft
2008-04-05 01:45 --------- d-----w C:\Documents and Settings\Rodney\Application Data\OpenOffice.org2
2008-04-03 22:41 --------- d-----w C:\Documents and Settings\Rodney\Application Data\Apple Computer
2008-04-03 22:38 --------- d-----w C:\Program Files\iPod
2008-03-21 20:09 --------- d-----w C:\Documents and Settings\Rodney\Application Data\acccore
2008-03-21 20:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-03-21 20:08 --------- d-----w C:\Program Files\AIM6
2008-03-21 20:07 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-21 20:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-21 20:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-14 03:33 --------- d-----w C:\Program Files\Java
2008-03-11 00:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-11 00:08 --------- d-----w C:\Documents and Settings\Rodney\Application Data\Lavasoft
2007-05-28 13:51 401,296 ----a-w C:\Documents and Settings\Rodney\setup.exe
2007-05-28 13:51 401,296 ----a-w C:\Documents and Settings\Rodney\DellSupport_En.exe
2006-10-03 00:19 69,816 ----a-w C:\Documents and Settings\Rodney\Application Data\GDIPFONTCACHEV1.DAT
2004-12-07 14:13 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-12-07 14:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-12-07 14:13 69,832 ----a-w C:\Program Files\DSETUP.dll
2004-12-07 14:13 479,432 ----a-w C:\Program Files\dxsetup.exe
2004-12-07 14:13 3,578,547 ----a-w C:\Program Files\ManagedDX.CAB
2004-12-07 14:13 2,249,416 ----a-w C:\Program Files\dsetup32.dll
2004-12-07 14:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-12-07 14:13 13,265,040 ----a-r C:\Program Files\dxnt.cab
2004-12-07 14:13 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-12-07 13:47 20,717 ----a-w C:\Program Files\DirectX SDK EULA.txt
.

((((((((((((((((((((((((((((( [email protected]_23.07.58.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-30 03:49:34 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-01 04:00:06 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-01 04:00:16 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5dc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-11-02 14:43 472632]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 20:01 68856]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"DellSupport-"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59 126976]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 19:47 204800]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-04-20 13:24 53248]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-12-05 22:08 50688]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-06-09 19:03:21 36953]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 05:33:46 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-04-22 00:30 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\SYSTEM32\\USMT\\migwiz.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\SYSTEM32\\java.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MySpeed PC\\msclientpe.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 13:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 13:35]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-01 03:14:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-27 08:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart.Rodney.Runs RegistrySmart to optimize your registry.
"2008-05-01 02:45:35 C:\WINDOWS\Tasks\User_Feed_Synchronization-{49F1735D-67E6-4491-A649-079D77F02D28}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 20:14:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
Completion time: 2008-05-01 20:21:21
ComboFix-quarantined-files.txt 2008-05-02 01:21:12
ComboFix2.txt 2008-05-01 03:03:44
ComboFix3.txt 2008-04-30 04:09:50

Pre-Run: 12,393,025,536 bytes free
Post-Run: 12,395,528,192 bytes free

185 --- E O F --- 2008-04-09 02:22:49


Advast icon still missing in system tray. Will attempt to restore. Will note any changes in system in my next post.
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
You may need to reinstall it

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#9
rodfree

rodfree

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hello

You were right, I had to reinstall the icon. I went to Advast FAQ and found the soultion to my problem. So far the icon has been fine. They suggested a few options if it disappears again or after a bootup. I had a copy of Malwarebytes still on the machine from my original scan(do this before you post a Hijack this log). I will uninstall this copy and download a "fresh" copy if you feel that I should. If not, here is the log:




Malwarebytes' Anti-Malware 1.11
Database version: 711

Scan type: Full Scan (C:\|)
Objects scanned: 136208
Time elapsed: 1 hour(s), 17 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image


You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#11
rodfree

rodfree

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
hello

I have done the things that you suggested, and will seriously consider the options that you mentioned. Hijack this remains in my add/remove programs list, but is uninstalled. Java is updated, spywareblaster installed on machine, etc. Will montior machine for next few days, but this may be last post on this subject. You have been execptional and professional in the handling of my problem. Thank you.
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP