Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Warning! Spyware detected....But is it worse than it seems? [RESOL

Started by Magicman12 , Jul 07 2008 10:24 PM

  • This topic is locked This topic is locked

#1
Magicman12
Posted 07 July 2008 - 10:24 PM

Magicman12

    Member

  • Member
  • PipPip
  • 16 posts
Hi, I would like help as soon as possible. Thank you very much!

Warning Spyware Detected on your computer!
Install an antivirus or spyware remover to clean your computer.

This is displayed in blue and yellow on blue.

I currently have Norton, and I have been informed several trojans have been blocked.
However, I also have received two messages telling me my system is in danger and Windows needs to shut down.
Whether good or bad, the second time was overrided.

Please help!

My log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:17:19, on 7/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\lphc7k3j0eab3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\AIM6\aim6.exe
C:\Documents and Settings\Jason\Application Data\Microsoft\dtsc\31673.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Documents and Settings\Jason\Application Data\Microsoft\dtsc\31673.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080502
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [lphc7k3j0eab3] C:\WINDOWS\system32\lphc7k3j0eab3.exe
O4 - HKLM\..\Run: [SMrhc3k3j0eab3] C:\Program Files\rhc3k3j0eab3\rhc3k3j0eab3.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Jason\Application Data\Microsoft\dtsc\31673.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O21 - SSODL: DscWinEn - {0D6AB5BA-99E4-CA97-7C07-0928C9E8EBB3} - C:\Program Files\vcchjbd\DscWinEn.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WinSock Extention Manager - Unknown owner - C:\WINDOWS\system32\mdmcls32.exe

--
End of file - 9563 bytes
  • 0

Advertisements

#2
fenzodahl512
Posted 08 July 2008 - 02:40 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following....


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator



Regards
fenzodahl512
  • 0

#3
Magicman12
Posted 08 July 2008 - 09:05 AM

Magicman12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Um I ran combofix last night, as I thought it was the proper move, and the background issue vanished.

But if it wasn't....here's the logs.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU E4600 @ 2.40GHz
CPU 1: Intel® Core™2 Duo CPU E4600 @ 2.40GHz
Percentage of Memory in Use: 23%
Physical Memory (total/avail): 3061.1 MiB / 2339.73 MiB
Pagefile Memory (total/avail): 4946.54 MiB / 4336.77 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.87 MiB

C: is Fixed (NTFS) - 462.4 GiB total, 438.8 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG HD501LJ - 465.76 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 462.4 GiB - C:
\PARTITION2 - Unknown - 3.3 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"="C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"="C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"="C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jason\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=STUDY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jason
LOGONSERVER=\\STUDY
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\AIM6;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jason\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jason\LOCALS~1\Temp
USERDOMAIN=STUDY
USERNAME=Jason
USERPROFILE=C:\Documents and Settings\Jason
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Don (admin)
Denise (admin)
Jason (admin)
Trevor (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> MsiExec.exe /I{0CDCA5CD-C404-41FD-9216-9B4B3D24A7AA}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Search --> C:\Program Files\AIM Search\uninstaller.exe AIM Search
AIM Toolbar 5.0 --> "C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
AntivirXP08 --> "C:\Program Files\rhc3k3j0eab3\uninstall.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Browser Address Error Redirector --> MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Combined Community Codec Pack 2008-01-24 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Dell DataSafe Online --> MsiExec.exe /I{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
Final Draft 7 --> MsiExec.exe /I{78D62D17-D970-42DA-B8CF-5E5576293B33}
Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
GoToAssist 8.0.0.514 --> C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 2200 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 2200 series --> MsiExec.exe /X{913DA816-E8E4-4467-8D22-E2DF5DBF04E4}
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PRO Network Connections Drivers --> Prounstl.exe
Internet Service Offers Launcher --> MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English) --> MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mozilla Firefox (2.0.0.15) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x9 -cluninstall
PureSight PC --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A05B328-35EB-4CED-B16F-62FA5A2642E6}\setup.exe" -l0x9 IfYouSeeThisAlowOnlyRemove -removeonly
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Roxio Creator Audio --> MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy --> MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data --> MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE --> C:\Documents and Settings\All Users\Application Data\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE --> MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools --> MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SearchAssist --> C:\DELL\SearchAssist\UninstSA.bat
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Sibelius 5 --> MsiExec.exe /X{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}
Sibelius Scorch (all browsers) --> MsiExec.exe /I{80F6A672-C39B-41CE-8AF5-A9C2FA8C2B72}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Office 2007 (KB932080) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type3182 / Warning
Event Submitted/Written: 07/08/2008 08:19:20 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type3181 / Warning
Event Submitted/Written: 07/08/2008 08:19:20 AM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type3176 / Warning
Event Submitted/Written: 07/08/2008 00:40:27 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type3172 / Warning
Event Submitted/Written: 07/08/2008 00:32:40 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type3171 / Warning
Event Submitted/Written: 07/08/2008 00:32:40 AM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type23085 / Error
Event Submitted/Written: 07/08/2008 00:33:09 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.

Event Record #/Type23037 / Error
Event Submitted/Written: 07/08/2008 00:14:02 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.

Event Record #/Type23007 / Error
Event Submitted/Written: 07/08/2008 00:12:07 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type23006 / Error
Event Submitted/Written: 07/08/2008 00:12:03 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type23005 / Error
Event Submitted/Written: 07/08/2008 00:11:54 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}



-- End of Deckard's System Scanner: finished at 2008-07-08 11:03:09 ------------

Deckard's System Scanner v20071014.68
Run by Jason on 2008-07-08 11:01:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-07-08 15:01:58 UTC - RP104 - Deckard's System Scanner Restore Point
3: 2008-07-08 04:28:58 UTC - RP103 - ComboFix created restore point
2: 2008-07-08 04:15:36 UTC - RP102 - Last good restore point
1: 2008-07-08 04:15:27 UTC - RP101 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jason.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:37, on 7/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\Documents and Settings\Jason\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jason.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080502
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-21-124808508-1810160618-3417183661-1009\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" (User 'Trevor')
O4 - HKUS\S-1-5-21-124808508-1810160618-3417183661-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Trevor')
O4 - HKUS\S-1-5-21-124808508-1810160618-3417183661-1009\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Trevor')
O4 - HKUS\S-1-5-21-124808508-1810160618-3417183661-1009\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'Trevor')
O4 - HKUS\S-1-5-21-124808508-1810160618-3417183661-1009\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15 (User 'Trevor')
O4 - S-1-5-21-124808508-1810160618-3417183661-1009 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Trevor')
O4 - S-1-5-21-124808508-1810160618-3417183661-1009 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Trevor')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O21 - SSODL: DscWinEn - {0D6AB5BA-99E4-CA97-7C07-0928C9E8EBB3} - C:\Program Files\vcchjbd\DscWinEn.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WinSock Extention Manager - Unknown owner - C:\WINDOWS\system32\mdmcls32.exe

--
End of file - 10457 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R2 WinSock Extention Manager - c:\windows\system32\mdmcls32.exe <Not Verified; ; ClassificationService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-07 00:51:00 386 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1210481462.job
2008-06-11 12:59:13 386 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1210525109.job
2008-05-10 23:23:42 346 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-05-10 23:23:41 348 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-06-08 and 2008-07-08 -----------------------------

2008-07-08 00:27:54 68096 --a------ C:\WINDOWS\zip.exe
2008-07-08 00:27:54 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-08 00:27:54 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-08 00:27:54 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-08 00:27:54 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-08 00:27:54 98816 --a------ C:\WINDOWS\sed.exe
2008-07-08 00:27:54 80412 --a------ C:\WINDOWS\grep.exe
2008-07-08 00:27:54 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-07 23:54:20 0 d-------- C:\Program Files\vcchjbd
2008-07-07 23:54:16 0 d-------- C:\Documents and Settings\All Users\Application Data\dupivuro
2008-07-07 23:54:13 0 d-------- C:\Documents and Settings\Jason\Application Data\uTorrent
2008-07-07 23:54:06 0 d-------- C:\Program Files\uTorrent
2008-06-29 10:19:54 0 d-------- C:\Program Files\Lavasoft
2008-06-29 10:19:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-29 10:17:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-29 09:53:45 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-29 09:53:45 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-29 09:53:45 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-29 09:53:45 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-29 09:53:45 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-29 09:53:45 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-29 09:53:45 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-29 09:53:45 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-29 09:53:45 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-29 09:53:45 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-29 09:53:45 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-29 09:53:45 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-29 09:53:45 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-29 09:53:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-06-29 09:53:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-29 09:53:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-06-29 09:53:44 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-28 11:01:04 0 d-------- C:\Program Files\Combined Community Codec Pack
2008-06-24 12:45:51 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-24 09:51:10 3706 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-24 09:49:27 0 d-------- C:\Documents and Settings\Jason\SmitfraudFix
2008-06-23 19:46:34 0 d-------- C:\Documents and Settings\Don\Application Data\Real
2008-06-23 16:57:01 0 d-------- C:\Documents and Settings\Denise\Application Data\Real
2008-06-23 15:27:35 0 d-------- C:\Documents and Settings\Trevor\Application Data\Real
2008-06-23 14:26:23 62910 --a------ C:\Program Files\Uninstall.exe <Not Verified; $PROGRAMNAME; $PROGRAMNAME>
2008-06-23 14:26:23 0 --a------ C:\Program Files\uninstall.dat
2008-06-23 13:26:15 0 d-------- C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd
2008-06-22 23:14:51 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-22 23:14:34 0 d-------- C:\Program Files\Real
2008-06-22 23:14:31 0 d-------- C:\Program Files\Common Files\Real
2008-06-22 23:14:30 0 d-------- C:\Documents and Settings\Jason\Application Data\Real
2008-06-21 09:55:32 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-21 09:55:31 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-21 09:55:31 0 d-------- C:\Program Files\Xvid
2008-06-19 21:41:02 0 d-------- C:\Documents and Settings\Trevor\Application Data\Viewpoint
2008-06-15 22:15:11 0 d-------- C:\Documents and Settings\Jason\Application Data\Viewpoint
2008-06-09 21:18:17 0 d-------- C:\Documents and Settings\Jason\Application Data\Help
2008-06-08 20:49:34 0 d-------- C:\Documents and Settings\Denise\Application Data\Aim
2008-06-08 20:17:04 0 d-------- C:\Documents and Settings\Jason\Application Data\Apple Computer
2008-06-08 20:03:26 0 d-------- C:\Program Files\QuickTime
2008-06-08 20:03:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-08 20:03:14 0 d-------- C:\Program Files\Apple Software Update
2008-06-08 20:03:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-08 18:22:35 0 d-------- C:\Documents and Settings\Jason\Application Data\acccore
2008-06-08 14:35:58 0 d-------- C:\Program Files\DNA
2008-06-08 14:35:58 0 d-------- C:\Documents and Settings\Jason\Application Data\DNA
2008-06-08 13:23:47 0 d-------- C:\Program Files\AIM6
2008-06-08 13:22:54 0 d-------- C:\Documents and Settings\Trevor\Application Data\Aim


-- Find3M Report ---------------------------------------------------------------

2008-07-08 00:17:08 0 d-------- C:\Program Files\Trend Micro
2008-07-07 21:34:17 0 d-------- C:\Program Files\McAfee
2008-06-29 10:19:24 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-26 21:12:02 0 d-------- C:\Program Files\AIM
2008-06-26 09:04:35 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-22 23:14:51 0 d-------- C:\Program Files\Common Files
2008-06-15 23:05:08 5002 --a------ C:\Documents and Settings\Jason\Application Data\wklnhst.dat
2008-06-07 14:54:54 0 d-------- C:\Documents and Settings\Jason\Application Data\Aim
2008-06-07 14:54:49 0 d-------- C:\Program Files\AOD
2008-06-07 07:19:06 0 d-------- C:\Documents and Settings\Jason\Application Data\Adobe
2008-06-05 22:50:27 0 d-------- C:\Documents and Settings\Jason\Application Data\McAfee
2008-06-05 15:50:56 1294422 --a------ C:\WINDOWS\system32\winsflt.dll
2008-06-05 15:50:56 2064384 --a------ C:\WINDOWS\system32\win32cpr.dll
2008-06-05 15:48:24 0 d-------- C:\Program Files\PureSight Technologies Ltd
2008-06-05 15:47:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-05 15:16:40 0 d------c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-04 09:53:24 0 d-------- C:\Program Files\Microsoft Works
2008-05-28 15:01:42 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-26 16:07:57 0 d-------- C:\Program Files\SiteAdvisor
2008-05-25 22:21:06 0 d-------- C:\Documents and Settings\Jason\Application Data\SiteAdvisor
2008-05-23 21:36:19 0 d-------- C:\Documents and Settings\Jason\Application Data\Sun
2008-05-21 00:00:28 0 d-------- C:\Program Files\7-Zip
2008-05-18 10:52:21 0 d-------- C:\Program Files\AIM Search
2008-05-18 10:52:19 0 d-------- C:\Program Files\Viewpoint
2008-05-18 10:51:52 0 d-------- C:\Program Files\Common Files\AOL
2008-05-16 22:09:07 0 d-------- C:\Program Files\Sexual Predator Search
2008-05-15 21:24:25 0 d-------- C:\Program Files\Greetings Workshop
2008-05-15 18:10:19 0 d-------- C:\Program Files\Final Draft Tagger
2008-05-15 18:10:19 0 d-------- C:\Program Files\Final Draft 7
2008-05-14 15:11:31 669 --a------ C:\WINDOWS\mozver.dat
2008-05-12 18:25:36 0 d-------- C:\Documents and Settings\Jason\Application Data\Template
2008-05-12 06:58:55 0 d-------- C:\Program Files\Google
2008-05-11 20:22:53 604 --ah----- C:\WINDOWS\T4
2008-05-11 20:22:53 604 --ah----- C:\WINDOWS\system32\T3
2008-05-11 20:22:53 604 --ah----- C:\Program Files\STLL Notifier
2008-05-11 20:17:58 0 d-------- C:\Program Files\Sibelius Software
2008-05-11 18:11:15 0 d-------- C:\Documents and Settings\Jason\Application Data\Macromedia
2008-05-11 18:10:55 0 d-------- C:\Program Files\AWS
2008-05-11 18:02:41 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-11 18:02:39 0 d-------- C:\Documents and Settings\Jason\Application Data\Mozilla
2008-05-11 12:58:29 20454 --a------ C:\WINDOWS\hpoins01.dat
2008-05-11 12:58:23 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-11 02:00:05 0 d-------- C:\Program Files\Microsoft.NET
2008-05-11 01:51:36 0 d-------- C:\Program Files\McAfee.com
2008-05-11 00:21:15 0 d-------- C:\Program Files\Common Files\Hewlett-Packard


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
11/26/2007 10:46 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
03/25/2008 16:49 111968 --a------ C:\Program Files\AIM Search\AOLSearch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [07/16/2007 20:45]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [07/16/2007 20:45]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [07/16/2007 20:45]
"RTHDCPL"="RTHDCPL.EXE" [07/16/2007 20:48 C:\WINDOWS\RTHDCPL.EXE]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [09/17/2007 12:56]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [05/02/2008 02:29]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [03/11/2008 13:44]
"BuildBU"="c:\dell\bldbubg.exe" [02/19/2004 07:23]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [06/21/2007 16:06]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [11/30/2007 05:42]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 22:16]
"dvHighMem"="C:\WINDOWS\cfgmng32.exe" [10/15/2006 15:26]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 13:59]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 23:37]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/22/2008 23:14]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 19:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 10:37]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [06/08/2008 14:35]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/25/2008 16:21]

C:\Documents and Settings\Jason\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [4/6/2003 12:37:10 AM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/6/2003 1:06:58 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"DscWinEn"= {0D6AB5BA-99E4-CA97-7C07-0928C9E8EBB3} - C:\Program Files\vcchjbd\DscWinEn.dll [07/07/2008 23:54 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll 05/02/2008 02:32 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""




-- End of Deckard's System Scanner: finished at 2008-07-08 11:03:09 ------------

Here, thanks!
  • 0

#4
fenzodahl512
Posted 08 July 2008 - 09:34 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):

AntivirXP08




NEXT


Please show hidden files and folders. Please visit HERE if you don't know how.

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\WINDOWS\system32\mdmcls32.exe
      C:\Program Files\vcchjbd\DscWinEn.dll
      C:\WINDOWS\cfgmng32.exe
      C:\WINDOWS\T4
      C:\WINDOWS\system32\T3
      C:\Program Files\STLL Notifier
  • Click on the submit button
  • Please post the results in your next reply.
If Jotti server is too busy, please submit the file to VirusTotal instead.




Please post the Jotti/VirusTotal logs (All 6 of them) in your next reply..

Edited by fenzodahl512, 08 July 2008 - 09:35 AM.

  • 0

#5
Magicman12
Posted 08 July 2008 - 10:51 PM

Magicman12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
It says AntivirXP08 has already been removed.
My files were already showing hidden, but i changed the operating system part.

Here's the results:

C:\WINDOWS\system32\mdmcls32.exe
Found Nothing

C:\Program Files\vcchjbd\DscWinEn.dll
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found Mal/EncPk-DG
VirusBuster
Found nothing
VBA32
Found nothing

C:\Program Files\vcchjbd\DscWinEn.dll
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found Mal/EncPk-DG
VirusBuster
Found nothing
VBA32
Found nothing

C:\WINDOWS\T4
Found Nothing

C:\WINDOWS\system32\T3
Found Nothing

C:\Program Files\STLL Notifier
Found Nothing


I shorted the logs that found nothing for every antivirus program.

Thanks!
  • 0

#6
fenzodahl512
Posted 08 July 2008 - 11:03 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please delete this folder manually C:\Program Files\vcchjbd



Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




Please include a fresh DSS log (after Malwarebytes' step) in your next reply.. Tell me about your computer behaviour..


Regards
fenzodahl512
  • 0

#7
Magicman12
Posted 09 July 2008 - 08:33 AM

Magicman12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
When I tried to delete the folder it told me access denied, make sure it isn't in use.

My computer seems to be running very nicely, although when I ran the MBAM scan Norton informed me two trojans was removed (seemingly as the scan detected them).

Here's the MBAM scan logs:

Malwarebytes' Anti-Malware 1.20
Database version: 933
Windows 5.1.2600 Service Pack 2

10:31:13 AM 7/9/2008
mbam-log-7-9-2008 (10-31-13).txt

Scan type: Full Scan (C:\|)
Objects scanned: 90252
Time elapsed: 16 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Adsl Software Ltd (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\winspywareprotect.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\edpe.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP103\A0025805.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP103\A0025811.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080623142616437.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

DSS log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:55, on 7/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jason\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jason.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080502
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O21 - SSODL: DscWinEn - {0D6AB5BA-99E4-CA97-7C07-0928C9E8EBB3} - C:\Program Files\vcchjbd\DscWinEn.dll
O23 - Service: McAfee Application Installer Cleanup (0118391215606213) (0118391215606213mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\011839~1.EXE
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WinSock Extention Manager - Unknown owner - C:\WINDOWS\system32\mdmcls32.exe

--
End of file - 9390 bytes

-- Files created between 2008-06-09 and 2008-07-09 -----------------------------

2008-07-09 10:13:14 0 d-------- C:\Documents and Settings\Jason\Application Data\Malwarebytes
2008-07-09 10:13:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-09 10:13:11 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-09 09:05:09 0 d-------- C:\Program Files\Norton Security Scan
2008-07-09 08:20:34 0 d-------- C:\WINDOWS\LastGood
2008-07-08 00:27:54 68096 --a------ C:\WINDOWS\zip.exe
2008-07-08 00:27:54 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-08 00:27:54 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-08 00:27:54 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-08 00:27:54 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-08 00:27:54 98816 --a------ C:\WINDOWS\sed.exe
2008-07-08 00:27:54 80412 --a------ C:\WINDOWS\grep.exe
2008-07-08 00:27:54 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-07 23:54:20 0 d-------- C:\Program Files\vcchjbd
2008-07-07 23:54:16 0 d-------- C:\Documents and Settings\All Users\Application Data\dupivuro
2008-07-07 23:54:13 0 d-------- C:\Documents and Settings\Jason\Application Data\uTorrent
2008-07-07 23:54:06 0 d-------- C:\Program Files\uTorrent
2008-06-29 10:19:54 0 d-------- C:\Program Files\Lavasoft
2008-06-29 10:19:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-29 10:17:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-29 09:53:45 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-29 09:53:45 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-29 09:53:45 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-29 09:53:45 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-29 09:53:45 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-29 09:53:45 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-29 09:53:45 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-29 09:53:45 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-29 09:53:45 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-29 09:53:45 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-29 09:53:45 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-29 09:53:45 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-29 09:53:45 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-29 09:53:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-06-29 09:53:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-29 09:53:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-06-29 09:53:44 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-28 11:01:04 0 d-------- C:\Program Files\Combined Community Codec Pack
2008-06-24 12:45:51 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-24 09:51:10 3706 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-24 09:49:27 0 d-------- C:\Documents and Settings\Jason\SmitfraudFix <SMITFR~1>
2008-06-23 19:46:34 0 d-------- C:\Documents and Settings\Don\Application Data\Real
2008-06-23 16:57:01 0 d-------- C:\Documents and Settings\Denise\Application Data\Real
2008-06-23 15:27:35 0 d-------- C:\Documents and Settings\Trevor\Application Data\Real
2008-06-23 14:26:23 62910 --a------ C:\Program Files\Uninstall.exe <Not Verified; $PROGRAMNAME; $PROGRAMNAME>
2008-06-23 14:26:23 0 --a------ C:\Program Files\uninstall.dat
2008-06-22 23:14:51 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-22 23:14:34 0 d-------- C:\Program Files\Real
2008-06-22 23:14:31 0 d-------- C:\Program Files\Common Files\Real
2008-06-22 23:14:30 0 d-------- C:\Documents and Settings\Jason\Application Data\Real
2008-06-21 09:55:32 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-21 09:55:31 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-21 09:55:31 0 d-------- C:\Program Files\Xvid
2008-06-19 21:41:02 0 d-------- C:\Documents and Settings\Trevor\Application Data\Viewpoint
2008-06-15 22:15:11 0 d-------- C:\Documents and Settings\Jason\Application Data\Viewpoint
2008-06-09 21:18:17 0 d-------- C:\Documents and Settings\Jason\Application Data\Help


-- Find3M Report ---------------------------------------------------------------

2008-07-09 10:26:15 0 d-------- C:\Documents and Settings\Jason\Application Data\DNA
2008-07-09 08:23:31 0 d-------- C:\Program Files\McAfee
2008-07-08 00:17:08 0 d-------- C:\Program Files\Trend Micro
2008-06-29 10:19:24 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-26 21:12:02 0 d-------- C:\Program Files\AIM
2008-06-26 09:04:35 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-22 23:14:51 0 d-------- C:\Program Files\Common Files
2008-06-15 23:05:08 5002 --a------ C:\Documents and Settings\Jason\Application Data\wklnhst.dat
2008-06-08 20:17:04 0 d-------- C:\Documents and Settings\Jason\Application Data\Apple Computer
2008-06-08 20:03:47 0 d-------- C:\Program Files\QuickTime
2008-06-08 20:03:15 0 d-------- C:\Program Files\Apple Software Update
2008-06-08 18:22:36 0 d-------- C:\Documents and Settings\Jason\Application Data\acccore
2008-06-08 14:35:59 0 d-------- C:\Program Files\DNA
2008-06-08 13:24:37 0 d-------- C:\Program Files\AIM6
2008-06-07 14:54:54 0 d-------- C:\Documents and Settings\Jason\Application Data\Aim
2008-06-07 14:54:49 0 d-------- C:\Program Files\AOD
2008-06-07 07:19:06 0 d-------- C:\Documents and Settings\Jason\Application Data\Adobe
2008-06-05 22:50:27 0 d-------- C:\Documents and Settings\Jason\Application Data\McAfee
2008-06-05 15:50:56 1294422 --a------ C:\WINDOWS\system32\winsflt.dll
2008-06-05 15:50:56 2064384 --a------ C:\WINDOWS\system32\win32cpr.dll
2008-06-05 15:48:24 0 d-------- C:\Program Files\PureSight Technologies Ltd
2008-06-05 15:47:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-05 15:16:40 0 d------c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-04 09:53:24 0 d-------- C:\Program Files\Microsoft Works
2008-05-28 15:01:42 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-26 16:07:57 0 d-------- C:\Program Files\SiteAdvisor
2008-05-25 22:21:06 0 d-------- C:\Documents and Settings\Jason\Application Data\SiteAdvisor
2008-05-23 21:36:19 0 d-------- C:\Documents and Settings\Jason\Application Data\Sun
2008-05-21 00:00:28 0 d-------- C:\Program Files\7-Zip
2008-05-18 10:52:21 0 d-------- C:\Program Files\AIM Search
2008-05-18 10:52:19 0 d-------- C:\Program Files\Viewpoint
2008-05-18 10:51:52 0 d-------- C:\Program Files\Common Files\AOL
2008-05-15 21:24:25 0 d-------- C:\Program Files\Greetings Workshop
2008-05-15 18:10:19 0 d-------- C:\Program Files\Final Draft Tagger
2008-05-15 18:10:19 0 d-------- C:\Program Files\Final Draft 7
2008-05-14 15:11:31 669 --a------ C:\WINDOWS\mozver.dat
2008-05-12 18:25:36 0 d-------- C:\Documents and Settings\Jason\Application Data\Template
2008-05-12 06:58:55 0 d-------- C:\Program Files\Google
2008-05-11 20:22:53 604 --ah----- C:\WINDOWS\T4
2008-05-11 20:22:53 604 --ah----- C:\WINDOWS\system32\T3
2008-05-11 20:22:53 604 --ah----- C:\Program Files\STLL Notifier
2008-05-11 20:17:58 0 d-------- C:\Program Files\Sibelius Software
2008-05-11 18:11:15 0 d-------- C:\Documents and Settings\Jason\Application Data\Macromedia
2008-05-11 18:10:55 0 d-------- C:\Program Files\AWS
2008-05-11 18:02:41 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-11 18:02:39 0 d-------- C:\Documents and Settings\Jason\Application Data\Mozilla
2008-05-11 12:58:29 20454 --a------ C:\WINDOWS\hpoins01.dat
2008-05-11 12:58:23 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-11 02:00:05 0 d-------- C:\Program Files\Microsoft.NET
2008-05-11 01:51:36 0 d-------- C:\Program Files\McAfee.com
2008-05-11 00:21:15 0 d-------- C:\Program Files\Common Files\Hewlett-Packard


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
11/26/2007 10:46 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
03/25/2008 16:49 111968 --a------ C:\Program Files\AIM Search\AOLSearch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [07/16/2007 20:45]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [07/16/2007 20:45]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [07/16/2007 20:45]
"RTHDCPL"="RTHDCPL.EXE" [07/16/2007 20:48 C:\WINDOWS\RTHDCPL.EXE]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [09/17/2007 12:56]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [05/02/2008 02:29]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [03/11/2008 13:44]
"BuildBU"="c:\dell\bldbubg.exe" [02/19/2004 07:23]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [06/21/2007 16:06]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [11/30/2007 05:42]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 22:16]
"dvHighMem"="C:\WINDOWS\cfgmng32.exe" [10/15/2006 15:26]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 13:59]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 23:37]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/22/2008 23:14]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 19:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 10:37]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [06/08/2008 14:35]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/25/2008 16:21]

C:\Documents and Settings\Jason\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [4/6/2003 12:37:10 AM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/6/2003 1:06:58 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"DscWinEn"= {0D6AB5BA-99E4-CA97-7C07-0928C9E8EBB3} - C:\Program Files\vcchjbd\DscWinEn.dll [07/07/2008 23:54 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll 05/02/2008 02:32 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""




-- End of Deckard's System Scanner: finished at 2008-07-09 10:32:14 ------------

Thanks!
  • 0

#8
fenzodahl512
Posted 09 July 2008 - 11:20 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, please disable the following programs prior to our fix.. Please re-enable them back after performing all steps given...

1. McAfee Antivirus and Firewall
2. Lavasoft Ad-Aware

Please visit HERE if you do not know how..




NEXT


Please show hidden files and folders. Please visit HERE if you don't know how.

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\WINDOWS\system32\mdmcls32.exe
  • Click on the submit button
  • Please post the results in your next reply.
If Jotti server is too busy, please submit the file to VirusTotal instead.




NEXT


Please uninstall Viewpoint Media Player from your computer..




NEXT


We need to get rid of some of the services running on your machine. To do this, copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

@echo off
sc stop "Viewpoint Manager Service"
sc delete "Viewpoint Manager Service"
exit

Save it to your desktop as File name: Service.bat
Save as type: All Files

Once done, double click Service.bat to run it. A command window will open briefly, then close. This is quite normal.

If you do not sure how to make a batch file, please visit HERE for the tutorial.





NEXT


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\Program Files\Viewpoint
C:\Program Files\vcchjbd
C:\Documents and Settings\All Users\Application Data\dupivuro
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\DscWinEn
EmptyTemp
purity
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please re-enable your security programs back now.. Please post the following logs in your next reply... Post each log in separate post..

1. Jotti/VirusTotal result
2. OTMoveIt2
3. A fresh DSS log (after OTMoveIt2 step)


Regards
fenzodahl512

Edited by fenzodahl512, 09 July 2008 - 11:22 AM.

  • 0

#9
Magicman12
Posted 09 July 2008 - 07:08 PM

Magicman12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
First, thanks a lot for all the help. I hope I can help people the same way someday.

Secondly, I already have the option that says "show hidden files" selected.

McAfee Antivirus was not easy to exit. I think i managed to do it via the Task Manager.

C:\WINDOWS\system32\mdmcls32.exe
Found Nothing for all

The log of files and folders moved that will be created in the c:\_OTMoveIt\MovedFiles folder will be posted in the next reply.

Following this will be your other request.
  • 0

#10
Magicman12
Posted 09 July 2008 - 07:12 PM

Magicman12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Explorer killed successfully
File/Folder C:\Program Files\Viewpoint not found.
C:\Program Files\vcchjbd moved successfully.
C:\Documents and Settings\All Users\Application Data\dupivuro moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\DscWinEn >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\DscWinEn deleted successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Jason\LOCALS~1\Temp\fb_128.lck scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jason\LOCALS~1\Temp\Perflib_Perfdata_b18.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jason\LOCALS~1\Temp\~DF6C2D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jason\LOCALS~1\Temp\~DFCA37.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_9YDt5e0CIWwe33a scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_ErzckkthQdHX8Tf scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_eVVdggsh3PSRl0R scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_hohbEkQYi0MbYo0 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_IxMgDbObP4BqbhN scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_JBWXoFnqo7RergI scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_CP1YJb7vqrzak8n scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_ZisBchpLf3tyds3 scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07092008_210611

Files moved on Reboot...
File C:\DOCUME~1\Jason\LOCALS~1\Temp\fb_128.lck not found!
File C:\DOCUME~1\Jason\LOCALS~1\Temp\Perflib_Perfdata_b18.dat not found!
C:\DOCUME~1\Jason\LOCALS~1\Temp\~DF6C2D.tmp moved successfully.
C:\DOCUME~1\Jason\LOCALS~1\Temp\~DFCA37.tmp moved successfully.
File C:\WINDOWS\temp\mcafee_9YDt5e0CIWwe33a not found!
File C:\WINDOWS\temp\mcafee_ErzckkthQdHX8Tf not found!
File C:\WINDOWS\temp\mcmsc_eVVdggsh3PSRl0R not found!
File C:\WINDOWS\temp\mcmsc_hohbEkQYi0MbYo0 not found!
File C:\WINDOWS\temp\mcmsc_IxMgDbObP4BqbhN not found!
File C:\WINDOWS\temp\mcmsc_JBWXoFnqo7RergI not found!
C:\WINDOWS\temp\sqlite_CP1YJb7vqrzak8n moved successfully.
C:\WINDOWS\temp\sqlite_ZisBchpLf3tyds3 moved successfully.
  • 0

Advertisements

#11
Magicman12
Posted 09 July 2008 - 07:16 PM

Magicman12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Um, what logs do you want?

What file am i scanning?
C:\WINDOWS\system32\mdmcls32.exe ?
Thanks.
  • 0

#12
fenzodahl512
Posted 10 July 2008 - 04:11 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please run Deckard System Scanner (dss.exe) again and post the log here..
  • 0

#13
Magicman12
Posted 10 July 2008 - 08:08 AM

Magicman12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
My bad, thought you wanted some kind of logs for the other services which I didn't see as possible:

Deckard's System Scanner v20071014.68
Run by Jason on 2008-07-10 10:07:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Jason.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:01, on 7/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Citrix\GoToAssist\514\G2AProcessFactory.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jason\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jason.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080502
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-21-124808508-1810160618-3417183661-1009\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" (User 'Trevor')
O4 - HKUS\S-1-5-21-124808508-1810160618-3417183661-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Trevor')
O4 - HKUS\S-1-5-21-124808508-1810160618-3417183661-1009\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Trevor')
O4 - HKUS\S-1-5-21-124808508-1810160618-3417183661-1009\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'Trevor')
O4 - S-1-5-21-124808508-1810160618-3417183661-1009 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Trevor')
O4 - S-1-5-21-124808508-1810160618-3417183661-1009 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Trevor')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: McAfee Application Installer Cleanup (0000861215692923) (0000861215692923mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\000086~1.EXE
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WinSock Extention Manager - Unknown owner - C:\WINDOWS\system32\mdmcls32.exe

--
End of file - 9977 bytes

-- Files created between 2008-06-10 and 2008-07-10 -----------------------------

2008-07-10 08:28:41 0 d-------- C:\WINDOWS\LastGood
2008-07-09 18:01:00 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-09 10:13:14 0 d-------- C:\Documents and Settings\Jason\Application Data\Malwarebytes
2008-07-09 10:13:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-09 10:13:11 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-09 09:05:09 0 d-------- C:\Program Files\Norton Security Scan
2008-07-08 00:27:54 68096 --a------ C:\WINDOWS\zip.exe
2008-07-08 00:27:54 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-08 00:27:54 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-08 00:27:54 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-08 00:27:54 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-08 00:27:54 98816 --a------ C:\WINDOWS\sed.exe
2008-07-08 00:27:54 80412 --a------ C:\WINDOWS\grep.exe
2008-07-08 00:27:54 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-07 23:54:13 0 d-------- C:\Documents and Settings\Jason\Application Data\uTorrent
2008-07-07 23:54:06 0 d-------- C:\Program Files\uTorrent
2008-06-29 10:19:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-29 10:17:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-29 09:53:45 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-29 09:53:45 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-29 09:53:45 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-29 09:53:45 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-29 09:53:45 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-29 09:53:45 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-29 09:53:45 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-29 09:53:45 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-29 09:53:45 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-29 09:53:45 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-29 09:53:45 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-29 09:53:45 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-29 09:53:45 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-29 09:53:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-06-29 09:53:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-29 09:53:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-06-29 09:53:44 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-28 11:01:04 0 d-------- C:\Program Files\Combined Community Codec Pack
2008-06-24 12:45:51 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-24 09:51:10 3706 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-24 09:49:27 0 d-------- C:\Documents and Settings\Jason\SmitfraudFix <SMITFR~1>
2008-06-23 19:46:34 0 d-------- C:\Documents and Settings\Don\Application Data\Real
2008-06-23 16:57:01 0 d-------- C:\Documents and Settings\Denise\Application Data\Real
2008-06-23 15:27:35 0 d-------- C:\Documents and Settings\Trevor\Application Data\Real
2008-06-23 14:26:23 62910 --a------ C:\Program Files\Uninstall.exe <Not Verified; $PROGRAMNAME; $PROGRAMNAME>
2008-06-23 14:26:23 0 --a------ C:\Program Files\uninstall.dat
2008-06-22 23:14:51 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-22 23:14:34 0 d-------- C:\Program Files\Real
2008-06-22 23:14:31 0 d-------- C:\Program Files\Common Files\Real
2008-06-22 23:14:30 0 d-------- C:\Documents and Settings\Jason\Application Data\Real
2008-06-21 09:55:32 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-21 09:55:31 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-21 09:55:31 0 d-------- C:\Program Files\Xvid
2008-06-19 21:41:02 0 d-------- C:\Documents and Settings\Trevor\Application Data\Viewpoint


-- Find3M Report ---------------------------------------------------------------

2008-07-10 08:28:40 0 d-------- C:\Program Files\McAfee
2008-07-09 23:52:03 0 d-------- C:\Documents and Settings\Jason\Application Data\DNA
2008-07-09 20:56:34 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-09 18:01:00 0 d-------- C:\Program Files\Common Files
2008-07-08 00:17:08 0 d-------- C:\Program Files\Trend Micro
2008-06-26 21:12:02 0 d-------- C:\Program Files\AIM
2008-06-26 09:04:35 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-15 23:05:08 5002 --a------ C:\Documents and Settings\Jason\Application Data\wklnhst.dat
2008-06-09 21:18:17 0 d-------- C:\Documents and Settings\Jason\Application Data\Help
2008-06-08 20:17:04 0 d-------- C:\Documents and Settings\Jason\Application Data\Apple Computer
2008-06-08 20:03:47 0 d-------- C:\Program Files\QuickTime
2008-06-08 20:03:15 0 d-------- C:\Program Files\Apple Software Update
2008-06-08 18:22:36 0 d-------- C:\Documents and Settings\Jason\Application Data\acccore
2008-06-08 14:35:59 0 d-------- C:\Program Files\DNA
2008-06-08 13:24:37 0 d-------- C:\Program Files\AIM6
2008-06-07 14:54:54 0 d-------- C:\Documents and Settings\Jason\Application Data\Aim
2008-06-07 14:54:49 0 d-------- C:\Program Files\AOD
2008-06-07 07:19:06 0 d-------- C:\Documents and Settings\Jason\Application Data\Adobe
2008-06-05 22:50:27 0 d-------- C:\Documents and Settings\Jason\Application Data\McAfee
2008-06-05 15:50:56 1294422 --a------ C:\WINDOWS\system32\winsflt.dll
2008-06-05 15:50:56 2064384 --a------ C:\WINDOWS\system32\win32cpr.dll
2008-06-05 15:48:24 0 d-------- C:\Program Files\PureSight Technologies Ltd
2008-06-05 15:47:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-05 15:16:40 0 d------c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-04 09:53:24 0 d-------- C:\Program Files\Microsoft Works
2008-05-28 15:01:42 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-26 16:07:57 0 d-------- C:\Program Files\SiteAdvisor
2008-05-25 22:21:06 0 d-------- C:\Documents and Settings\Jason\Application Data\SiteAdvisor
2008-05-23 21:36:19 0 d-------- C:\Documents and Settings\Jason\Application Data\Sun
2008-05-21 00:00:28 0 d-------- C:\Program Files\7-Zip
2008-05-18 10:52:21 0 d-------- C:\Program Files\AIM Search
2008-05-18 10:51:52 0 d-------- C:\Program Files\Common Files\AOL
2008-05-15 21:24:25 0 d-------- C:\Program Files\Greetings Workshop
2008-05-15 18:10:19 0 d-------- C:\Program Files\Final Draft Tagger
2008-05-15 18:10:19 0 d-------- C:\Program Files\Final Draft 7
2008-05-14 15:11:31 669 --a------ C:\WINDOWS\mozver.dat
2008-05-12 18:25:36 0 d-------- C:\Documents and Settings\Jason\Application Data\Template
2008-05-12 06:58:55 0 d-------- C:\Program Files\Google
2008-05-11 20:22:53 604 --ah----- C:\WINDOWS\T4
2008-05-11 20:22:53 604 --ah----- C:\WINDOWS\system32\T3
2008-05-11 20:22:53 604 --ah----- C:\Program Files\STLL Notifier
2008-05-11 20:17:58 0 d-------- C:\Program Files\Sibelius Software
2008-05-11 18:11:15 0 d-------- C:\Documents and Settings\Jason\Application Data\Macromedia
2008-05-11 18:10:55 0 d-------- C:\Program Files\AWS
2008-05-11 18:02:41 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-11 18:02:39 0 d-------- C:\Documents and Settings\Jason\Application Data\Mozilla
2008-05-11 12:58:29 20454 --a------ C:\WINDOWS\hpoins01.dat
2008-05-11 12:58:23 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-11 02:00:05 0 d-------- C:\Program Files\Microsoft.NET
2008-05-11 01:51:36 0 d-------- C:\Program Files\McAfee.com
2008-05-11 00:21:15 0 d-------- C:\Program Files\Common Files\Hewlett-Packard


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
11/26/2007 10:46 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
03/25/2008 16:49 111968 --a------ C:\Program Files\AIM Search\AOLSearch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [07/16/2007 20:45]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [07/16/2007 20:45]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [07/16/2007 20:45]
"RTHDCPL"="RTHDCPL.EXE" [07/16/2007 20:48 C:\WINDOWS\RTHDCPL.EXE]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [09/17/2007 12:56]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [05/02/2008 02:29]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [03/11/2008 13:44]
"BuildBU"="c:\dell\bldbubg.exe" [02/19/2004 07:23]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [06/21/2007 16:06]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [11/30/2007 05:42]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 22:16]
"dvHighMem"="C:\WINDOWS\cfgmng32.exe" [10/15/2006 15:26]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 13:59]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 23:37]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/22/2008 23:14]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 19:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 10:37]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [06/08/2008 14:35]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/25/2008 16:21]

C:\Documents and Settings\Jason\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [4/6/2003 12:37:10 AM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/6/2003 1:06:58 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll 05/02/2008 02:32 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""




-- End of Deckard's System Scanner: finished at 2008-07-10 10:08:20 ------------
  • 0

#14
fenzodahl512
Posted 10 July 2008 - 11:11 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
[*]Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
C:\Documents and Settings\Trevor\Application Data\Viewpoint
EmptyTemp
purity
[start explorer]

[*] Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
[*]Click the red Moveit! button.
[*]A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
[*]Close OTMoveIt2
[/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Please post the following logs in your next reply..

1. OTMoveIt2
2. Malwarebytes'
3. A fresh DSS log (after Malwarebytes' step)..

Regards
fenzodahl512
  • 0

#15
Magicman12
Posted 10 July 2008 - 01:48 PM

Magicman12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Explorer killed successfully
C:\Documents and Settings\Trevor\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 moved successfully.
C:\Documents and Settings\Trevor\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 moved successfully.
C:\Documents and Settings\Trevor\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 moved successfully.
C:\Documents and Settings\Trevor\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 moved successfully.
C:\Documents and Settings\Trevor\Application Data\Viewpoint\Viewpoint Media Player\Resources moved successfully.
C:\Documents and Settings\Trevor\Application Data\Viewpoint\Viewpoint Media Player moved successfully.
C:\Documents and Settings\Trevor\Application Data\Viewpoint moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Jason\LOCALS~1\Temp\fb_2040.lck scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jason\LOCALS~1\Temp\~DF6AA.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jason\LOCALS~1\Temp\~DFD2B0.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_hkY9icBbTktiASK scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_qfv7rFF8I4gBFqr scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_76RrxspZagvwMjL scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_8yTod4SSHsBcUfR scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_xsBgMvT6rRbInlv scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_YTnw6FzwU7bn0BW scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07102008_154434

Files moved on Reboot...
File C:\DOCUME~1\Jason\LOCALS~1\Temp\fb_2040.lck not found!
C:\DOCUME~1\Jason\LOCALS~1\Temp\~DF6AA.tmp moved successfully.
C:\DOCUME~1\Jason\LOCALS~1\Temp\~DFD2B0.tmp moved successfully.
File C:\WINDOWS\temp\mcafee_hkY9icBbTktiASK not found!
File C:\WINDOWS\temp\mcafee_qfv7rFF8I4gBFqr not found!
File C:\WINDOWS\temp\mcmsc_76RrxspZagvwMjL not found!
File C:\WINDOWS\temp\mcmsc_8yTod4SSHsBcUfR not found!
C:\WINDOWS\temp\sqlite_xsBgMvT6rRbInlv moved successfully.
C:\WINDOWS\temp\sqlite_YTnw6FzwU7bn0BW moved successfully.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP