View Full Version : commanddesktop
RStarrett
2006-09-10, 23:48
I ran the online trend virus scan
It was able to clean everything except Adware_commanddesktop
Logfile of HijackThis v1.99.1
Scan saved at 5:35:00 PM, on 9/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\svslogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\AOL\1135447446\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\kybrdff_17.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\PROGRA~1\COMMON~1\uuof\uuofm.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\COMMON~1\uuof\uuofa.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HighJackThis\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,dxgjhnf.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135447446\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [sys09150816630] C:\WINDOWS\sys09150816630.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_17.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [uuof] C:\PROGRA~1\COMMON~1\uuof\uuofm.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\q6rq0g95e6.dll
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Print Spooler Service (SpoolSvc212) - Unknown owner - C:\WINDOWS\system32\cjnr4r4jevm.exe (file missing)
O23 - Service: Service Logon Protocol (SVSLOG) - Unknown owner - C:\WINDOWS\svslogon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Yout help cleaning this mess would be appreciated.
LonnyRJones
2006-09-15, 16:14
Welcome to the forum
Continue here unless you are recieving help elswhere ?
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.zip) and save it to your desktop.
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
RStarrett
2006-09-15, 21:35
Thank you for the help, I was just about ready to reload windows on this laptop. I ran the SDFix, and will post the results below. As I was entering the forum to post this response I had 2 pop ups, the second was a target saver pop up.
first the SDFix report
SDFix: Version 1.22
-------------------------
Scan Time / Date: 15:21:06.85 / Fri 09/15/2006
Microsoft Windows XP [Version 5.1.2600]
Running from: C:\Documents and Settings\Jada\Desktop\SDFix\SDFix
Stage One...
Checking Services...
Service Name:
------------------
SpoolSvc212
SVSLOG
File Path:
------------
C:\WINDOWS\system32\cjnr4r4jevm.exe /service
"C:\WINDOWS\svslogon.exe"
Removing Services:
------------------------
SpoolSvc212 ... deleted
SVSLOG ... deleted
Repairing Registry...
Restoring Default Hosts File...
Stage One Complete
Rebooting!
Stage Two...
Registry Cleaning Finished...
Checking For Malware Files:
----------------------------------
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\KHIJ45MB\D209_3~1.EXE
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\CXINOHMN\D209_1~1.EXE
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\K5ENO12F\D212_1~1.EXE
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\K5ENO12F\D212_2~1.EXE
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\KHIJ45MB\D212_1~1.EXE
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WXYV0DQV\DCRYPT~1.MXS
C:\DCRYPT.EXE
C:\REGEDIT.PIF
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\KHIJ45MB\D222_T~1.EXE
C:\NW7892~1.EXE
C:\STVP.EXE
C:\WINDOWS\system32\cjnr4r4zrizs.exe
C:\WINDOWS\system32\sklrr7yfoxgqzis.exe
C:\WINDOWS\system32\sklrr7ygypgyqha.exe
C:\WINDOWS\system32\mlsdf8hdnwfoxh.exe
C:\WINDOWS\system32\mlsdf8hludnw.exe
C:\WINDOWS\system32\nlkfev7foxgq.exe
C:\WINDOWS\system32\nlkfev7hyphyp.exe
C:\WINDOWS\system32\nlkfev7pzir.exe
C:\WINDOWS\svslogon.exe
Backing Up and Removing any Files Found...
Final Check:
Remaining Services:
------------------------
Remaining Files:
-------------------
FINISHED
Logfile of HijackThis v1.99.1
Scan saved at 3:29:23 PM, on 9/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\AOL\1135447446\ee\AOLSoftware.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\uuof\uuofm.exe
C:\Program Files\PSCloner\PSCloner.exe
C:\PROGRA~1\COMMON~1\uuof\uuofa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HighJackThis\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [sys09150816630] C:\WINDOWS\sys09150816630.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135447446\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uuof] C:\PROGRA~1\COMMON~1\uuof\uuofm.exe
O4 - HKCU\..\Run: [xhsux] C:\WINDOWS\system32\csibwi.exe reg_run
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [CMFibula] "C:\Program Files\CMFibula\CMFibula.exe"
O4 - HKCU\..\Run: [PSCloner] "C:\Program Files\PSCloner\PSCloner.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Thanks for your help
LonnyRJones
2006-09-15, 21:41
Start Hijackthis and place a check next to these items If there.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [sys09150816630] C:\WINDOWS\sys09150816630.exe
O4 - HKCU\..\Run: [uuof] C:\PROGRA~1\COMMON~1\uuof\uuofm.exe
O4 - HKCU\..\Run: [xhsux] C:\WINDOWS\system32\csibwi.exe reg_run
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [CMFibula] "C:\Program Files\CMFibula\CMFibula.exe"
O4 - HKCU\..\Run: [PSCloner] "C:\Program Files\PSCloner\PSCloner.exe"
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Delete sdfix then Post a combofix log
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.
RStarrett
2006-09-15, 21:55
The combofix log. Thank you
Jada - 06-09-15 15:52:31.43 Service Pack 2
ComboFix 06.09.14 - Running from: C:\Documents and Settings\Jada\Desktop
((((((((((((((((((((((((((((((( Files Created from 2006-08-15 to 2006-09-15 ))))))))))))))))))))))))))))))))))
2006-09-15 15:13 2,560 -r-hs---- C:\mt2560.exe
2006-09-15 15:13 2,048 --a------ C:\mt.exe
2006-09-10 09:15 78,300 --a------ C:\ctps.exe
2006-09-06 17:42 32,768 --a------ C:\WINDOWS\hexdsszk.exe
2006-09-06 17:41 78,300 --a------ C:\ntp.exe
2006-09-05 19:20 235,130 -r--s---- C:\WINDOWS\system32\dwprpres.dll
2006-09-05 16:33 45,056 --a------ C:\TIGEN001.exe
2006-08-28 05:47 32,768 --a------ C:\WINDOWS\acrlbjbc.exe
2006-08-27 01:53 28,672 --a------ C:\WINDOWS\system32ra8pv.exe
2006-08-27 01:53 24,576 --a------ C:\WINDOWS\system32ha3f.exe
2006-08-27 01:53 0 --a------ C:\WINDOWS\system32fufudc.exe
2006-08-26 22:56 28,672 --a------ C:\WINDOWS\system32\ra8pv.exe
2006-08-26 22:56 24,576 --a------ C:\WINDOWS\system32\ha3f.exe
2006-08-23 21:27 214,749 --a------ C:\WINDOWS\srvrluysce.exe
2006-08-23 21:26 507,904 --a------ C:\814.exe
2006-08-19 21:25 32,768 --a------ C:\WINDOWS\hwbmfbjd.exe
2006-08-19 18:49 2,292 --a------ C:\regfile.pif
2006-08-16 23:49 230,864 --a------ C:\windr32.exe
2006-08-16 23:49 137,456 --a------ C:\WINDOWS\aupdate32.exe
2006-08-16 18:43 349,340 --a------ C:\803_104.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-09-14 20:04 -------- d-------- C:\Documents and Settings\Jada\Application Data\Sonic
2006-09-14 20:04 -------- d-------- C:\Documents and Settings\Jada\Application Data\Leadertech
2006-09-14 19:37 -------- d-------- C:\Program Files\Dell
2006-09-14 19:31 -------- d-------- C:\Program Files\Common Files\Intuit
2006-09-14 19:31 -------- d-------- C:\Program Files\Common Files
2006-09-14 19:28 -------- d-------- C:\Program Files\Common Files\Corel
2006-09-14 19:22 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-10 16:34 -------- d-------- C:\Program Files\Common Files\uuof
2006-09-08 20:29 -------- d-------- C:\Program Files\Internet Explorer
2006-09-08 19:23 -------- d-------- C:\Program Files\SpywareBlaster
2006-09-08 19:04 -------- d---s---- C:\Documents and Settings\Jada\Application Data\Microsoft
2006-09-07 19:26 -------- d-------- C:\Program Files\PSCloner
2006-09-06 20:44 -------- d-------- C:\Program Files\Ckac
2006-09-06 20:06 -------- d-------- C:\Program Files\Lavasoft
2006-09-06 20:06 -------- d-------- C:\Documents and Settings\Jada\Application Data\Lavasoft
2006-09-05 20:33 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-05 20:33 -------- d-------- C:\Program Files\AOL
2006-09-05 19:53 -------- d-------- C:\Program Files\Spyware Doctor
2006-09-05 17:11 56 -r-hs---- C:\WINDOWS\system32\5EEF24F715.sys
2006-09-05 17:11 3610 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-09-05 16:33 928 --a------ C:\WINDOWS\system32\winpfg32.sys
2006-08-14 16:16 -------- d-------- C:\Program Files\Batty
2006-08-11 11:42 32768 --a------ C:\WINDOWS\fxogzhbg.exe
2006-08-09 23:04 32768 --a------ C:\WINDOWS\rynntdtm.exe
2006-08-07 11:17 61440 --a------ C:\WINDOWS\system32\BattyRun2.dll
2006-07-31 12:09 24576 --a------ C:\WINDOWS\system32\ewxcksr.exe
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 19:48 -------- d-------- C:\Program Files\Google
2006-07-24 21:34 32768 --a------ C:\WINDOWS\snikdncs.exe
2006-07-24 15:34 10752 --a------ C:\msdev.exe
2006-07-23 23:43 27476 --a------ C:\installerwnusnewer.exe
2006-07-21 20:51 11264 --a------ C:\host.exe
2006-07-21 17:40 9728 --a------ C:\setup64.exe
2006-07-21 16:07 10752 --a------ C:\itunes32b.exe
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-20 19:15 11264 --a------ C:\setup32.exe
2006-07-20 15:58 586656 --a------ C:\626_101newer.exe
2006-07-20 15:57 10752 --a------ C:\dscf.exe
2006-07-19 20:23 9216 --a------ C:\setup.exe
2006-07-19 19:30 9216 --a------ C:\system64.exe
2006-07-19 19:20 676 --a------ C:\system32.exe
2006-07-19 17:35 9216 --a------ C:\install32.exe
2006-07-19 15:56 9216 --a------ C:\ins32.exe
2006-07-19 15:49 9728 --a------ C:\install.exe
2006-07-19 15:49 407077 --a------ C:\yazzle.exe
2006-07-19 15:49 242230 --a------ C:\siteError.exe
2006-07-18 16:01 10752 --a------ C:\hostsmgr.exe
2006-07-18 15:47 11264 --a------ C:\ipod32.exe
2006-07-17 21:05 169889 --a------ C:\comscore.exe
2006-07-17 20:49 587104 --a------ C:\626_101new.exe
2006-07-17 18:36 -------- d-------- C:\Program Files\Trend Micro
2006-07-12 22:09 32768 --a------ C:\WINDOWS\yhawrifp.exe
2006-07-12 21:34 676 --a------ C:\googlebar.com
2006-07-12 21:04 32768 --a------ C:\WINDOWS\wnpcxnkd.exe
2006-07-11 21:35 32768 --a------ C:\WINDOWS\riyoaiwh.exe
2006-07-10 21:19 32768 --a------ C:\WINDOWS\mhbyvxxf.exe
2006-07-10 01:02 32768 --a------ C:\WINDOWS\pyxiyttc.exe
2006-07-09 12:38 32768 --a------ C:\WINDOWS\kbgyrqms.exe
2006-07-09 02:27 286 --a------ C:\WINDOWS\autoupdate.bat
2006-07-08 08:38 11776 --a------ C:\pcdoctor.com
2006-07-07 09:09 202768 --a------ C:\drwin32.exe
2006-07-06 11:13 32768 --a------ C:\WINDOWS\rmqdcrnu.exe
2006-07-05 21:40 32768 --a------ C:\WINDOWS\zekbbmdp.exe
2006-07-05 21:18 268 --a------ C:\WINDOWS\comexec.bat
2006-07-05 02:23 677 --a------ C:\cmdhost.exe
2006-07-02 11:47 32976 --a------ C:\WINDOWS\system32\uninstIcn.exe
2006-07-02 11:45 1063 --a------ C:\WINDOWS\system32\gbi7b0a1.sys
2006-06-28 13:00 11416 --a------ C:\installerwnus.exe
2006-06-28 12:01 32768 --a------ C:\WINDOWS\imqcuwic.exe
2006-06-27 21:00 677 --a------ C:\drweb64.exe
2006-06-27 17:20 32768 --a------ C:\WINDOWS\mrlobtgo.exe
2006-06-25 13:21 454656 --a------ C:\regifast.exe
2006-06-23 08:18 328704 --a------ C:\WINDOWS\system32\pre.exe
2006-06-20 18:32 680 --a------ C:\bootcon.exe
2006-06-20 09:18 298435 --a------ C:\svchost.exe
2006-06-17 20:41 69632 --a------ C:\WINDOWS\system32\ihdghmho.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\TMAS_OE\\TMAS_OEMon.exe\""
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"PRONoMgrWired"="C:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PRONoMgr.exe"
"Dell Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mimboot.exe"
"MMTray"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mm_tray.exe"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1135447446\\ee\\AOLSoftware.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinMedia"="C:\\mt2560.exe"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinMedia"="C:\\mt2560.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
"{08FD4776-069F-1033-0918-051114200001}"="\"C:\\Program Files\\Common Files\\{08FD4776-069F-1033-0918-051114200001}\\Update.exe\" mc-110-12-0000488"
"{08FD4776-0256-1033-0918-051114200001}"="\"C:\\Program Files\\Common Files\\{08FD4776-0256-1033-0918-051114200001}\\Update.exe\" mc-110-12-0000488"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
"{08FD4776-069F-1033-0918-051114200001}"="\"C:\\Program Files\\Common Files\\{08FD4776-069F-1033-0918-051114200001}\\Update.exe\" mc-110-12-0000488"
"{08FD4776-0256-1033-0918-051114200001}"="\"C:\\Program Files\\Common Files\\{08FD4776-0256-1033-0918-051114200001}\\Update.exe\" mc-110-12-0000488"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Completion time: Fri 09/15/2006 15:52:58.34
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
RStarrett
2006-09-15, 22:00
i guess you want all three of those files
Jordan - 06-09-11 15:49:42.68
ComboFix 06.09.11B - Running from: C:\Documents and Settings\Jordan\Desktop
Microsoft Windows XP [Version 5.1.2600]
((((((((((((((((((((((((((((((( Files Created from 2006-08-11 to 2006-09-11 ))))))))))))))))))))))))))))))))))
2006-09-10 09:15 78,300 --a------ C:\ctps.exe
2006-09-07 21:20 88,064 --a------ C:\WINDOWS\system32\nlkfev7foxgq.exe
2006-09-07 21:04 88,064 --a------ C:\WINDOWS\system32\mlsdf8hludnw.exe
2006-09-07 19:24 88,064 --a------ C:\WINDOWS\system32\sklrr7yfoxgqzis.exe
2006-09-06 20:00 88,064 --a------ C:\WINDOWS\system32\nlkfev7pzir.exe
2006-09-06 17:42 32,768 --a------ C:\WINDOWS\hexdsszk.exe
2006-09-06 17:41 88,064 --a------ C:\WINDOWS\system32\mlsdf8hdnwfoxh.exe
2006-09-06 17:41 78,300 --a------ C:\ntp.exe
2006-09-05 19:20 235,130 -r--s---- C:\WINDOWS\system32\dwprpres.dll
2006-09-05 16:33 45,056 --a------ C:\TIGEN001.exe
2006-08-28 05:47 32,768 --a------ C:\WINDOWS\acrlbjbc.exe
2006-08-27 01:53 28,672 --a------ C:\WINDOWS\system32ra8pv.exe
2006-08-27 01:53 24,576 --a------ C:\WINDOWS\system32ha3f.exe
2006-08-27 01:53 0 --a------ C:\WINDOWS\system32fufudc.exe
2006-08-26 22:56 28,672 --a------ C:\WINDOWS\system32\ra8pv.exe
2006-08-26 22:56 24,576 --a------ C:\WINDOWS\system32\ha3f.exe
2006-08-24 02:23 78,916 --a------ C:\dcrypt.exe
2006-08-23 21:27 214,749 --a------ C:\WINDOWS\srvrluysce.exe
2006-08-23 21:26 507,904 --a------ C:\814.exe
2006-08-19 21:25 32,768 --a------ C:\WINDOWS\hwbmfbjd.exe
2006-08-19 18:49 2,292 --a------ C:\regfile.pif
2006-08-16 23:49 230,864 --a------ C:\windr32.exe
2006-08-16 23:49 137,456 --a------ C:\WINDOWS\aupdate32.exe
2006-08-16 18:43 349,340 --a------ C:\803_104.exe
2006-08-11 11:42 32,768 --a------ C:\WINDOWS\fxogzhbg.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-09-11 15:20 -------- d-------- C:\Program Files\Common Files
2006-09-10 16:34 -------- d-------- C:\Program Files\Common Files\uuof
2006-09-08 20:29 -------- d-------- C:\Program Files\Internet Explorer
2006-09-08 19:32 -------- d-------- C:\Documents and Settings\Jordan\Application Data\Lavasoft
2006-09-08 19:23 -------- d-------- C:\Program Files\SpywareBlaster
2006-09-07 19:26 -------- d-------- C:\Program Files\PSCloner
2006-09-06 20:44 -------- d-------- C:\Program Files\Ckac
2006-09-06 20:06 -------- d-------- C:\Program Files\Lavasoft
2006-09-05 20:33 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-05 20:33 -------- d-------- C:\Program Files\AOL
2006-09-05 19:53 -------- d-------- C:\Program Files\Spyware Doctor
2006-09-05 17:11 56 -r-hs---- C:\WINDOWS\system32\5EEF24F715.sys
2006-09-05 17:11 3610 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-09-05 16:33 928 --a------ C:\WINDOWS\system32\winpfg32.sys
2006-08-17 15:02 78916 --a------ C:\regedit.pif
2006-08-14 16:16 -------- d-------- C:\Program Files\Batty
2006-08-09 23:04 32768 --a------ C:\WINDOWS\rynntdtm.exe
2006-08-07 11:17 61440 --a------ C:\WINDOWS\system32\BattyRun2.dll
2006-08-06 16:20 86528 --a------ C:\WINDOWS\system32\nlkfev7hyphyp.exe
2006-08-06 16:20 77372 --a------ C:\stvp.exe
2006-08-06 15:49 86528 --a------ C:\WINDOWS\system32\cjnr4r4zrizs.exe
2006-08-05 19:25 65024 -r-hs---- C:\WINDOWS\svslogon.exe
2006-08-05 15:36 86528 --a------ C:\WINDOWS\system32\sklrr7ygypgyqha.exe
2006-07-31 12:09 24576 --a------ C:\WINDOWS\system32\ewxcksr.exe
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 19:48 -------- d-------- C:\Program Files\Google
2006-07-26 18:52 -------- d-------- C:\Documents and Settings\Jordan\Application Data\Google
2006-07-24 21:34 32768 --a------ C:\WINDOWS\snikdncs.exe
2006-07-24 15:34 10752 --a------ C:\msdev.exe
2006-07-23 23:43 27476 --a------ C:\installerwnusnewer.exe
2006-07-21 20:51 11264 --a------ C:\host.exe
2006-07-21 17:40 9728 --a------ C:\setup64.exe
2006-07-21 16:07 10752 --a------ C:\itunes32b.exe
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-20 19:15 11264 --a------ C:\setup32.exe
2006-07-20 15:58 586656 --a------ C:\626_101newer.exe
2006-07-20 15:57 10752 --a------ C:\dscf.exe
2006-07-19 20:23 9216 --a------ C:\setup.exe
2006-07-19 19:30 9216 --a------ C:\system64.exe
2006-07-19 19:20 676 --a------ C:\system32.exe
2006-07-19 17:35 9216 --a------ C:\install32.exe
2006-07-19 15:56 9216 --a------ C:\ins32.exe
2006-07-19 15:49 9728 --a------ C:\install.exe
2006-07-19 15:49 407077 --a------ C:\yazzle.exe
2006-07-19 15:49 242230 --a------ C:\siteError.exe
2006-07-18 16:01 10752 --a------ C:\hostsmgr.exe
2006-07-18 15:47 11264 --a------ C:\ipod32.exe
2006-07-17 21:05 169889 --a------ C:\comscore.exe
2006-07-17 20:49 587104 --a------ C:\626_101new.exe
2006-07-17 18:36 -------- d-------- C:\Program Files\Trend Micro
2006-07-12 22:09 32768 --a------ C:\WINDOWS\yhawrifp.exe
2006-07-12 21:34 676 --a------ C:\googlebar.com
2006-07-12 21:04 32768 --a------ C:\WINDOWS\wnpcxnkd.exe
2006-07-11 21:35 32768 --a------ C:\WINDOWS\riyoaiwh.exe
2006-07-10 21:19 32768 --a------ C:\WINDOWS\mhbyvxxf.exe
2006-07-10 01:02 32768 --a------ C:\WINDOWS\pyxiyttc.exe
2006-07-09 12:38 32768 --a------ C:\WINDOWS\kbgyrqms.exe
2006-07-09 02:27 286 --a------ C:\WINDOWS\autoupdate.bat
2006-07-08 08:38 11776 --a------ C:\pcdoctor.com
2006-07-07 09:09 202768 --a------ C:\drwin32.exe
2006-07-06 11:13 32768 --a------ C:\WINDOWS\rmqdcrnu.exe
2006-07-05 21:40 32768 --a------ C:\WINDOWS\zekbbmdp.exe
2006-07-05 21:18 268 --a------ C:\WINDOWS\comexec.bat
2006-07-05 02:23 677 --a------ C:\cmdhost.exe
2006-07-02 11:47 32976 --a------ C:\WINDOWS\system32\uninstIcn.exe
2006-07-02 11:45 1063 --a------ C:\WINDOWS\system32\gbi7b0a1.sys
2006-06-28 13:00 11416 --a------ C:\installerwnus.exe
2006-06-28 12:01 32768 --a------ C:\WINDOWS\imqcuwic.exe
2006-06-27 21:00 677 --a------ C:\drweb64.exe
2006-06-27 17:20 32768 --a------ C:\WINDOWS\mrlobtgo.exe
2006-06-25 13:21 454656 --a------ C:\regifast.exe
2006-06-23 08:18 328704 --a------ C:\WINDOWS\system32\pre.exe
2006-06-20 18:32 680 --a------ C:\bootcon.exe
2006-06-20 09:18 298435 --a------ C:\svchost.exe
2006-06-17 20:41 69632 --a------ C:\WINDOWS\system32\ihdghmho.dll
2006-06-14 22:18 154 --a------ C:\WINDOWS\comfix.bat
2006-06-12 15:23 301956 --a------ C:\Tagasaurus.exe
2006-06-12 15:09 10752 --a------ C:\WINDOWS\system32\Shlesb.dll
2006-06-11 18:54 350 --a------ C:\WINDOWS\booin.dll
2006-06-11 18:07 32768 --a------ C:\WINDOWS\ixcgmumo.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\TMAS_OE\\TMAS_OEMon.exe\""
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"uuof"="C:\\PROGRA~1\\COMMON~1\\uuof\\uuofm.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"PRONoMgrWired"="C:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PRONoMgr.exe"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"Dell Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mimboot.exe"
"MMTray"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mm_tray.exe"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1135447446\\ee\\AOLSoftware.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"sys09150816630"="C:\\WINDOWS\\sys09150816630.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://kiss-dollz.site.voila.fr/curseurro.gif"
"SubscribedURL"="http://kiss-dollz.site.voila.fr/curseurro.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,3c,02,00,00,45,01,00,00,44,00,00,00,20,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,e7,02,00,00,45,01,00,00,20,00,00,00,20,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,d2,00,41,c0,b4,74,c0,be,bd,04,68,de,d2,00,20,6d,\
d2,00,f8,df,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="http://groups.msn.com/_Secure/0QwAAAEsUN7S8FxAoBsMMgrk0U1PFT76!oh8HIrfROtSdYnyQgxNYXZLJe6akZiW*TZlsR0zp1Ut78MlDHKgM4y4FTdPIBn5L!A9owbFPyCM/ppp.gif?dc=4675512644433676074"
"SubscribedURL"="http://groups.msn.com/_Secure/0QwAAAEsUN7S8FxAoBsMMgrk0U1PFT76!oh8HIrfROtSdYnyQgxNYXZLJe6akZiW*TZlsR0zp1Ut78MlDHKgM4y4FTdPIBn5L!A9owbFPyCM/ppp.gif?dc=4675512644433676074"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,12,02,00,00,23,00,00,00,5e,01,00,00,01,01,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,02,00,00,23,00,00,00,5e,01,00,00,01,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,b5,07,41,c0,b4,74,18,0a,f9,08,68,de,b5,07,20,6d,\
b5,07,04,04,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,38,01,00,00,00,00,00,00,c8,02,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,38,01,00,00,00,00,00,00,c8,02,00,00,e2,02,\
00,00,01,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
"{08FD4776-069F-1033-0918-051114200001}"="\"C:\\Program Files\\Common Files\\{08FD4776-069F-1033-0918-051114200001}\\Update.exe\" mc-110-12-0000488"
"{08FD4776-0256-1033-0918-051114200001}"="\"C:\\Program Files\\Common Files\\{08FD4776-0256-1033-0918-051114200001}\\Update.exe\" mc-110-12-0000488"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
"{08FD4776-069F-1033-0918-051114200001}"="\"C:\\Program Files\\Common Files\\{08FD4776-069F-1033-0918-051114200001}\\Update.exe\" mc-110-12-0000488"
"{08FD4776-0256-1033-0918-051114200001}"="\"C:\\Program Files\\Common Files\\{08FD4776-0256-1033-0918-051114200001}\\Update.exe\" mc-110-12-0000488"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Completion time: Mon 09/11/2006 15:50:14.01
ComboFix.txt
ComboFix2.txt
RStarrett
2006-09-15, 22:03
Jordan - 06-09-11 15:20:10.23
ComboFix 06.09.11B - Running from: C:\Documents and Settings\Jordan\Desktop
Microsoft Windows XP [Version 5.1.2600]
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
REGISTRY ENTRIES REMOVED:
[HKEY_CLASSES_ROOT\CLSID\{2E63DB5A-9A6E-4F10-A844-B6BA4EC92B5C}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{2E63DB5A-9A6E-4F10-A844-B6BA4EC92B5C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2E63DB5A-9A6E-4F10-A844-B6BA4EC92B5C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2E63DB5A-9A6E-4F10-A844-B6BA4EC92B5C}\InprocServer32]
@="C:\\WINDOWS\\system32\\bdowsewm.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{4F5D8144-97A5-40B8-9C44-DB10845A5271}]
@=""
"IDEx"="AD"
[HKEY_CLASSES_ROOT\CLSID\{4F5D8144-97A5-40B8-9C44-DB10845A5271}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4F5D8144-97A5-40B8-9C44-DB10845A5271}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4F5D8144-97A5-40B8-9C44-DB10845A5271}\InprocServer32]
@="C:\\WINDOWS\\system32\\nexpnt.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{696F48B7-DF5D-4CBD-9927-8E487302B627}]
@=""
"IDEx"="AD"
[HKEY_CLASSES_ROOT\CLSID\{696F48B7-DF5D-4CBD-9927-8E487302B627}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{696F48B7-DF5D-4CBD-9927-8E487302B627}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{696F48B7-DF5D-4CBD-9927-8E487302B627}\InprocServer32]
@="C:\\WINDOWS\\system32\\kjdukx.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{B7E77FE3-0F96-44C1-9A9D-5A73BD698790}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B7E77FE3-0F96-44C1-9A9D-5A73BD698790}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B7E77FE3-0F96-44C1-9A9D-5A73BD698790}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B7E77FE3-0F96-44C1-9A9D-5A73BD698790}\InprocServer32]
@="C:\\WINDOWS\\system32\\mvls31.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{24B05708-07B8-4F96-99DD-41BD372AE79C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{24B05708-07B8-4F96-99DD-41BD372AE79C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{24B05708-07B8-4F96-99DD-41BD372AE79C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{24B05708-07B8-4F96-99DD-41BD372AE79C}\InprocServer32]
@="C:\\WINDOWS\\system32\\iilicd32.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{DD68E326-714F-421A-A84F-16258F56E08B}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DD68E326-714F-421A-A84F-16258F56E08B}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DD68E326-714F-421A-A84F-16258F56E08B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DD68E326-714F-421A-A84F-16258F56E08B}\InprocServer32]
@="C:\\WINDOWS\\system32\\hgtpapi.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{0BACFD2D-F214-4B62-852C-5F4842146EFB}]
@=""
"IDEx"="AD"
[HKEY_CLASSES_ROOT\CLSID\{0BACFD2D-F214-4B62-852C-5F4842146EFB}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0BACFD2D-F214-4B62-852C-5F4842146EFB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0BACFD2D-F214-4B62-852C-5F4842146EFB}\InprocServer32]
@="C:\\WINDOWS\\system32\\LVXBCE.DLL"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{F0F1D531-E42D-4144-BF08-BB260B630CED}]
@=""
"IDEx"="AD"
[HKEY_CLASSES_ROOT\CLSID\{F0F1D531-E42D-4144-BF08-BB260B630CED}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F0F1D531-E42D-4144-BF08-BB260B630CED}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F0F1D531-E42D-4144-BF08-BB260B630CED}\InprocServer32]
@="C:\\WINDOWS\\system32\\milbui.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{24E6F2FD-10A3-4412-9139-D0986DE65FA3}]
@=""
"IDEx"="AD"
[HKEY_CLASSES_ROOT\CLSID\{24E6F2FD-10A3-4412-9139-D0986DE65FA3}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{24E6F2FD-10A3-4412-9139-D0986DE65FA3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{24E6F2FD-10A3-4412-9139-D0986DE65FA3}\InprocServer32]
@="C:\\WINDOWS\\system32\\mxrepl40.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{BE964245-EFF2-43C3-A8B7-7AADF2D844A3}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BE964245-EFF2-43C3-A8B7-7AADF2D844A3}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BE964245-EFF2-43C3-A8B7-7AADF2D844A3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BE964245-EFF2-43C3-A8B7-7AADF2D844A3}\InprocServer32]
@="C:\\WINDOWS\\system32\\dUd8.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{75FBBC31-C573-49B1-BCC2-CFC35328F953}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{75FBBC31-C573-49B1-BCC2-CFC35328F953}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{75FBBC31-C573-49B1-BCC2-CFC35328F953}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{75FBBC31-C573-49B1-BCC2-CFC35328F953}\InprocServer32]
@="C:\\WINDOWS\\system32\\fgtlib.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{C1E772D0-2C15-4614-A025-BAEF41CAE940}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C1E772D0-2C15-4614-A025-BAEF41CAE940}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C1E772D0-2C15-4614-A025-BAEF41CAE940}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C1E772D0-2C15-4614-A025-BAEF41CAE940}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{4D7DFED8-6827-4143-831B-9A148A9BEAE1}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4D7DFED8-6827-4143-831B-9A148A9BEAE1}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4D7DFED8-6827-4143-831B-9A148A9BEAE1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4D7DFED8-6827-4143-831B-9A148A9BEAE1}\InprocServer32]
@="C:\\WINDOWS\\system32\\wnerrenu.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{BD67FFC1-7F7A-48D4-927A-E8C49B74B14D}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BD67FFC1-7F7A-48D4-927A-E8C49B74B14D}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BD67FFC1-7F7A-48D4-927A-E8C49B74B14D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BD67FFC1-7F7A-48D4-927A-E8C49B74B14D}\InprocServer32]
@="C:\\WINDOWS\\system32\\cTtsrvut.dll"
"ThreadingModel"="Apartment"
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
FILES REMOVED:
C:\WINDOWS\system32\aQaamon.dll
C:\WINDOWS\system32\axifil32.dll
C:\WINDOWS\system32\az18l3hu1.dll
C:\WINDOWS\system32\aza001jme.dll
C:\WINDOWS\system32\aza003hme.dll
C:\WINDOWS\system32\aza02c3mgf.dll
C:\WINDOWS\system32\aza0l13m1.dll
C:\WINDOWS\system32\aza0lg7m16.dll
C:\WINDOWS\system32\aza40elqehqe0.dll
C:\WINDOWS\system32\aza40i3qe8.dll
C:\WINDOWS\system32\aza6075se.dll
C:\WINDOWS\system32\aza607lse.dll
C:\WINDOWS\system32\aza8031ue.dll
C:\WINDOWS\system32\aza809fue.dll
C:\WINDOWS\system32\aza8l19u1.dll
C:\WINDOWS\system32\azam07d1e.dll
C:\WINDOWS\system32\azam0gf1e62.dll
C:\WINDOWS\system32\azamli3118.dll
C:\WINDOWS\system32\azaqlcj51fo.dll
C:\WINDOWS\system32\azaqlif5182.dll
C:\WINDOWS\system32\azas0ad7ed0.dll
C:\WINDOWS\system32\azasl7971.dll
C:\WINDOWS\system32\azasl9171.dll
C:\WINDOWS\system32\azasled71h0.dll
C:\WINDOWS\system32\azaul3591.dll
C:\WINDOWS\system32\azaulcf91f2.dll
C:\WINDOWS\system32\bxowselc.dll
C:\WINDOWS\system32\byhserv.dll
C:\WINDOWS\system32\c2002cdmgf0a2.dll
C:\WINDOWS\system32\crcfg32.dll
C:\WINDOWS\system32\cTtsrvut.dll
C:\WINDOWS\system32\cyb.dll
C:\WINDOWS\system32\d80mlid1180.dll
C:\WINDOWS\system32\d8j02i1mg8.dll
C:\WINDOWS\system32\dbrgui.dll
C:\WINDOWS\system32\dLd8.dll
C:\WINDOWS\system32\dn2u01f9e.dll
C:\WINDOWS\system32\dn6001jme.dll
C:\WINDOWS\system32\dn6q01j5e.dll
C:\WINDOWS\system32\dnl0013me.dll
C:\WINDOWS\system32\dnn4015qe.dll
C:\WINDOWS\system32\dnp6017se.dll
C:\WINDOWS\system32\dzound3d.dll
C:\WINDOWS\system32\e202lcdo1f0c.dll
C:\WINDOWS\system32\e4jm0e11eh.dll
C:\WINDOWS\system32\e820lifm182a.dll
C:\WINDOWS\system32\en08l1du1.dll
C:\WINDOWS\system32\en2ml1f11.dll
C:\WINDOWS\system32\en44l1hq1.dll
C:\WINDOWS\system32\en48l1hu1.dll
C:\WINDOWS\system32\en4ml1h11.dll
C:\WINDOWS\system32\en82l1lo1.dll
C:\WINDOWS\system32\enl0l13m1.dll
C:\WINDOWS\system32\enn2l15o1.dll
C:\WINDOWS\system32\enp2l17o1.dll
C:\WINDOWS\system32\enpml1711.dll
C:\WINDOWS\system32\enr8l19u1.dll
C:\WINDOWS\system32\enrsl1971.dll
C:\WINDOWS\system32\f2l02c3mgf.dll
C:\WINDOWS\system32\f2l0lc3m1f.dll
C:\WINDOWS\system32\f62m0gf1e62.dll
C:\WINDOWS\system32\f82mlif1182.dll
C:\WINDOWS\system32\fgtlib.dll
C:\WINDOWS\system32\fn0021dmg.dll
C:\WINDOWS\system32\fp0203doe.dll
C:\WINDOWS\system32\fp0403dqe.dll
C:\WINDOWS\system32\fp0u03d9e.dll
C:\WINDOWS\system32\fp4003hme.dll
C:\WINDOWS\system32\fp4803hue.dll
C:\WINDOWS\system32\fp8o03l3e.dll
C:\WINDOWS\system32\fpj0031me.dll
C:\WINDOWS\system32\fpj8031ue.dll
C:\WINDOWS\system32\fpjo0313e.dll
C:\WINDOWS\system32\fpjs0317e.dll
C:\WINDOWS\system32\fpn4035qe.dll
C:\WINDOWS\system32\fpp8037ue.dll
C:\WINDOWS\system32\fpr0039me.dll
C:\WINDOWS\system32\fprq0395e.dll
C:\WINDOWS\system32\fvsperf.dll
C:\WINDOWS\system32\g2402chmgf4a2.dll
C:\WINDOWS\system32\g6400ghme64a0.dll
C:\WINDOWS\system32\g8lmli3118.dll
C:\WINDOWS\system32\gp06l3ds1.dll
C:\WINDOWS\system32\gp46l3hs1.dll
C:\WINDOWS\system32\gp48l3hu1.dll
C:\WINDOWS\system32\gp64l3jq1.dll
C:\WINDOWS\system32\gp84l3lq1.dll
C:\WINDOWS\system32\gpjol3131.dll
C:\WINDOWS\system32\gpn4l35q1.dll
C:\WINDOWS\system32\gpnul3591.dll
C:\WINDOWS\system32\gpp0l37m1.dll
C:\WINDOWS\system32\gpp6l37s1.dll
C:\WINDOWS\system32\h02o0af3ed2.dll
C:\WINDOWS\system32\h04mlah11d4.dll
C:\WINDOWS\system32\h2l20c3oef.dll
C:\WINDOWS\system32\h4l2le3o1h.dll
C:\WINDOWS\system32\h62o0gf3e62.dll
C:\WINDOWS\system32\h64mlgh1164.dll
C:\WINDOWS\system32\h82olif3182.dll
C:\WINDOWS\system32\hcd.dll
C:\WINDOWS\system32\hp0023dmg.dll
C:\WINDOWS\system32\hr4005hme.dll
C:\WINDOWS\system32\hr4205hoe.dll
C:\WINDOWS\system32\hr4605hse.dll
C:\WINDOWS\system32\hr4q05h5e.dll
C:\WINDOWS\system32\hr6205joe.dll
C:\WINDOWS\system32\hr6s05j7e.dll
C:\WINDOWS\system32\hrj0051me.dll
C:\WINDOWS\system32\hrjo0513e.dll
C:\WINDOWS\system32\hrju0519e.dll
C:\WINDOWS\system32\hrls0537e.dll
C:\WINDOWS\system32\hrp0057me.dll
C:\WINDOWS\system32\i0060adsed060.dll
C:\WINDOWS\system32\i0lo0a33ed.dll
C:\WINDOWS\system32\i224lcfq1f2e.dll
C:\WINDOWS\system32\i4420ehoeh4c0.dll
C:\WINDOWS\system32\i6lo0g33e6.dll
C:\WINDOWS\system32\i6nm0g51e6.dll
C:\WINDOWS\system32\ibaksie.dll
C:\WINDOWS\system32\idfxpph.dll
C:\WINDOWS\system32\iPsrad.dll
C:\WINDOWS\system32\ir04l5dq1.dll
C:\WINDOWS\system32\ir48l5hu1.dll
C:\WINDOWS\system32\ir4ol5h31.dll
C:\WINDOWS\system32\ir84l5lq1.dll
C:\WINDOWS\system32\irlml5311.dll
C:\WINDOWS\system32\irnml5511.dll
C:\WINDOWS\system32\iYlo0g33e6.dll
C:\WINDOWS\system32\iZlmuTHA.dll
C:\WINDOWS\system32\j00s0ad7ed0.dll
C:\WINDOWS\system32\j06m0aj1edo.dll
C:\WINDOWS\system32\j0n20a5oed.dll
C:\WINDOWS\system32\j40sled71h0.dll
C:\WINDOWS\system32\j6n20g5oe6.dll
C:\WINDOWS\system32\j6p00g7me6.dll
C:\WINDOWS\system32\j6p0lg7m16.dll
C:\WINDOWS\system32\j82qlif5182.dll
C:\WINDOWS\system32\j8l40i3qe8.dll
C:\WINDOWS\system32\j8l4li3q18.dll
C:\WINDOWS\system32\j8p00i7me8.dll
C:\WINDOWS\system32\j8p0li7m18.dll
C:\WINDOWS\system32\jrj0251mg.dll
C:\WINDOWS\system32\jt0m07d1e.dll
C:\WINDOWS\system32\jt0o07d3e.dll
C:\WINDOWS\system32\jt2007fme.dll
C:\WINDOWS\system32\jt2607fse.dll
C:\WINDOWS\system32\jt8607lse.dll
C:\WINDOWS\system32\jt8m07l1e.dll
C:\WINDOWS\system32\jtjs0717e.dll
C:\WINDOWS\system32\jtl4073qe.dll
C:\WINDOWS\system32\jtn6075se.dll
C:\WINDOWS\system32\jtp8077ue.dll
C:\WINDOWS\system32\k2lq0c35ef.dll
C:\WINDOWS\system32\k4260efseh260.dll
C:\WINDOWS\system32\k8jsli1718.dll
C:\WINDOWS\system32\k8no0i53e8.dll
C:\WINDOWS\system32\kdymgr.dll
C:\WINDOWS\system32\kj2ul7f91.dll
C:\WINDOWS\system32\kldpo.dll
C:\WINDOWS\system32\kt0ol7d31.dll
C:\WINDOWS\system32\kt2ul7f91.dll
C:\WINDOWS\system32\kt40l7hm1.dll
C:\WINDOWS\system32\kt4ql7h51.dll
C:\WINDOWS\system32\kt4sl7h71.dll
C:\WINDOWS\system32\ktj2l71o1.dll
C:\WINDOWS\system32\ktlml7311.dll
C:\WINDOWS\system32\ktnml7511.dll
C:\WINDOWS\system32\ktr4l79q1.dll
C:\WINDOWS\system32\ktrsl7971.dll
C:\WINDOWS\system32\kudusl.dll
C:\WINDOWS\system32\l06olaj31do.dll
C:\WINDOWS\system32\l4n4le5q1h.dll
C:\WINDOWS\system32\l6p20g7oe6.dll
C:\WINDOWS\system32\l8p20i7oe8.dll
C:\WINDOWS\system32\lcadperf.dll
C:\WINDOWS\system32\lt2027fmg.dll
C:\WINDOWS\system32\lt4027hmg.dll
C:\WINDOWS\system32\lv2609fse.dll
C:\WINDOWS\system32\lv2809fue.dll
C:\WINDOWS\system32\lv4409hqe.dll
C:\WINDOWS\system32\lv8809lue.dll
C:\WINDOWS\system32\lvjs0917e.dll
C:\WINDOWS\system32\lvlo0933e.dll
C:\WINDOWS\system32\lvp0097me.dll
C:\WINDOWS\system32\lvru0999e.dll
C:\WINDOWS\system32\m046lahs1d46.dll
C:\WINDOWS\system32\m2280cfuef280.dll
C:\WINDOWS\system32\m2lslc371f.dll
C:\WINDOWS\system32\m4po0e73eh.dll
C:\WINDOWS\system32\m6rmlg9116.dll
C:\WINDOWS\system32\m828lifu1828.dll
C:\WINDOWS\system32\MCIMRT32.DLL
C:\WINDOWS\system32\mI28lifu1828.dll
C:\WINDOWS\system32\mjiseq.dll
C:\WINDOWS\system32\mlg4dmod.dll
C:\WINDOWS\system32\mlicda.dll
C:\WINDOWS\system32\mmrmsg.dll
C:\WINDOWS\system32\muutb.dll
C:\WINDOWS\system32\mv06l9ds1.dll
C:\WINDOWS\system32\mv0ql9d51.dll
C:\WINDOWS\system32\mv4ol9h31.dll
C:\WINDOWS\system32\mvj0l91m1.dll
C:\WINDOWS\system32\mvj8l91u1.dll
C:\WINDOWS\system32\mvjul9191.dll
C:\WINDOWS\system32\mvnol9531.dll
C:\WINDOWS\system32\mvp0l97m1.dll
C:\WINDOWS\system32\mvr8l99u1.dll
C:\WINDOWS\system32\mvrql9951.dll
C:\WINDOWS\system32\mvrul9991.dll
C:\WINDOWS\system32\mwexch40.dll
C:\WINDOWS\system32\n0l80a3ued.dll
C:\WINDOWS\system32\n0p4la7q1d.dll
C:\WINDOWS\system32\n22u0cf9ef2.dll
C:\WINDOWS\system32\n22ulcf91f2.dll
C:\WINDOWS\system32\n26qlcj51fo.dll
C:\WINDOWS\system32\n2r20c9oef.dll
C:\WINDOWS\system32\n46qlej51ho.dll
C:\WINDOWS\system32\n6p4lg7q16.dll
C:\WINDOWS\system32\n8n6li5s18.dll
C:\WINDOWS\system32\nwtman.dll
C:\WINDOWS\system32\o0840alqedqe0.dll
C:\WINDOWS\system32\o2pqlc751f.dll
C:\WINDOWS\system32\o2ro0c93ef.dll
C:\WINDOWS\system32\o4840elqehqe0.dll
C:\WINDOWS\system32\o4pq0e75eh.dll
C:\WINDOWS\system32\o8lu0i39e8.dll
C:\WINDOWS\system32\oxmanage.dll
C:\WINDOWS\system32\p2r40c9qef.dll
C:\WINDOWS\system32\p4r40e9qeh.dll
C:\WINDOWS\system32\p6r40g9qe6.dll
C:\WINDOWS\system32\p8r4li9q18.dll
C:\WINDOWS\system32\pDpnetsh.dll
C:\WINDOWS\system32\q0nu0a59ed.dll
C:\WINDOWS\system32\q268lcju1fo8.dll
C:\WINDOWS\system32\q4rq0e95eh.dll
C:\WINDOWS\system32\q4rqle951h.dll
C:\WINDOWS\system32\q886lils18q6.dll
C:\WINDOWS\system32\q8nu0i59e8.dll
C:\WINDOWS\system32\r28slcl71fq.dll
C:\WINDOWS\system32\r66ulgj916o.dll
C:\WINDOWS\system32\raipxmib.dll
C:\WINDOWS\system32\rtched20.dll
C:\WINDOWS\system32\rtnd.dll
C:\WINDOWS\system32\rZsman.dll
C:\WINDOWS\system32\s6rs0g97e6.dll
C:\WINDOWS\system32\s6rslg9716.dll
C:\WINDOWS\system32\skbcsp.dll
C:\WINDOWS\system32\snsvc.dll
C:\WINDOWS\system32\t68ulgl916q.dll
C:\WINDOWS\system32\tskwks.dll
C:\WINDOWS\system32\u6rulg9916.dll
C:\WINDOWS\system32\ucrvpa.dll
C:\WINDOWS\system32\uidmxfrm.dll
C:\WINDOWS\system32\uinpui.dll
C:\WINDOWS\system32\uknpui.dll
C:\WINDOWS\system32\uoat.dll
C:\WINDOWS\system32\VCBLOCK.dll
C:\WINDOWS\system32\waaservc.dll
C:\WINDOWS\system32\wnnfax.dll
C:\WINDOWS\system32\wpnrnr.dll
C:\WINDOWS\system32\xHcqp0.dll
C:\WINDOWS\system32\guard.tmp
RStarrett
2006-09-15, 22:03
Granting sedebugprivilege to Administrators ... successful
((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\repairs303169590.dll_tobedeleted
C:\Documents and Settings\Mom\Application Data\Sskuknwrd.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\ac2_0003.exe
C:\dfndrff_17.exe
C:\deskbar3.exe
C:\kybrdff_17.exe
C:\nwnmb_2.exe
C:\webnexmknew.exe
C:\WINDOWS\system32\BattyRun.dll
C:\WINDOWS\system32\bez6n4r21.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\gbe90qs.exe
C:\RDFX4.exe
C:\visfx500new.exe
C:\WINDOWS\system32bez6n4r21.exe
C:\WINDOWS\visfx500.exe
C:\WINDOWS\RDFX4.exe
C:\WINDOWS\uni_ehhhh.exe
C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\simtest
C:\Program Files\batty2
C:\Program Files\cmfibula
C:\Program Files\PSLister
C:\Program Files\RegiFast
C:\Program Files\windows
C:\Program Files\Common Files\{08FD4776-0256-1033-0918-051114200001}
C:\Program Files\Common Files\{08FD4776-069F-1033-0918-051114200001}
C:\Program Files\Deskbar
((((((((((((((((((((((((((((((( Files Created from 2006-08-11 to 2006-09-11 ))))))))))))))))))))))))))))))))))
2006-09-10 09:15 78,300 --a------ C:\ctps.exe
2006-09-07 21:20 88,064 --a------ C:\WINDOWS\system32\nlkfev7foxgq.exe
2006-09-07 21:04 88,064 --a------ C:\WINDOWS\system32\mlsdf8hludnw.exe
2006-09-07 19:24 88,064 --a------ C:\WINDOWS\system32\sklrr7yfoxgqzis.exe
2006-09-06 20:00 88,064 --a------ C:\WINDOWS\system32\nlkfev7pzir.exe
2006-09-06 17:42 32,768 --a------ C:\WINDOWS\hexdsszk.exe
2006-09-06 17:41 88,064 --a------ C:\WINDOWS\system32\mlsdf8hdnwfoxh.exe
2006-09-06 17:41 78,300 --a------ C:\ntp.exe
2006-09-05 19:20 235,130 -r--s---- C:\WINDOWS\system32\dwprpres.dll
2006-09-05 16:33 45,056 --a------ C:\TIGEN001.exe
2006-08-28 05:47 32,768 --a------ C:\WINDOWS\acrlbjbc.exe
2006-08-27 01:53 28,672 --a------ C:\WINDOWS\system32ra8pv.exe
2006-08-27 01:53 24,576 --a------ C:\WINDOWS\system32ha3f.exe
2006-08-27 01:53 0 --a------ C:\WINDOWS\system32fufudc.exe
2006-08-26 22:56 28,672 --a------ C:\WINDOWS\system32\ra8pv.exe
2006-08-26 22:56 24,576 --a------ C:\WINDOWS\system32\ha3f.exe
2006-08-24 02:23 78,916 --a------ C:\dcrypt.exe
2006-08-23 21:27 214,749 --a------ C:\WINDOWS\srvrluysce.exe
2006-08-23 21:26 507,904 --a------ C:\814.exe
2006-08-19 21:25 32,768 --a------ C:\WINDOWS\hwbmfbjd.exe
2006-08-19 18:49 2,292 --a------ C:\regfile.pif
2006-08-16 23:49 230,864 --a------ C:\windr32.exe
2006-08-16 23:49 137,456 --a------ C:\WINDOWS\aupdate32.exe
2006-08-16 18:43 349,340 --a------ C:\803_104.exe
2006-08-11 11:42 32,768 --a------ C:\WINDOWS\fxogzhbg.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-09-11 15:20 -------- d-------- C:\Program Files\Common Files
2006-09-10 16:34 -------- d-------- C:\Program Files\Common Files\uuof
2006-09-08 20:29 -------- d-------- C:\Program Files\Internet Explorer
2006-09-08 19:32 -------- d-------- C:\Documents and Settings\Jordan\Application Data\Lavasoft
2006-09-08 19:23 -------- d-------- C:\Program Files\SpywareBlaster
2006-09-07 19:26 -------- d-------- C:\Program Files\PSCloner
2006-09-06 20:44 -------- d-------- C:\Program Files\Ckac
2006-09-06 20:06 -------- d-------- C:\Program Files\Lavasoft
2006-09-05 20:33 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-05 20:33 -------- d-------- C:\Program Files\AOL
2006-09-05 19:53 -------- d-------- C:\Program Files\Spyware Doctor
2006-09-05 17:11 56 -r-hs---- C:\WINDOWS\system32\5EEF24F715.sys
2006-09-05 17:11 3610 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-09-05 16:33 928 --a------ C:\WINDOWS\system32\winpfg32.sys
2006-08-17 15:02 78916 --a------ C:\regedit.pif
2006-08-14 16:16 -------- d-------- C:\Program Files\Batty
2006-08-09 23:04 32768 --a------ C:\WINDOWS\rynntdtm.exe
2006-08-07 11:17 61440 --a------ C:\WINDOWS\system32\BattyRun2.dll
2006-08-06 16:20 86528 --a------ C:\WINDOWS\system32\nlkfev7hyphyp.exe
2006-08-06 16:20 77372 --a------ C:\stvp.exe
2006-08-06 15:49 86528 --a------ C:\WINDOWS\system32\cjnr4r4zrizs.exe
2006-08-05 19:25 65024 -r-hs---- C:\WINDOWS\svslogon.exe
2006-08-05 15:36 86528 --a------ C:\WINDOWS\system32\sklrr7ygypgyqha.exe
2006-07-31 12:09 24576 --a------ C:\WINDOWS\system32\ewxcksr.exe
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 19:48 -------- d-------- C:\Program Files\Google
2006-07-26 18:52 -------- d-------- C:\Documents and Settings\Jordan\Application Data\Google
2006-07-24 21:34 32768 --a------ C:\WINDOWS\snikdncs.exe
2006-07-24 15:34 10752 --a------ C:\msdev.exe
2006-07-23 23:43 27476 --a------ C:\installerwnusnewer.exe
2006-07-21 20:51 11264 --a------ C:\host.exe
2006-07-21 17:40 9728 --a------ C:\setup64.exe
2006-07-21 16:07 10752 --a------ C:\itunes32b.exe
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-20 19:15 11264 --a------ C:\setup32.exe
2006-07-20 15:58 586656 --a------ C:\626_101newer.exe
2006-07-20 15:57 10752 --a------ C:\dscf.exe
2006-07-19 20:23 9216 --a------ C:\setup.exe
2006-07-19 19:30 9216 --a------ C:\system64.exe
2006-07-19 19:20 676 --a------ C:\system32.exe
2006-07-19 17:35 9216 --a------ C:\install32.exe
2006-07-19 15:56 9216 --a------ C:\ins32.exe
2006-07-19 15:49 9728 --a------ C:\install.exe
2006-07-19 15:49 407077 --a------ C:\yazzle.exe
2006-07-19 15:49 242230 --a------ C:\siteError.exe
2006-07-18 16:01 10752 --a------ C:\hostsmgr.exe
2006-07-18 15:47 11264 --a------ C:\ipod32.exe
2006-07-17 21:05 169889 --a------ C:\comscore.exe
2006-07-17 20:49 587104 --a------ C:\626_101new.exe
2006-07-17 18:36 -------- d-------- C:\Program Files\Trend Micro
2006-07-12 22:09 32768 --a------ C:\WINDOWS\yhawrifp.exe
2006-07-12 21:34 676 --a------ C:\googlebar.com
2006-07-12 21:04 32768 --a------ C:\WINDOWS\wnpcxnkd.exe
2006-07-11 21:35 32768 --a------ C:\WINDOWS\riyoaiwh.exe
2006-07-10 21:19 32768 --a------ C:\WINDOWS\mhbyvxxf.exe
2006-07-10 01:02 32768 --a------ C:\WINDOWS\pyxiyttc.exe
2006-07-09 12:38 32768 --a------ C:\WINDOWS\kbgyrqms.exe
2006-07-09 02:27 286 --a------ C:\WINDOWS\autoupdate.bat
2006-07-08 08:38 11776 --a------ C:\pcdoctor.com
2006-07-07 09:09 202768 --a------ C:\drwin32.exe
2006-07-06 11:13 32768 --a------ C:\WINDOWS\rmqdcrnu.exe
2006-07-05 21:40 32768 --a------ C:\WINDOWS\zekbbmdp.exe
2006-07-05 21:18 268 --a------ C:\WINDOWS\comexec.bat
2006-07-05 02:23 677 --a------ C:\cmdhost.exe
2006-07-02 11:47 32976 --a------ C:\WINDOWS\system32\uninstIcn.exe
2006-07-02 11:45 1063 --a------ C:\WINDOWS\system32\gbi7b0a1.sys
2006-06-28 13:00 11416 --a------ C:\installerwnus.exe
2006-06-28 12:01 32768 --a------ C:\WINDOWS\imqcuwic.exe
2006-06-27 21:00 677 --a------ C:\drweb64.exe
2006-06-27 17:20 32768 --a------ C:\WINDOWS\mrlobtgo.exe
2006-06-25 13:21 454656 --a------ C:\regifast.exe
2006-06-23 08:18 328704 --a------ C:\WINDOWS\system32\pre.exe
2006-06-20 18:32 680 --a------ C:\bootcon.exe
2006-06-20 09:18 298435 --a------ C:\svchost.exe
2006-06-17 20:41 69632 --a------ C:\WINDOWS\system32\ihdghmho.dll
2006-06-14 22:18 154 --a------ C:\WINDOWS\comfix.bat
2006-06-12 15:23 301956 --a------ C:\Tagasaurus.exe
2006-06-12 15:09 10752 --a------ C:\WINDOWS\system32\Shlesb.dll
2006-06-11 18:54 350 --a------ C:\WINDOWS\booin.dll
2006-06-11 18:07 32768 --a------ C:\WINDOWS\ixcgmumo.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\TMAS_OE\\TMAS_OEMon.exe\""
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"uuof"="C:\\PROGRA~1\\COMMON~1\\uuof\\uuofm.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"PRONoMgrWired"="C:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PRONoMgr.exe"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"Dell Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mimboot.exe"
"MMTray"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mm_tray.exe"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1135447446\\ee\\AOLSoftware.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"sys09150816630"="C:\\WINDOWS\\sys09150816630.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://kiss-dollz.site.voila.fr/curseurro.gif"
"SubscribedURL"="http://kiss-dollz.site.voila.fr/curseurro.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,3c,02,00,00,45,01,00,00,44,00,00,00,20,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,e7,02,00,00,45,01,00,00,20,00,00,00,20,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,d2,00,41,c0,b4,74,c0,be,bd,04,68,de,d2,00,20,6d,\
d2,00,f8,df,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="http://groups.msn.com/_Secure/0QwAAAEsUN7S8FxAoBsMMgrk0U1PFT76!oh8HIrfROtSdYnyQgxNYXZLJe6akZiW*TZlsR0zp1Ut78MlDHKgM4y4FTdPIBn5L!A9owbFPyCM/ppp.gif?dc=4675512644433676074"
"SubscribedURL"="http://groups.msn.com/_Secure/0QwAAAEsUN7S8FxAoBsMMgrk0U1PFT76!oh8HIrfROtSdYnyQgxNYXZLJe6akZiW*TZlsR0zp1Ut78MlDHKgM4y4FTdPIBn5L!A9owbFPyCM/ppp.gif?dc=4675512644433676074"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,12,02,00,00,23,00,00,00,5e,01,00,00,01,01,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,02,00,00,23,00,00,00,5e,01,00,00,01,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,b5,07,41,c0,b4,74,18,0a,f9,08,68,de,b5,07,20,6d,\
b5,07,04,04,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,38,01,00,00,00,00,00,00,c8,02,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,38,01,00,00,00,00,00,00,c8,02,00,00,e2,02,\
00,00,01,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
"{08FD4776-069F-1033-0918-051114200001}"="\"C:\\Program Files\\Common Files\\{08FD4776-069F-1033-0918-051114200001}\\Update.exe\" mc-110-12-0000488"
"{08FD4776-0256-1033-0918-051114200001}"="\"C:\\Program Files\\Common Files\\{08FD4776-0256-1033-0918-051114200001}\\Update.exe\" mc-110-12-0000488"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
"{08FD4776-069F-1033-0918-051114200001}"="\"C:\\Program Files\\Common Files\\{08FD4776-069F-1033-0918-051114200001}\\Update.exe\" mc-110-12-0000488"
"{08FD4776-0256-1033-0918-051114200001}"="\"C:\\Program Files\\Common Files\\{08FD4776-0256-1033-0918-051114200001}\\Update.exe\" mc-110-12-0000488"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Completion time: Mon 09/11/2006 15:25:35.21
ComboFix.txt
LonnyRJones
2006-09-15, 22:20
Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.
REGEDIT4
;
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinMedia"=-
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinMedia"=-
[-HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.
Download Pocket Killbox to the desktop (version 2.0.0.648)
http://www.downloads.subratam.org/KillBox.exe
If you already have killbox ensure it is the latest version. ?
Start Killbox place a tick next to [x]Delete on reboot Press the ALL Files button
Copy this whole list into the windows clipboard, all the Bolded below.
C:\mt2560.exe
C:\mt.exe
C:\ctps.exe
C:\WINDOWS\hexdsszk.exe
C:\ntp.exe
C:\TIGEN001.exe
C:\WINDOWS\acrlbjbc.exe
C:\WINDOWS\system32ra8pv.exe
C:\WINDOWS\system32ha3f.exe
C:\WINDOWS\system32fufudc.exe
C:\WINDOWS\system32\ra8pv.exe
C:\WINDOWS\system32\ha3f.exe
C:\WINDOWS\srvrluysce.exe
C:\814.exe
C:\WINDOWS\hwbmfbjd.exe
C:\regfile.pif
C:\windr32.exe
C:\WINDOWS\aupdate32.exe
C:\803_104.exe
C:\WINDOWS\fxogzhbg.exe
C:\WINDOWS\rynntdtm.exe
C:\WINDOWS\system32\BattyRun2.dll
C:\WINDOWS\system32\ewxcksr.exe
C:\WINDOWS\snikdncs.exe
C:\msdev.exe
C:\installerwnusnewer.exe
C:\host.exe
C:\setup64.exe
C:\itunes32b.exe
C:\setup32.exe
C:\pcdoctor.com
C:\drwin32.exe
C:\drweb64.exe
C:\regifast.exe
C:\bootcon.exe
C:\svchost.exe
C:\cmdhost.exe
C:\626_101newer.exe
C:\dscf.exe
C:\setup.exe
C:\system64.exe
C:\system32.exe
C:\install32.exe
C:\ins32.exe
C:\install.exe
C:\yazzle.exe
C:\siteError.exe
C:\hostsmgr.exe
C:\ipod32.exe
C:\comscore.exe
C:\626_101new.exe
C:\WINDOWS\yhawrifp.exe
C:\googlebar.com
C:\WINDOWS\system32\winpfg32.sys
C:\WINDOWS\wnpcxnkd.exe
C:\WINDOWS\riyoaiwh.exe
C:\WINDOWS\mhbyvxxf.exe
C:\WINDOWS\pyxiyttc.exe
C:\WINDOWS\kbgyrqms.exe
C:\WINDOWS\autoupdate.bat
C:\WINDOWS\rmqdcrnu.exe
C:\WINDOWS\zekbbmdp.exe
C:\WINDOWS\comexec.bat
C:\WINDOWS\system32\uninstIcn.exe
C:\WINDOWS\system32\gbi7b0a1.sys
C:\installerwnus.exe
C:\WINDOWS\imqcuwic.exe
C:\WINDOWS\system32\ihdghmho.dll
C:\WINDOWS\mrlobtgo.exe
C:\WINDOWS\system32\pre.exe
Back in Killbox go > file > paste from clipboard,
Click the red highlighted X button and say yes to the prompt to restart the pc.
Killbox will have placed backups in a folder it create's just incase we have accidently deleted
a lagit file, here c:\!killbox
Manualy delete these folders
C:\Program Files\Batty
C:\Program Files\PSCloner
C:\Program Files\Common Files\uuof
How old is your trend antivirus program, I assume it is the same one supplied from when you bought the PC ?
RStarrett
2006-09-15, 22:59
I followed all the instructions and I can say that I dont see the pop ups any more. Also, and probably more important the firewall is back on and the updates for windows and the virus software are back on. The fact that this virus shut off the firewall and updates had me really worried. I am running McAfee virus on this laptop, version 7.1, it is a corporate copy they give us to run on our home machines. But this is my daughters machine and I am not sure how long it was not updating. I ran the Trend online scan for the online scan you wanted to see. I deal with Trend products at work and I like the company. I ran Hijackthis again for you. I really appreciate the help.
Logfile of HijackThis v1.99.1
Scan saved at 4:51:21 PM, on 9/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\AOL\1135447446\ee\AOLSoftware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HighJackThis\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135447446\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
LonnyRJones
2006-09-15, 23:10
Looks ok, post back in a few days and let us know of any problems.
Update suns java manualy
Sun Java "Java Runtime Environment (JRE) 5.0 Update 8" is Available:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Afterwards it's important to uninstall the old version's via addremove programs.
Ensure all chat, media players and messenger programs are the most recent versions.
RStarrett
2006-09-17, 16:42
The laptop is running much better then is was. I have not had any pop ups or other unwanted junk appearing in the screen. The only thing I am seeing is an occasional McAfee meesage about a Trojan. They appear to always be located in C:\System Volume Information\_restore{ and a bunch of alphanumerics, McAfee seems to delete them. Should I be concerned with this behavior? I just got another of these as I was typing this. The last time I ran Spybot it came up clean, Trends online scan found some minor stuff but claimed it cleaned everything.
Thank you very much for your assistance.
LonnyRJones
2006-09-17, 19:00
Thats sounds like normal behavior, not to worry.
Purge System Restore
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Then Reboot. < Dont skip that step.
Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
RStarrett
2006-09-17, 22:48
Thank you very much, it looks good now. I really appreciate all of your help.
LonnyRJones
2006-09-21, 14:27
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let one of us know via a PM (personal message).