andiesmom
1 Nickel

wJQs.exe Good file or Bad?

 

I found wJQs.exe while checking McAfee log file which said it was prevented from accessing the internet.  Search results found it in 3 places, Windows\Prefetch,

C:\Documents/settings\myname\localsettings\temp, and sorry but can't remember the other location.  I verified that mcafee was up to date and scanned several times but didn't detect anything.  I cleaned out cookies and now only see it in C:\Document\settings\myname\localsettings\temp.  I also found DLLHOST.EXE in 4 locations--3 were in lower case and 1 in uppercase letters.  The one in uppercase was also in windows/prefetch and was 60KB, and in properties the description was "unknown".  The others were 5.0 kb and description was "COM surragate" and I believe they were located in C:\Windows\system32, and in c:\windows\servicepack.   I now cannot find the larger file but then, I don't know what windows\prefetch is so maybe what I am seeing is normal?   I search for wJQs.exe on McAfee and found nothing but when I googled it, I found some things that scared me on both of the files I have mentioned.  I downloaded Hijackthis as the instructions said and is shown below, I hope I did it correctly and will appreciate help if I have something I should not have on my pc.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:56 AM, on 2/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\dlbucoms.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) -
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - hxxp://mvt.mcafee.com/mvt/bin/2,4,1,0/mvt.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 10384 bytes

 

 

0 Kudos
16 Replies
7- Gold

Re: wJQs.exe Good file or Bad?

Welcome. Thank you for using Dell Community Forums.

I am reviewing your log. In the meantime, you can help me by addressing the following:

* Have you have posted this issue on another forum? If so, please provide a link to the topic.

* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly.

* If you are using any cracked software, please remove it. Definition of cracked software HERE.

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.  The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a list HERE.    

* If this computer belongs to someone else, do you have authority to apply the fixes we will use?

* Have you already fixed entries using HijackThis? If so, please restore all the backups and then post another log.

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

* During the course of our cleanup please do not do any additional online work or surfing until we have verified that your system is clean.

* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

* If your replies do not fit in one post while we are handling your issue, please reply to yourself until all text is submitted. It may take several posts.

I look forward to your reply so we can begin cleaning.

Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log at the top of this board to start a new forum topic.

 


Windows Insider MVP 2016 -

Microsoft MVP - Consumer Security 2006-2016

Social Media and Community Professional
SpywareHammer

I am not a Microsoft or a Dell employee. I am a volunteer.

 

0 Kudos
andiesmom
1 Nickel

Re: wJQs.exe Good file or Bad?

Hi and thanks for your quick reply,

No, I have not posted this issue on another forum.

No, I have not disabled system Restore.

NO, to the best of my knowledge, I am not using any cracked software.

No file sharing programs except MSM Messenger installed and I have not used it for at least 2 years or longer.  Not sure where to uninstall this from?

Yes, this is my computer and I have the authority to apply the fixes.

No I have not fixed entries using HijackThis.  Nothing was check marked.

I will not do any other online work and will try very hard to follow any instructions you may give me.

I will reply to My posts when submitting text from this forward.

Thanks, Linda

 

0 Kudos
7- Gold

Re: wJQs.exe Good file or Bad?


We need to see some additional information about what is happening in your machine.

  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • Click Yes at the prompt for Optional Scan.
  • When done, DDS will open two (2) logs
  • 1. DDS.txt
    2. Attach.txt

  • Save both reports to your desktop.
  • Copy/paste both logs to your reply on the forum.
  • Close the program window, and delete the program from your desktop.
  • Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.


    Windows Insider MVP 2016 -

    Microsoft MVP - Consumer Security 2006-2016

    Social Media and Community Professional
    SpywareHammer

    I am not a Microsoft or a Dell employee. I am a volunteer.

     

    0 Kudos
    andiesmom
    1 Nickel

    Re: wJQs.exe Good file or Bad?

    My McAfee Security Center Icon does not have the "disable" option as my last version did.  I went in securtiy center and disabled everything I could find to disable, however, when I viewed the DDS,text file under Running Processes, it looked like part of mcafee was still running.  I disabled real time scanning, firewall protection, spyware protection, script, etc.  and the center turned pink and said I was not protected.  Should I go on and post the 2 files, or is there another way to disable av?  Sorry to ask  but have looked everywhere for a way of disabling the whole A/V program.

    Thanks, Linda

    0 Kudos
    7- Gold

    Re: wJQs.exe Good file or Bad?

    If DDS ran and  you did not get errors, I think you're okay to post, but please enable them again now that we are finished with DDS.


    Windows Insider MVP 2016 -

    Microsoft MVP - Consumer Security 2006-2016

    Social Media and Community Professional
    SpywareHammer

    I am not a Microsoft or a Dell employee. I am a volunteer.

     

    0 Kudos
    Highlighted
    andiesmom
    1 Nickel

    Re: wJQs.exe Good file or Bad?

    Yes, I did enable AV before connecting to the internet, but thanks for reminder.


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-02-01.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/26/2004 11:11:05 PM
    System Uptime: 2/21/2009 11:30:32 PM (19 hours ago)

    Motherboard: Dell Inc.           |  | 0M3918
    Processor:               Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 146 GiB total, 118.052 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 12/31/2008 2:45:23 AM - System Checkpoint
    RP2: 1/1/2009 2:48:58 AM - System Checkpoint
    RP3: 1/2/2009 3:12:39 AM - System Checkpoint
    RP4: 1/3/2009 3:49:02 AM - System Checkpoint
    RP5: 1/4/2009 5:13:01 AM - System Checkpoint
    RP6: 1/5/2009 5:48:59 AM - System Checkpoint
    RP7: 1/6/2009 6:49:00 AM - System Checkpoint
    RP8: 1/7/2009 7:50:13 AM - System Checkpoint
    RP9: 1/8/2009 8:48:59 AM - System Checkpoint
    RP10: 1/9/2009 8:50:04 AM - System Checkpoint
    RP11: 1/10/2009 10:17:00 AM - System Checkpoint
    RP12: 1/11/2009 10:53:44 AM - System Checkpoint
    RP13: 1/12/2009 11:53:44 AM - System Checkpoint
    RP14: 1/13/2009 12:53:44 PM - System Checkpoint
    RP15: 1/13/2009 6:00:16 PM - Software Distribution Service 3.0
    RP16: 1/14/2009 7:00:02 PM - System Checkpoint
    RP17: 1/15/2009 8:46:50 PM - System Checkpoint
    RP18: 1/16/2009 9:26:31 PM - System Checkpoint
    RP19: 1/17/2009 9:31:29 PM - System Checkpoint
    RP20: 1/18/2009 11:03:21 PM - System Checkpoint
    RP21: 1/19/2009 11:32:33 PM - System Checkpoint
    RP22: 1/21/2009 1:42:56 AM - System Checkpoint
    RP23: 1/22/2009 1:52:30 AM - System Checkpoint
    RP24: 1/23/2009 2:31:28 AM - System Checkpoint
    RP25: 1/24/2009 3:31:32 AM - System Checkpoint
    RP26: 1/25/2009 4:01:52 AM - System Checkpoint
    RP27: 1/26/2009 5:01:52 AM - System Checkpoint
    RP28: 1/27/2009 6:01:52 AM - System Checkpoint
    RP29: 1/28/2009 7:01:52 AM - System Checkpoint
    RP30: 1/29/2009 7:58:22 AM - System Checkpoint
    RP31: 1/30/2009 8:35:00 AM - System Checkpoint
    RP32: 1/31/2009 8:49:35 AM - System Checkpoint
    RP33: 2/1/2009 9:25:36 AM - System Checkpoint
    RP34: 2/2/2009 10:15:11 AM - System Checkpoint
    RP35: 2/3/2009 11:15:11 AM - System Checkpoint
    RP36: 2/4/2009 4:43:02 PM - System Checkpoint
    RP37: 2/5/2009 5:04:01 PM - System Checkpoint
    RP38: 2/6/2009 6:04:01 PM - System Checkpoint
    RP39: 2/7/2009 8:05:17 PM - System Checkpoint
    RP40: 2/8/2009 8:05:40 PM - System Checkpoint
    RP41: 2/9/2009 9:26:24 PM - System Checkpoint
    RP42: 2/10/2009 10:04:01 PM - System Checkpoint
    RP43: 2/11/2009 6:00:16 PM - Software Distribution Service 3.0
    RP44: 2/13/2009 6:41:51 PM - System Checkpoint
    RP45: 2/14/2009 7:59:44 PM - System Checkpoint
    RP46: 2/15/2009 9:26:00 PM - System Checkpoint
    RP47: 2/16/2009 10:36:45 PM - System Checkpoint
    RP48: 2/18/2009 12:46:47 AM - System Checkpoint
    RP49: 2/19/2009 12:58:51 AM - System Checkpoint
    RP50: 2/20/2009 1:55:22 AM - System Checkpoint
    RP51: 2/21/2009 2:17:26 AM - System Checkpoint
    RP52: 2/22/2009 2:53:32 AM - System Checkpoint

    ==== Installed Programs ======================

    ABBYY FineReader 5.0 Sprint Plus
    Adobe Flash Player 10 ActiveX
    Adobe Reader 7.1.0
    Apple Mobile Device Support
    Apple Software Update
    ATI Control Panel
    ATI Display Driver
    Bonjour
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon G.726 WMP-Decoder
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon Internet Library for ZoomBrowser EX
    Canon IXY 200a, PowerShot S200, IXUS v2 WIA Driver
    Canon MovieEdit Task for ZoomBrowser EX
    Canon Photo
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RAW Image Converter2
    Canon Utilities RemoteCapture 2.4
    Canon Utilities RemoteCapture DC
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    CardRd81
    CCScore
    Conexant D850 56K V.9x DFVc Modem
    Corel Photo Album 6
    Corel Photo Album Additional Content
    CR2
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Media Experience
    Dell Media Experience Update
    Dell Photo AIO Printer 942
    Dell Support Center (Support Software)
    DellConnect
    DellSupport
    Digital Line Detect
    EarthLink setup files
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSSONIC
    ESSTOOLS
    essvatgt
    Family Tree Maker 2005
    FastAccess® DSL Help Center 4.3
    Get High Speed Internet!
    HijackThis 2.0.2
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Intel(R) PRO Network Adapters and Drivers
    Intel(R) PROSet for Wired Connections
    Internet Explorer Default Page
    iTunes
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    Jasc Paint Shop Photo Album
    Jasc Paint Shop Pro 8 Dell Edition
    Java 2 Runtime Environment, SE v1.4.2_03
    Java 2 Runtime Environment, SE v1.4.2_06
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    kgcbase
    KODAK EASYSHARE Gallery Upload ActiveX Control
    Kodak EasyShare software
    Learn2 Player (Uninstall Only)
    McAfee SecurityCenter
    McAfee Shredder
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Basic Edition 2003
    Microsoft Plus! Digital Media Edition
    Microsoft Plus! Digital Media Edition Installer
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    MobileMe Control Panel
    Modem Helper
    MSN
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    Musicmatch® Jukebox
    My Way Search Assistant
    netbrdg
    NetWaiting
    NetZeroInstallers
    OfotoXMI
    Personal Ancestral File 5
    Personal Ancestral File Companion 5.1
    Photo Click
    PowerDVD 5.3
    Qualxserve Service Agreement
    QuickTime
    RealPlayer Basic
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB960715)
    SFR
    SFR2
    SHASTA
    skin0001
    SKINXSDK
    Sonic DLA
    Sonic RecordNow! Plus
    Sonic Update Manager
    staticcr
    tooltips
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    URGE
    VIANSOFT® Church Contribution System (Release 4)
    VIANSOFT® Church Treasurer (Release 4)
    Viewpoint Media Player
    VPRINTOL
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows XP Service Pack 3
    WIRELESS

    ==== End Of File ===========================

    0 Kudos
    andiesmom
    1 Nickel

    Re: wJQs.exe Good file or Bad?


    DDS (Ver_09-02-01.01) - NTFSx86 
    Run by LInda at 18:11:14.59 on Sun 02/22/2009
    Internet Explorer: 7.0.5730.11
    Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.551 [GMT -5:00]

    AV: McAfee VirusScan *On-access scanning disabled* (Updated)
    FW: McAfee Personal Firewall *disabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
    C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
    C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
    C:\WINDOWS\system32\dlbucoms.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\Documents and Settings\LInda\Desktop\dds.pif

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://my.att.net/
    uDefault_Page_URL = hxxp://www.dell4me.com/myway
    uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
    mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
    mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
    mRun: [Dell Photo AIO Printer 942] "c:\program files\dell photo aio printer 942\dlbubmgr.exe"
    mRun: [DellMCM] "c:\program files\dell photo aio printer 942\memcard.exe"
    mRun: [<NO NAME>]
    mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [HelpCenter4.1] c:\program files\fastaccessdsl\helpcenter43\bin\sprtcmd.exe /P HelpCenter4.1
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
    mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    Trusted Zone: bellsouth.com\www
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: musicmatch.com\online
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.snapfish.com/SnapfishActivia.cab
    DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
    DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} - hxxp://mvt.mcafee.com/mvt/bin/2,4,1,0/mvt.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-10 201320]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-25 206096]
    R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-2-10 359248]
    R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-2-10 144704]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-10 79304]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-10 35240]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-10 33832]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-10 40488]
    S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-2-10 695624]

    =============== Created Last 30 ================

    2009-02-22 00:36 <DIR> --d----- c:\program files\Trend Micro
    2009-02-20 16:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CrucialSoft Ltd
    2009-01-28 11:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PhotoStitch
    2009-01-24 16:05 <DIR> --d----- c:\docume~1\linda\applic~1\ZoomBrowser EX
    2009-01-24 13:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ZoomBrowser
    2009-01-24 13:10 <DIR> --d----- c:\program files\common files\Canon

    ==================== Find3M  ====================

    2009-02-14 15:27 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys
    2009-01-16 21:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
    2008-12-19 04:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
    2008-12-19 04:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
    2008-12-19 00:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
    2008-12-19 00:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
    2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
    2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
    2008-12-11 05:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
    2006-12-30 22:55 88 ---shr-- c:\windows\system32\3CC9BC5F4A.sys
    2008-08-31 00:41 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083120080901\index.dat

    ============= FINISH: 18:11:30.67 ===============

    0 Kudos
    7- Gold

    Re: wJQs.exe Good file or Bad?

    Please download ATF Cleaner by Atribune. This program is for XP, Vista, and Windows 2000 only

      Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select All Click the Empty Selected button.

    If you use Firefox browser

      Click Firefox at the top and choose: Select All Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

      Click Opera at the top and choose: Select All Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main menu to close the program. Please download to your desktop Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.

    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, Photobucket
      Click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Notes)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report into your next reply. Also include a fresh HijackThis log.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process; if asked to restart the computer, please do so immediately.

    If you encounter this message:
    "c:\program files\malwarebytes' Anti-Malware\mbamext.dll
    Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5"
    Click on ignore mbamext.dll * If you are unable to download or install MBAM on your computer, see if you can use a friend's or family member's computer to download MBAM. Use the update link mentioned above to manually update. Once downloaded, rename the program installer "mbam-setup.exe" file to something else like "lookinhere.exe". Copy the installer file and the update file to a CD or flash drive. Transfer the file to the infected computer. Install the "lookinhere.exe" file, then run the update so that you will have the current definitions. After that, run a full system scan and select to have the program REMOVE whatever it finds.


    Windows Insider MVP 2016 -

    Microsoft MVP - Consumer Security 2006-2016

    Social Media and Community Professional
    SpywareHammer

    I am not a Microsoft or a Dell employee. I am a volunteer.

     

    0 Kudos
    andiesmom
    1 Nickel

    Re: wJQs.exe Good file or Bad?

    Malwarebytes' Anti-Malware 1.34
    Database version: 1795
    Windows 5.1.2600 Service Pack 3

    2/22/2009 9:01:12 PM
    mbam-log-2009-02-22 (21-01-12).txt

    Scan type: Quick Scan
    Objects scanned: 84622
    Time elapsed: 4 minute(s), 7 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 9
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\CrucialSoft Ltd (Rogue.MSantispyware2009) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Documents and Settings\LInda\Local Settings\Temp\wJQs.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    MY HiJackThis File

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:08:23 PM, on 2/22/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
    C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
    C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
    C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
    C:\WINDOWS\system32\dlbucoms.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://bfc.myway.com/search/de_srchlft.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.att.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
    O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKUS\S-1-5-21-3081665311-1234046194-3565714009-1008\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User '?')
    O4 - HKUS\S-1-5-21-3081665311-1234046194-3565714009-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-3081665311-1234046194-3565714009-1009\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User '?')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - hxxp://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - hxxp://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
    O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - hxxp://mvt.mcafee.com/mvt/bin/2,4,1,0/mvt.cab
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

    --
    End of file - 10880 bytes

     

    0 Kudos