Unable to Delete TuneUp Utilities software-Error SDShelEx-win32 error

Question

Hi all,

I have my Dell Inspiron 1520 and recently have installed tuneup utilites 2007 and was trying to uninstall it and I got the error Cannot Delete SDShelEx-win32. And shortly after that I got the blue screen with 0x0000002 problem. Could someone analyze my log..

Thank You..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:32 PM, on 12/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\SOFTWA~1\AVG7~1\avgamsvr.exe
G:\SOFTWA~1\AVG7~1\avgupsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Citrix\GoToAssist\480\G2AProcessFactory.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
G:\Softwares\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\SOFTWA~1\AVG7~1\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\DOCUME~1\YOSSAR~1\LOCALS~1\Temp\MsData\svchost.exe
G:\SOFTWA~1\MESSEN~1\ymsgr_tray.exe
G:\Softwares\Mozilla FireFox 2.0\firefox.exe
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineTrayIcon.exe
G:\Softwares\AVG 7\avgwb.dat
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
G:\Softwares\FlashGet 1.9.4\flashget.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071115
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071115
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - G:\Softwares\FlashGet 1.9.4\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\Softwares\Real Player\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Softwares\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - G:\Softwares\FlashGet 1.9.4\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [iTunesHelper] "G:\Softwares\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] G:\SOFTWA~1\AVG7~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "G:\SOFTWA~1\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Dell DataSafe Scheduler] C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe
O4 - HKLM\..\Policies\Explorer\Run: [Winlogons] C:\WINDOWS\Winlogons.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] G:\SOFTWA~1\AVG7~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] G:\SOFTWA~1\AVG7~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3770233982-739296087-4025953167-1009\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" (User 'Quinn')
O4 - HKUS\S-1-5-21-3770233982-739296087-4025953167-1009\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" (User 'Quinn')
O4 - HKUS\S-1-5-21-3770233982-739296087-4025953167-1014\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" (User 'SqlServer')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] G:\SOFTWA~1\AVG7~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] G:\SOFTWA~1\AVG7~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - G:\Softwares\FlashGet 1.9.4\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - G:\Softwares\FlashGet 1.9.4\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Softwares\FlashGet 1.9.4\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Softwares\FlashGet 1.9.4\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - G:\Softwares\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - G:\Softwares\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197125681468
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D95B683-9C72-4E21-A4CA-9CB28C68FD42}: NameServer = 218.248.240.208 218.248.240.135
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\SOFTWA~1\AVG7~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\SOFTWA~1\AVG7~1\avgupsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10633 bytes

bamajim · Answer

aquinn_21

Please download Combofix and save to your desktop:

Note: It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Microsoft MVP Windows-Security

CastleCops Instructor

"The world is what you make of it"

aquinn_21 · Answer

(continued...)   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'COMODO Firewall Pro'='C:\Program Files\COMODO\Firewall\cfp.exe' [2007-12-08 12:17 1481984] 'iTunesHelper'='G:\Softwares\iTunes\iTunesHelper.exe' [2007-11-02 18:36 267048] 'googletalk'='C:\Program Files\Google\Google Talk\googletalk.exe' [2007-01-02 02:52 3739648] 'Dell QuickSet'='C:\Program Files\Dell\QuickSet\quickset.exe' [2007-07-04 01:27 1228800] 'Google Desktop Search'='C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe' [2007-12-13 10:20 1831424] 'OEM02Mon.exe'='C:\WINDOWS\OEM02Mon.exe' [2007-05-09 17:01 36864] 'TkBellExe'='C:\Program Files\Common Files\Real\Update_OBealsched.exe' [2007-12-08 22:32 185632] 'AVG7_CC'='G:\SOFTWA~1\AVG7~1\avgcc.exe' [2007-12-23 11:37 579072] 'SDaemon'='C:\WINDOWS\sdaemon.exe' [2005-04-19 03:27 111104] 'SWd'='C:\WINDOWS\winwd.exe' [2005-04-19 03:26 26624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] 'AVG7_Run'='G:\SOFTWA~1\AVG7~1\avgw.exe' [2007-12-23 11:37 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorerun] 'Winlogons'= C:\WINDOWS\Winlogons.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\GoToAssist] C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2007-12-09 01:15 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] 'AppInit_DLLs'=C:\WINDOWS\system32\guard32.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-05-11 14:36 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2007-05-10 02:29 1392640 --a------ C:\WINDOWS\system32\WLTRAY.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU] 2004-02-19 18:53 61440 --a------ c:\dell\bldbubg.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] 2007-07-04 01:27 1228800 --a------ C:\Program Files\Dell\QuickSet\quickset.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]    C:\Program Files\DellSupport\DSAgnt.exe /startup     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]    c:\dell\dsca.exe 3     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] 2007-05-24 18:33 17920 --a------ C:\Dell\E-Center\EULALauncher.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2007-07-10 09:28 162328 --a------ C:\WINDOWS\system32\hkcmd.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2007-07-10 09:28 137752 --a------ C:\WINDOWS\system32\igfxtray.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KADxMain] 2006-11-03 01:35 282624 --a------ C:\WINDOWS\system32\KADxMain.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe] 2007-05-09 17:01 36864 --a------ C:\WINDOWS\OEM02Mon.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2007-04-17 03:40 184320 --------- C:\Program Files\Dell\MediaDirect\PCMService.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2007-07-10 09:28 137752 --a------ C:\WINDOWS\system32\igfxpers.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]    stsystra.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2007-07-10 09:51 851968 --a------ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversionun-] 'Yahoo! Pager'='G:\SOFTWA~1\MESSEN~1\YAHOOM~1.EXE' -quiet [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-] 'TkBellExe'='C:\Program Files\Common Files\Real\Update_OBealsched.exe'  -osboot 'QuickTime Task'='C:\Program Files\QuickTime\QTTask.exe' -atboottime 'NeroFilterCheck'=C:\WINDOWS\system32\NeroCheck.exe R0 WINSEC;WINSEC;C:\WINDOWS\system32\drivers\WINSEC.SYS [2005-04-19 03:27] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-12-08 12:17] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-12-08 12:17] R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 22:05] R2 MsDtsServer;SQL Server Integration Services;'C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe' [2005-10-14 03:45] R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);'C:\Program Files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe' [2005-10-14 03:44] R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 16:30] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service [] R2 SQLWriter;SQL Server VSS Writer;'C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe' [2005-10-14 03:53] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 16:30] R2 winser;winser;C:\WINDOWS\system32\winsersec.exe [2005-04-14 04:07] R3 DXEC02;DXEC02;C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-03 00:01] R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;C:\WINDOWS\system32\Drivers\OEM02Afx.sys [2007-06-07 17:00] R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-10-10 17:03] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 10:45] S3 GoToAssist;GoToAssist;'C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe' Start=service [] S4 msvsmon80;Visual Studio 2005 Remote Debugger;'C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe' [2005-09-23 07:01] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37cfa390-ab33-11dc-acf6-001c23b2fe41}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe \Shell\Open \command - E:\MicrosoftPowerPoint.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{454e2027-a547-11dc-bb5b-001d60aac08f}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe \Shell\Open \command - E:\MicrosoftPowerPoint.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b120ce43-ae99-11dc-acfe-001c23b2fe41}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe \Shell\Open \command - E:\MicrosoftPowerPoint.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e929afba-b42c-11dc-ad0f-001c23b2fe41}] \Shell\Auto\command - auto.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder '2007-12-08 16:24:44 C:\WINDOWS\Tasks\1-Click Maintenance.job' - G:\Softwares\TuneUp Utilites 2007\SystemOptimizer.exe '2007-12-22 13:41:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job' - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-31 00:20:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql] 'ImagePath'='\'C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe\' -s:MSSQL.2 -f:MSSQLSERVER' . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\guard32.dll PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\WINDOWS\system32\guard32.dll PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\WINDOWS\WSEC32HK.dll -> C:\WINDOWS\system32\DLAAPI_W.DLL . Completion time: 2007-12-31  0:20:41

aquinn_21 · Answer

ComboFix 07-12-30.3 - Yossarain 2007-12-31  0:17:48.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1269 [GMT 5.5:30]Running from: C:\Documents and Settings\Yossarain\Desktop\ComboFix.exe * Created a new restore point.The following files were disabled during the run:C:\WINDOWS\system32\guard32.dll (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))). C:\WINDOWS\system32\CacheC:\WINDOWS\system32\x64 .(((((((((((((((((((((((((   Files Created from 2007-11-28 to 2007-12-30  ))))))))))))))))))))))))))))))). 2007-12-30 16:32 . 2007-12-30 16:32   d-------- C:\Documents and Settings\Quinn\Application Data\vlc 2007-12-30 16:26 . 2007-12-30 16:26   d-------- C:\Documents and Settings\Quinn\Application Data\dvdcss 2007-12-30 02:22 . 2007-12-31 00:06 332 --a------ C:\WINDOWS\winsc32.ini 2007-12-30 02:22 . 2007-12-31 00:05 244 --a------ C:\WINDOWS\gercescp.dvr 2007-12-30 02:22 . 2007-12-30 02:31 60 --------- C:\WINDOWS\dwpces23.dru 2007-12-29 23:17 . 2007-12-29 23:17   d-------- C:\Program Files\Trend Micro 2007-12-29 22:57 . 2007-12-29 22:57   d-------- C:\Documents and Settings\Quinn\Application Data\DivX 2007-12-29 21:27 . 2007-12-29 21:27   d-------- C:\Documents and Settings\Quinn\dwhelper 2007-12-29 12:45 . 2007-12-29 13:30   d-------- C:\JAB WE MET 2007-12-29 12:28 . 2007-12-29 12:28   d-------- C:\Program Files\DVD Shrink 2007-12-29 12:28 . 2007-12-29 12:29   d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-12-29 12:24 . 2007-12-29 22:51   d-------- C:\Documents and Settings\Yossarain\Application Data\DataSafeOnline 2007-12-28 19:45 . 2007-12-28 19:45   d-------- C:\Documents and Settings\Quinn\Application Data\CyberLink 2007-12-28 01:32 . 2007-12-28 01:32   d-------- C:\Documents and Settings\Yossarain\dwhelper 2007-12-23 19:39 . 2007-12-30 14:36   d-------- C:\Documents and Settings\Quinn\Application Data\AVG7 2007-12-23 11:37 . 2007-12-29 22:51   d-------- C:\Documents and Settings\Yossarain\Application Data\AVG7 2007-12-23 11:37 . 2007-12-23 11:37   d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-12-23 11:37 . 2007-12-23 11:37   d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-23 11:19 . 2007-12-23 12:51   d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-12-23 11:04 . 2006-08-21 14:44 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys 2007-12-23 11:04 . 2006-08-21 14:44 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe 2007-12-23 11:04 . 2006-08-21 17:51 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll 2007-12-23 10:50 . 2007-07-09 18:39 584,192 --------- C:\WINDOWS\system32\dllcachepcrt4.dll 2007-12-22 08:30 . 2007-12-22 08:30 3,380 --a------ C:\WINDOWS\system32\OEMINFO.PNF 2007-12-21 23:59 . 2007-12-22 02:25   d-------- C:\Documents and Settings\Yossarain\Shared 2007-12-21 23:58 . 2007-12-22 02:25   d-------- C:\Documents and Settings\Yossarain\Incomplete 2007-12-21 23:58 . 2007-12-22 02:21   d-------- C:\Documents and Settings\Yossarain\Application Data\LimeWire 2007-12-21 17:55 . 2007-12-29 13:45   d-------- C:\Documents and Settings\Quinn\Application Data\Azureus 2007-12-20 14:14 . 2007-12-20 14:14   d-------- C:\Documents and Settings\Quinn\Application Data\TuneUp Software 2007-12-20 14:11 . 2007-12-20 14:11   d-------- C:\Documents and Settings\Quinn\Application Data\Comodo 2007-12-18 10:51 . 2007-12-18 10:51   d-------- C:\Program Files\Microsoft Reader 2007-12-18 10:51 . 2007-01-30 15:06 60,944 --a------ C:\WINDOWS\DASShp.dll 2007-12-16 20:18 . 2007-11-15 05:21   d-------- C:\Documents and Settings\Quinn\Application Data\Roxio 2007-12-16 20:18 . 2007-11-15 05:01   d-------- C:\Documents and Settings\Quinn\Application Data\InstallShield 2007-12-16 20:18 . 2007-12-22 08:27   d--h----- C:\Documents and Settings\Quinn\Application Data\GTek 2007-12-16 18:39 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-12-16 18:39 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys 2007-12-16 18:39 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-12-16 18:39 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys 2007-12-16 09:01 . 2007-12-16 09:01   d-------- C:\Program Files\Microsoft ASP.NET 2007-12-15 10:28 . 2007-12-15 10:28   d-------- C:\Documents and Settings\Yossarain\Application Data\CyberLink 2007-12-15 10:06 . 2007-12-30 02:52   d-------- C:\Documents and Settings\Yossarain\Application Data\Azureus 2007-12-15 10:06 . 2007-12-15 10:06   d-------- C:\Documents and Settings\All Users\Application Data\Azureus 2007-12-15 00:33 . 2007-12-15 00:33   d-------- C:\Settings 2007-12-14 22:38 . 2007-12-14 22:38   d-------- C:\WINDOWS\system32\ell 2007-12-13 11:14 . 2007-11-15 05:21   d-------- C:\Documents and Settings\KARTHIK\ASPNET\Application Data\Roxio 2007-12-13 11:14 . 2007-11-15 05:01   d-------- C:\Documents and Settings\KARTHIK\ASPNET\Application Data\InstallShield 2007-12-13 11:14 . 2007-11-15 05:13   d-------- C:\Documents and Settings\KARTHIK\ASPNET\Application Data\GTek 2007-12-13 11:14 . 2007-12-23 11:37   d-------- C:\Documents and Settings\KARTHIK\ASPNET 2007-12-13 11:04 . 2007-12-13 11:04   d-------- C:\Documents and Settings\SqlServer\Application Data\Apple Computer 2007-12-13 11:03 . 2007-12-13 11:03   d-------- C:\Documents and Settings\SqlServer\Application Data\Comodo 2007-12-13 10:53 . 2007-11-15 05:21   d-------- C:\Documents and Settings\SqlServer\Application Data\Roxio 2007-12-13 10:53 . 2007-11-15 05:01   d-------- C:\Documents and Settings\SqlServer\Application Data\InstallShield 2007-12-13 10:53 . 2007-11-15 05:13   d--h----- C:\Documents and Settings\SqlServer\Application Data\GTek 2007-12-13 10:51 . 2007-12-13 10:51   d-------- C:\Program Files\SQLXML 4.0 2007-12-13 10:50 . 2007-12-13 10:50   d-------- C:\WINDOWS\system32\Visual Studio 2005Templates 2007-12-13 10:50 . 2007-12-13 10:50   d-------- C:\WINDOWS\system32\Visual Studio 2005 2007-12-13 10:47 . 2007-12-13 10:47   d-------- C:\Program Files\Microsoft Analysis Services 2007-12-13 10:24 . 2007-12-13 10:24   d-------- C:\Program Files\PodSync.com 2007-12-12 23:39 . 2007-12-14 22:33   d-------- C:\Program Files\Microsoft SQL Server 2007-12-12 23:38 . 2007-12-12 23:38   d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition 2007-12-12 23:38 . 2007-12-12 23:38   d-------- C:\Program Files\Microsoft Device Emulator 2007-12-12 23:29 . 2007-12-12 23:29   d-------- C:\Program Files\MSBuild 2007-12-12 23:16 . 2007-12-12 23:16   d-------- C:\WINDOWS\Symbols 2007-12-12 23:16 . 2007-12-12 23:30   d-------- C:\Program Files\Microsoft Visual Studio 8 2007-12-12 23:16 . 2007-12-12 23:28   d-------- C:\Program Files\HTML Help Workshop 2007-12-12 23:16 . 2007-12-12 23:21   d-------- C:\Program Files\Common Files\Merge Modules 2007-12-12 23:16 . 2007-12-12 23:17   d-------- C:\Program Files\Common Files\Business Objects 2007-12-12 23:16 . 2007-12-12 23:16   d-------- C:\Program Files\CE Remote Tools 2007-12-12 23:16 . 2007-12-12 23:16   d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions 2007-12-12 10:11 . 2007-12-12 11:04   d-------- C:\WINDOWS\system32\NtmsData 2007-12-12 09:26 . 2007-12-14 22:38   d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-12-11 11:10 . 2007-12-11 11:10   d-------- C:\Program Files\Plus! 2007-12-11 09:55 . 2007-06-20 19:56 267,992 -rahs---- C:\WINDOWS\Winlogons.exe 2007-12-11 08:38 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-12-11 08:38 . 2007-12-12 23:32 520 --a------ C:\WINDOWS\ODBC.INI 2007-12-11 08:36 . 2007-12-11 08:36   d-------- C:\Program Files\Microsoft ActiveSync 2007-12-11 08:35 . 2007-12-11 08:36   d-------- C:\WINDOWS\SHELLNEW 2007-12-11 08:34 . 2007-12-12 23:41   d-------- C:\Program Files\Microsoft.NET 2007-12-09 17:37 . 2007-12-09 17:37   d-------- C:\Documents and Settings\Yossarain\Application Data\Scooter Software 2007-12-09 04:22 . 2007-12-09 04:22   d-------- C:\Program Files\Intel 2007-12-09 04:22 . 2007-12-09 04:22   d-------- C:\Documents and Settings\Yossarain\Application Data\Intel 2007-12-09 03:33 . 2007-12-30 23:40 116 --a------ C:\WINDOWS\NeroDigital.ini 2007-12-09 03:20 . 2007-12-09 03:20   d-------- C:\Documents and Settings\Yossarain\Application Data\Ahead 2007-12-09 03:19 . 2007-12-09 03:21   d-------- C:\Program Files\Common Files\Ahead 2007-12-09 01:35 . 2007-12-09 01:35   d--hs---- C:\WINDOWS\ftpcache 2007-12-09 01:16 . 2007-12-09 01:16   d-------- C:\Documents and Settings\All Users\Application Data\Citrix 2007-12-09 01:15 . 2007-12-09 01:15   d-------- C:\Program Files\Citrix 2007-12-09 01:15 . 2007-12-09 01:15 60,968 --a------ C:\Documents and Settings\Yossarain\GoToAssistDownloadHelper.exe 2007-12-09 01:14 . 2007-12-09 01:14   d-------- C:\WINDOWS\Sun 2007-12-09 00:39 . 2007-12-09 00:39   d-------- C:\WINDOWS\IIS Temporary Compressed Files 2007-12-08 23:50 . 2007-12-08 23:50 0 --a------ C:\WINDOWS
sreg.dat 2007-12-08 23:32 . 2007-12-08 23:33   d-------- C:\Documents and Settings\Yossarain\Application Data\DivX 2007-12-08 23:30 . 2006-10-04 19:36 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb 2007-12-08 23:30 . 2006-10-04 19:36 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb 2007-12-08 23:30 . 2006-10-04 19:36 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb 2007-12-08 23:29 . 2007-12-08 23:29   d-------- C:\Program Files\Windows Media Connect 2 2007-12-08 23:27 . 2007-12-13 11:14   d-------- C:\WINDOWS\system32\LogFiles 2007-12-08 23:27 . 2007-12-08 23:28   d-------- C:\WINDOWS\system32\drivers\UMDF 2007-12-08 23:19 . 2007-12-08 23:19 25 --a------ C:\WINDOWS\cdplayer.ini .((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2007-11-14 23:05 7,053 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_INS_I1520.mrk2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll2007-10-27 12:10 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll2007-10-27 12:10 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll2007-10-10 23:56 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll2007-10-10 23:55 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll2007-10-10 23:55 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll2007-10-10 23:55 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll2007-10-10 23:55 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll2007-10-10 23:55 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll2007-10-10 23:55 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll2007-10-10 23:55 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll2007-10-10 23:55 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll2007-10-10 23:55 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll2007-10-10 23:55 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll2007-10-10 11:34 393,216 ----a-w C:\WINDOWS\system32\OEM02Cvw.dll2007-10-10 11:32 28,672 ----a-w C:\WINDOWS\OEM02Cfg.exe2007-10-10 10:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe2007-09-28 16:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe2007-09-28 16:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll2007-09-28 16:07 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll2007-09-28 16:07 129,784 ------w C:\WINDOWS\system32\PxAFS.DLL2007-09-28 16:07 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\system32\DivX.dll2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll2007-06-20 14:26 267,992 --sha-r C:\WINDOWS\Winlogons.exe. (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'swg'='C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe' [2007-12-08 20:20 68856]'ctfmon.exe'='C:\WINDOWS\system32\ctfmon.exe' [2004-08-04 16:30 15360]'DellSupportCenter'='C:\Program Files\Dell Support Center\bin\sprtcmd.exe' [2007-07-11 19:45 198704]'BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}'='C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe' [2005-11-24 15:38 94208]'Yahoo! Pager'='G:\SOFTWA~1\MESSEN~1\YAHOOM~1.exe' [2006-06-20 16:02 4538368]'Dell DataSafe Scheduler'='C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe' [2007-06-25 09:08 308464]

bamajim · Answer

aquinn_21 1. Open NotePad (not wordpad). Copy and paste the following into Notepad File::C:\WINDOWS\winsc32.iniC:\WINDOWS\gercescp.dvrC:\WINDOWS\dwpces23.druC:\WINDOWS\Winlogons.exeFolder::C:\WINDOWS\system32\ellRegistry::[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]'Winlogons'=- Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop Using the Image as a reference, drag CFScript into ComboFix.exe You will be prompted to run Combofix again, Do so Following the same rules as indicated in my first post Then post the contents of the C:\ComboFix.txt log in your reply 2. Rerun Hijackthis and post a fresh Hijackthis log as well You may have to post the results in more than one reply Microsoft MVP Windows-Security CastleCops Instructor 'The world is what you make of it'

aquinn_21 · Answer

Thank you bamajim for your replies

aquinn_21 · Answer

2007-10-10 23:55 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-10-10 23:55 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll 2007-10-10 23:55 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-10-10 23:55 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll 2007-10-10 23:55 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll 2007-10-10 23:55 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll 2007-10-10 11:34 393,216 ----a-w C:\WINDOWS\system32\OEM02Cvw.dll 2007-10-10 11:32 28,672 ----a-w C:\WINDOWS\OEM02Cfg.exe 2007-10-10 10:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-20 14:26 267,992 --sha-r C:\WINDOWS\Winlogons.exe . (((((((((((((((((((((((((((((   snapshot@2007-12-31_ 0.20.17.45   ))))))))))))))))))))))))))))))))))))))))) . - 2007-12-30 14:15:47 237,219 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin + 2008-01-01 13:04:19 237,218 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin . (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'swg'='C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe' [2007-12-08 20:20 68856] 'ctfmon.exe'='C:\WINDOWS\system32\ctfmon.exe' [2004-08-04 16:30 15360] 'DellSupportCenter'='C:\Program Files\Dell Support Center\bin\sprtcmd.exe' [2007-07-11 19:45 198704] 'BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}'='C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe' [2005-11-24 15:38 94208] 'Yahoo! Pager'='G:\SOFTWA~1\MESSEN~1\YAHOOM~1.exe' [2006-06-20 16:02 4538368] 'Dell DataSafe Scheduler'='C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe' [2007-06-25 09:08 308464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'COMODO Firewall Pro'='C:\Program Files\COMODO\Firewall\cfp.exe' [2007-12-08 12:17 1481984] 'iTunesHelper'='G:\Softwares\iTunes\iTunesHelper.exe' [2007-11-02 18:36 267048] 'googletalk'='C:\Program Files\Google\Google Talk\googletalk.exe' [2007-01-02 02:52 3739648] 'Dell QuickSet'='C:\Program Files\Dell\QuickSet\quickset.exe' [2007-07-04 01:27 1228800] 'Google Desktop Search'='C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe' [2007-12-13 10:20 1831424] 'OEM02Mon.exe'='C:\WINDOWS\OEM02Mon.exe' [2007-05-09 17:01 36864] 'TkBellExe'='C:\Program Files\Common Files\Real\Update_OBealsched.exe' [2007-12-08 22:32 185632] 'AVG7_CC'='G:\SOFTWA~1\AVG7~1\avgcc.exe' [2007-12-23 11:37 579072] 'SDaemon'='C:\WINDOWS\sdaemon.exe' [2005-04-19 03:27 111104] 'SWd'='C:\WINDOWS\winwd.exe' [2005-04-19 03:26 26624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] 'AVG7_Run'='G:\SOFTWA~1\AVG7~1\avgw.exe' [2007-12-23 11:37 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorerun] 'Winlogons'= C:\WINDOWS\Winlogons.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\GoToAssist] C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2007-12-09 01:15 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] 'AppInit_DLLs'=C:\WINDOWS\system32\guard32.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-05-11 14:36 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2007-05-10 02:29 1392640 --a------ C:\WINDOWS\system32\WLTRAY.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU] 2004-02-19 18:53 61440 --a------ c:\dell\bldbubg.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] 2007-07-04 01:27 1228800 --a------ C:\Program Files\Dell\QuickSet\quickset.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]    C:\Program Files\DellSupport\DSAgnt.exe /startup     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]    c:\dell\dsca.exe 3     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] 2007-05-24 18:33 17920 --a------ C:\Dell\E-Center\EULALauncher.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2007-07-10 09:28 162328 --a------ C:\WINDOWS\system32\hkcmd.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2007-07-10 09:28 137752 --a------ C:\WINDOWS\system32\igfxtray.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KADxMain] 2006-11-03 01:35 282624 --a------ C:\WINDOWS\system32\KADxMain.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe] 2007-05-09 17:01 36864 --a------ C:\WINDOWS\OEM02Mon.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2007-04-17 03:40 184320 --------- C:\Program Files\Dell\MediaDirect\PCMService.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2007-07-10 09:28 137752 --a------ C:\WINDOWS\system32\igfxpers.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]    stsystra.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2007-07-10 09:51 851968 --a------ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversionun-] 'Yahoo! Pager'='G:\SOFTWA~1\MESSEN~1\YAHOOM~1.EXE' -quiet [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-] 'TkBellExe'='C:\Program Files\Common Files\Real\Update_OBealsched.exe'  -osboot 'QuickTime Task'='C:\Program Files\QuickTime\QTTask.exe' -atboottime 'NeroFilterCheck'=C:\WINDOWS\system32\NeroCheck.exe R0 WINSEC;WINSEC;C:\WINDOWS\system32\drivers\WINSEC.SYS [2005-04-19 03:27] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-12-08 12:17] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-12-08 12:17] R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 22:05] R2 MsDtsServer;SQL Server Integration Services;'C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe' [2005-10-14 03:45] R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);'C:\Program Files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe' [2005-10-14 03:44] R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 16:30] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service [] R2 SQLWriter;SQL Server VSS Writer;'C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe' [2005-10-14 03:53] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 16:30] R2 winser;winser;C:\WINDOWS\system32\winsersec.exe [2005-04-14 04:07] R3 DXEC02;DXEC02;C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-03 00:01] R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;C:\WINDOWS\system32\Drivers\OEM02Afx.sys [2007-06-07 17:00] R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-10-10 17:03] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 10:45] S3 GoToAssist;GoToAssist;'C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe' Start=service [] S4 msvsmon80;Visual Studio 2005 Remote Debugger;'C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe' [2005-09-23 07:01] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37cfa390-ab33-11dc-acf6-001c23b2fe41}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe \Shell\Open \command - E:\MicrosoftPowerPoint.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b120ce43-ae99-11dc-acfe-001c23b2fe41}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe \Shell\Open \command - E:\MicrosoftPowerPoint.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dae570de-b160-11dc-ad0d-001c23b2fe41}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe \Shell\Open \command - H:\MicrosoftPowerPoint.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e929afba-b42c-11dc-ad0f-001c23b2fe41}] \Shell\Auto\command - auto.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe . Contents of the 'Scheduled Tasks' folder '2007-12-08 16:24:44 C:\WINDOWS\Tasks\1-Click Maintenance.job' - G:\Softwares\TuneUp Utilites 2007\SystemOptimizer.exe '2007-12-22 13:41:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job' - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-01 23:35:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql] 'ImagePath'='\'C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe\' -s:MSSQL.2 -f:MSSQLSERVER' . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\guard32.dll PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\WINDOWS\system32\guard32.dll . Completion time: 2008-01-01 23:36:10 C:\qoobox\ComboFix-quarantined-files.txt  2008-01-01 18:06:07 C:\qoobox\ComboFix2.txt  2007-12-30 18:50:45

aquinn_21 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:55 PM, on 1/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\winsersec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\SOFTWA~1\AVG7~1\avgamsvr.exe
G:\SOFTWA~1\AVG7~1\avgupsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\Firewall\cfp.exe
G:\Softwares\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\SOFTWA~1\AVG7~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\sdaemon.exe
C:\WINDOWS\winwd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\YOSSAR~1\LOCALS~1\Temp\MsData\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
G:\SOFTWA~1\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071115
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - G:\Softwares\FlashGet 1.9.4\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\Softwares\Real Player\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Softwares\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - G:\Softwares\FlashGet 1.9.4\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [iTunesHelper] "G:\Softwares\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] G:\SOFTWA~1\AVG7~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SDaemon] C:\WINDOWS\sdaemon.exe
O4 - HKLM\..\Run: [SWd] C:\WINDOWS\winwd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "G:\SOFTWA~1\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Dell DataSafe Scheduler] C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe
O4 - HKLM\..\Policies\Explorer\Run: [Winlogons] C:\WINDOWS\Winlogons.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] G:\SOFTWA~1\AVG7~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] G:\SOFTWA~1\AVG7~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3770233982-739296087-4025953167-1014\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" (User 'SqlServer')
O4 - HKUS\S-1-5-21-3770233982-739296087-4025953167-1014\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" (User 'SqlServer')
O4 - HKUS\S-1-5-21-3770233982-739296087-4025953167-1014\..\Run: [AVG7_Run] G:\SOFTWA~1\AVG7~1\avgw.exe /RUNONCE (User 'SqlServer')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] G:\SOFTWA~1\AVG7~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] G:\SOFTWA~1\AVG7~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - G:\Softwares\FlashGet 1.9.4\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - G:\Softwares\FlashGet 1.9.4\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Softwares\FlashGet 1.9.4\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Softwares\FlashGet 1.9.4\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197125681468
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\SOFTWA~1\AVG7~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\SOFTWA~1\AVG7~1\avgupsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: winser - Unknown owner - C:\WINDOWS\system32\winsersec.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9765 bytes

aquinn_21 · Answer

ComboFix 07-12-30.3 - Yossarain 2008-01-01 23:33:20.2 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1266 [GMT 5.5:30]Running from: C:\Documents and Settings\Yossarain\Desktop\ComboFix.exeCommand switches used :: C:\Documents and Settings\Yossarain\Desktop\CFScript.txt * Created a new restore point FILEC:\WINDOWS\dwpces23.druC:\WINDOWS\gercescp.dvrC:\WINDOWS\Winlogons.exeC:\WINDOWS\winsc32.ini.The following files were disabled during the run:C:\WINDOWS\system32\guard32.dll (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))). C:\WINDOWS\dwpces23.druC:\WINDOWS\gercescp.dvrC:\WINDOWS\system32\ellC:\WINDOWS\Winlogons.exeC:\WINDOWS\winsc32.ini .(((((((((((((((((((((((((   Files Created from 2007-12-01 to 2008-01-01  ))))))))))))))))))))))))))))))). 2007-12-30 16:32 . 2007-12-30 16:32   d-------- C:\Documents and Settings\Quinn\Application Data\vlc 2007-12-30 16:26 . 2007-12-30 16:26   d-------- C:\Documents and Settings\Quinn\Application Data\dvdcss 2007-12-29 23:17 . 2007-12-29 23:17   d-------- C:\Program Files\Trend Micro 2007-12-29 22:57 . 2007-12-29 22:57   d-------- C:\Documents and Settings\Quinn\Application Data\DivX 2007-12-29 21:27 . 2007-12-29 21:27   d-------- C:\Documents and Settings\Quinn\dwhelper 2007-12-29 12:45 . 2007-12-29 13:30   d-------- C:\JAB WE MET 2007-12-29 12:28 . 2007-12-29 12:28   d-------- C:\Program Files\DVD Shrink 2007-12-29 12:28 . 2007-12-29 12:29   d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-12-29 12:24 . 2007-12-29 22:51   d-------- C:\Documents and Settings\Yossarain\Application Data\DataSafeOnline 2007-12-28 19:45 . 2007-12-28 19:45   d-------- C:\Documents and Settings\Quinn\Application Data\CyberLink 2007-12-28 01:32 . 2007-12-28 01:32   d-------- C:\Documents and Settings\Yossarain\dwhelper 2007-12-23 19:39 . 2008-01-01 03:01   d-------- C:\Documents and Settings\Quinn\Application Data\AVG7 2007-12-23 11:37 . 2007-12-29 22:51   d-------- C:\Documents and Settings\Yossarain\Application Data\AVG7 2007-12-23 11:37 . 2007-12-23 11:37   d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-12-23 11:37 . 2007-12-23 11:37   d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-23 11:19 . 2007-12-23 12:51   d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-12-23 11:04 . 2006-08-21 14:44 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys 2007-12-23 11:04 . 2006-08-21 14:44 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe 2007-12-23 11:04 . 2006-08-21 17:51 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll 2007-12-23 10:50 . 2007-07-09 18:39 584,192 --------- C:\WINDOWS\system32\dllcachepcrt4.dll 2007-12-22 08:30 . 2007-12-22 08:30 3,380 --a------ C:\WINDOWS\system32\OEMINFO.PNF 2007-12-21 23:59 . 2007-12-22 02:25   d-------- C:\Documents and Settings\Yossarain\Shared 2007-12-21 23:58 . 2007-12-22 02:25   d-------- C:\Documents and Settings\Yossarain\Incomplete 2007-12-21 23:58 . 2007-12-22 02:21   d-------- C:\Documents and Settings\Yossarain\Application Data\LimeWire 2007-12-21 17:55 . 2007-12-29 13:45   d-------- C:\Documents and Settings\Quinn\Application Data\Azureus 2007-12-20 14:14 . 2007-12-20 14:14   d-------- C:\Documents and Settings\Quinn\Application Data\TuneUp Software 2007-12-20 14:11 . 2007-12-20 14:11   d-------- C:\Documents and Settings\Quinn\Application Data\Comodo 2007-12-18 10:51 . 2007-12-18 10:51   d-------- C:\Program Files\Microsoft Reader 2007-12-18 10:51 . 2007-01-30 15:06 60,944 --a------ C:\WINDOWS\DASShp.dll 2007-12-16 20:18 . 2007-11-15 05:21   d-------- C:\Documents and Settings\Quinn\Application Data\Roxio 2007-12-16 20:18 . 2007-11-15 05:01   d-------- C:\Documents and Settings\Quinn\Application Data\InstallShield 2007-12-16 20:18 . 2007-12-22 08:27   d--h----- C:\Documents and Settings\Quinn\Application Data\GTek 2007-12-16 18:39 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-12-16 18:39 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys 2007-12-16 18:39 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-12-16 18:39 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys 2007-12-16 09:01 . 2007-12-16 09:01   d-------- C:\Program Files\Microsoft ASP.NET 2007-12-15 10:28 . 2007-12-15 10:28   d-------- C:\Documents and Settings\Yossarain\Application Data\CyberLink 2007-12-15 10:06 . 2007-12-30 02:52   d-------- C:\Documents and Settings\Yossarain\Application Data\Azureus 2007-12-15 10:06 . 2007-12-15 10:06   d-------- C:\Documents and Settings\All Users\Application Data\Azureus 2007-12-15 00:33 . 2007-12-15 00:33   d-------- C:\Settings 2007-12-13 11:14 . 2007-11-15 05:21   d-------- C:\Documents and Settings\KARTHIK\ASPNET\Application Data\Roxio 2007-12-13 11:14 . 2007-11-15 05:01   d-------- C:\Documents and Settings\KARTHIK\ASPNET\Application Data\InstallShield 2007-12-13 11:14 . 2007-11-15 05:13   d-------- C:\Documents and Settings\KARTHIK\ASPNET\Application Data\GTek 2007-12-13 11:14 . 2007-12-23 11:37   d-------- C:\Documents and Settings\KARTHIK\ASPNET 2007-12-13 11:04 . 2007-12-13 11:04   d-------- C:\Documents and Settings\SqlServer\Application Data\Apple Computer 2007-12-13 11:03 . 2007-12-13 11:03   d-------- C:\Documents and Settings\SqlServer\Application Data\Comodo 2007-12-13 10:53 . 2007-11-15 05:21   d-------- C:\Documents and Settings\SqlServer\Application Data\Roxio 2007-12-13 10:53 . 2007-11-15 05:01   d-------- C:\Documents and Settings\SqlServer\Application Data\InstallShield 2007-12-13 10:53 . 2007-11-15 05:13   d--h----- C:\Documents and Settings\SqlServer\Application Data\GTek 2007-12-13 10:51 . 2007-12-13 10:51   d-------- C:\Program Files\SQLXML 4.0 2007-12-13 10:50 . 2007-12-13 10:50   d-------- C:\WINDOWS\system32\Visual Studio 2005Templates 2007-12-13 10:50 . 2007-12-13 10:50   d-------- C:\WINDOWS\system32\Visual Studio 2005 2007-12-13 10:47 . 2007-12-13 10:47   d-------- C:\Program Files\Microsoft Analysis Services 2007-12-13 10:24 . 2007-12-13 10:24   d-------- C:\Program Files\PodSync.com 2007-12-12 23:39 . 2007-12-14 22:33   d-------- C:\Program Files\Microsoft SQL Server 2007-12-12 23:38 . 2007-12-12 23:38   d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition 2007-12-12 23:38 . 2007-12-12 23:38   d-------- C:\Program Files\Microsoft Device Emulator 2007-12-12 23:29 . 2007-12-12 23:29   d-------- C:\Program Files\MSBuild 2007-12-12 23:16 . 2007-12-12 23:16   d-------- C:\WINDOWS\Symbols 2007-12-12 23:16 . 2007-12-12 23:30   d-------- C:\Program Files\Microsoft Visual Studio 8 2007-12-12 23:16 . 2007-12-12 23:28   d-------- C:\Program Files\HTML Help Workshop 2007-12-12 23:16 . 2007-12-12 23:21   d-------- C:\Program Files\Common Files\Merge Modules 2007-12-12 23:16 . 2007-12-12 23:17   d-------- C:\Program Files\Common Files\Business Objects 2007-12-12 23:16 . 2007-12-12 23:16   d-------- C:\Program Files\CE Remote Tools 2007-12-12 23:16 . 2007-12-12 23:16   d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions 2007-12-12 10:11 . 2007-12-12 11:04   d-------- C:\WINDOWS\system32\NtmsData 2007-12-12 09:26 . 2007-12-14 22:38   d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-12-11 11:10 . 2007-12-11 11:10   d-------- C:\Program Files\Plus! 2007-12-11 08:38 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-12-11 08:38 . 2007-12-12 23:32 520 --a------ C:\WINDOWS\ODBC.INI 2007-12-11 08:36 . 2007-12-11 08:36   d-------- C:\Program Files\Microsoft ActiveSync 2007-12-11 08:35 . 2007-12-11 08:36   d-------- C:\WINDOWS\SHELLNEW 2007-12-11 08:34 . 2007-12-12 23:41   d-------- C:\Program Files\Microsoft.NET 2007-12-09 17:37 . 2007-12-09 17:37   d-------- C:\Documents and Settings\Yossarain\Application Data\Scooter Software 2007-12-09 04:22 . 2007-12-09 04:22   d-------- C:\Program Files\Intel 2007-12-09 04:22 . 2007-12-09 04:22   d-------- C:\Documents and Settings\Yossarain\Application Data\Intel 2007-12-09 03:33 . 2008-01-01 23:30 116 --a------ C:\WINDOWS\NeroDigital.ini 2007-12-09 03:20 . 2007-12-09 03:20   d-------- C:\Documents and Settings\Yossarain\Application Data\Ahead 2007-12-09 03:19 . 2007-12-09 03:21   d-------- C:\Program Files\Common Files\Ahead 2007-12-09 01:35 . 2007-12-09 01:35   d--hs---- C:\WINDOWS\ftpcache 2007-12-09 01:16 . 2007-12-09 01:16   d-------- C:\Documents and Settings\All Users\Application Data\Citrix 2007-12-09 01:15 . 2007-12-09 01:15   d-------- C:\Program Files\Citrix 2007-12-09 01:15 . 2007-12-09 01:15 60,968 --a------ C:\Documents and Settings\Yossarain\GoToAssistDownloadHelper.exe 2007-12-09 01:14 . 2007-12-09 01:14   d-------- C:\WINDOWS\Sun 2007-12-09 00:39 . 2007-12-09 00:39   d-------- C:\WINDOWS\IIS Temporary Compressed Files 2007-12-08 23:50 . 2007-12-08 23:50 0 --a------ C:\WINDOWS
sreg.dat 2007-12-08 23:32 . 2007-12-08 23:33   d-------- C:\Documents and Settings\Yossarain\Application Data\DivX 2007-12-08 23:30 . 2006-10-04 19:36 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb 2007-12-08 23:30 . 2006-10-04 19:36 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb 2007-12-08 23:30 . 2006-10-04 19:36 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb 2007-12-08 23:29 . 2007-12-08 23:29   d-------- C:\Program Files\Windows Media Connect 2 2007-12-08 23:27 . 2007-12-13 11:14   d-------- C:\WINDOWS\system32\LogFiles 2007-12-08 23:27 . 2007-12-08 23:28   d-------- C:\WINDOWS\system32\drivers\UMDF 2007-12-08 23:19 . 2007-12-08 23:19 25 --a------ C:\WINDOWS\cdplayer.ini 2007-12-08 23:09 . 2007-12-08 23:09   d-------- C:\Program Files\Microsoft Silverlight 2007-12-08 22:43 . 2007-12-08 22:43   d-------- C:\Documents and Settings\Yossarain\Application Data\vlc 2007-12-08 22:33 . 2007-12-08 22:33   d-------- C:\Program Files\Real 2007-12-08 22:33 . 2007-12-08 22:33   d-------- C:\Program Files\Common Files\xing shared 2007-12-08 22:32 . 2007-12-08 22:32   d-------- C:\Program Files\Common Files\Real .((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2007-12-22 03:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gtek2007-12-18 05:21 --------- d--h--w C:\Program Files\InstallShield Installation Information2007-12-13 04:49 --------- d-----w C:\Program Files\Google2007-12-08 18:28 --------- d-----w C:\Program Files\Yahoo!2007-12-08 18:28 --------- d-----w C:\Program Files\Common Files\SureThing Shared2007-12-08 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\YAHOO2007-12-08 06:34 --------- d-----w C:\Program Files\Roxio2007-12-08 06:01 --------- d-----w C:\Program Files\MUSICMATCH2007-11-14 23:51 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio2007-11-14 23:51 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Roxio2007-11-14 23:48 --------- d-----w C:\Program Files\Dell2007-11-14 23:47 --------- d-----w C:\Program Files\Microsoft Plus! Photo Story 2 LE2007-11-14 23:47 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition2007-11-14 23:46 --------- d-----w C:\Program Files\Common Files\InstallShield2007-11-14 23:45 --------- d-----w C:\Program Files\Dell DataSafe Online2007-11-14 23:45 --------- d-----w C:\Program Files\Common Files\Adobe2007-11-14 23:44 --------- d-----w C:\Program Files\Dell Support Center2007-11-14 23:43 --------- d-----w C:\Program Files\DellSupport2007-11-14 23:43 --------- d-----w C:\Program Files\Common Files\supportsoft2007-11-14 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft2007-11-14 23:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\GTek2007-11-14 23:42 --------- d-----w C:\Program Files\CyberLink2007-11-14 23:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell2007-11-14 23:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink2007-11-14 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield2007-11-14 23:34 --------- d-----w C:\Program Files\Sigmatel2007-11-14 23:32 --------- d-----w C:\Program Files\CONEXANT2007-11-14 23:31 --------- d-----w C:\Program Files\NetWaiting2007-11-14 23:31 --------- d-----w C:\Program Files\Modem Diagnostic Tool2007-11-14 23:31 --------- d-----w C:\Program Files\Digital Line Detect2007-11-14 23:31 --------- d-----w C:\Program Files\Broadcom2007-11-14 23:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield2007-11-14 23:29 --------- d-----w C:\Program Files\Java2007-11-14 23:28 --------- d-----w C:\Program Files\Common Files\Java2007-11-14 23:27 --------- d-----w C:\Program Files\MSXML 6.02007-11-14 23:13 --------- d-----w C:\Program Files\Synaptics2007-11-14 23:05 7,053 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_INS_I1520.mrk2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll2007-10-27 12:10 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll2007-10-27 12:10 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll2007-10-10 23:56 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll2007-10-10 23:55 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll2007-10-10 23:55 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll2007-10-10 23:55 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll2007-10-10 23:55 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll

bamajim · Answer

aquinn_21   You are most welcome. How's your PC running now?   Microsoft MVP Windows-Security CastleCops Instructor 'The world is what you make of it'

aquinn_21 · Answer

I am still unable to delete TuneUp Utilities and quite often script debugger window is popping up. This happens when I am browsing through folders or when surfing on the net.   Any idea why this is happening. The blue screen hasn't occured again as of now.

bamajim · Answer

aquinn_21

Have you tried to uninstall it through Add or Remove Programs?

Describe what happens when you try to remove it.

Microsoft MVP Windows-Security

CastleCops Instructor

"The world is what you make of it"

aquinn_21 · Answer

I have used Windows Clean Install to uninstall the program and it is no longer listed in Add/Remove Programs. This problem I am getting when I try to manually delete the folder and it is no longer allowing me to delete it.

bamajim · Answer

aquinn_21

I only see the program listed on a G:\ drive.

G:\Softwares\TuneUp Utilites 2007\SystemOptimizer.exe

Is it listed somewhere on your C:\ ? If so post the path in your reply

Microsoft MVP Windows-Security

CastleCops Instructor

"The world is what you make of it"

aquinn_21 · Answer

No bamajim. That's where I have set the path during the installation and I haven't set it anywhere else.

bamajim · Answer

aquinn_21

We can use Combofix to remove it

1. Open NotePad (not wordpad). Copy and paste the following into Notepad

File::
G:\Softwares\TuneUp Utilites 2007\SystemOptimizer.exe

Folder::
G:\Softwares\TuneUp Utilites 2007

Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe

user posted image

You will be prompted to run Combofix again, Do so
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply

Microsoft MVP Windows-Security

CastleCops Instructor

"The world is what you make of it"

Virus & Spyware

Unable to Delete TuneUp Utilities software-Error SDShelEx-win32 error

Was this post helpful?