Please download
Combofix and save to your desktop:
Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the contents of the C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang.
OK, I ran it, and here is the log. Did this tool maybe remove the problem, and if not, what next? Really appreciate this help! How are these spywares prevented? Do I need a hardware firewall?
Save the File as
CFScript ->> Save it to your
Desktop
Using the Image as a reference, drag
CFScript into
ComboFix.exe
You will be prompted to run Combofix again, Do so Following the same rules as indicated in my first post Then post the contents of the C:\ComboFix.txt log in your reply
1. Spyware Doctor's OnGuard protective functionality may interfere with certain HijackThis fixes we need to make. Please follow these instructions to disable it:
To deactivate Spyware Doctor's OnGuard Tools
1. From within Spyware Doctor, click the "OnGuard" button on the left side.
2. Uncheck "Activate OnGuard".
You can reenable it once your system is clean.
2. Rerun Hijackthis (scan only) and place a check beside the following entry
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:53:45 PM, on 7/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:34 PM, on 7/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
You may now remove/delete/uninstall the tools we used to clean your PC
Now that your log is clean
There are some final notes:
Disable and Enable System Restore
Lets create a clean System Restore point the instructions are here
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6.u2. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the " Download" button to the right. Check the box that says: " Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u2-windowsi586-p.exe to install the newest version.
Make your Internet Explorer more secure This can be done by following these simple instructions:
Open Internet Explorer click Tools->> Options. Click Security tab Click once on the Internet icon so it becomes highlighted. Click Custom Level. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialise and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click OK. If it prompts you to save the settings, press Yes. Next press Apply and then OK to exit the Internet Properties page
The Windows Firewall is good at blocking incoming threats, but not outgoing threats such as "Backdoor Trojans" Some others are Sygate And Sunbelt personal All of which are free
Install IE SPYAD for protection against innocent looking websites that are not innocent
Visit Microsoft's Windows
Update Site Frequently for critical updates
Backup your Important Documents and Files on a regular basis
Now for the bad news...before I could implement the last post's infomation, my daughter was using the computer and now the pc became infected again. Should I implement the prevention steps first , or get rid of it again (and if so how far back do I go, as to the procedures, to get rid of this)? thx.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:18:14 PM, on 7/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
bamajim
10.4K Posts
0
July 20th, 2007 13:00
Please download Combofix and save to your desktop:
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.
ketchlv
35 Posts
0
July 21st, 2007 01:00
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\elhggiru.dll
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\xxwvvst.dll
C:\WINDOWS\system32\wcmtovtq.exe
C:\WINDOWS\system32\blhvxfyi.dll
C:\WINDOWS\system32\jxpytmhd.dll
C:\WINDOWS\system32\kdjkusha.dll
C:\WINDOWS\system32\sfpomdmj.dll
C:\WINDOWS\system32\xxwvvst.dll
C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\ilkkj.ini2
C:\WINDOWS\system32\ilkkj.tmp
C:\WINDOWS\system32\awvvutu.dll
C:\WINDOWS\system32\awvvutu.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\AmandaK\APPLIC~1.\racle~1
C:\Documents and Settings\AmandaK.\err.log
C:\Program Files\poolsv
C:\Program Files\poolsv\svhost.exe
C:\Program Files\svhost
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\b122.exe
C:\WINDOWS\rau001978.exe
C:\WINDOWS\svhost.exe
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\b02FdUe\b02FdUe1065.exe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\drivers\ApiMon.sys
C:\WINDOWS\system32\hcijwutx.exe
C:\WINDOWS\system32\mpdsregq.exe
C:\WINDOWS\system32\mydrpbde.exe
C:\WINDOWS\system32\nutxrqqx.exe
C:\WINDOWS\system32\o09PrEz
C:\WINDOWS\system32\o09PrEz\o09PrEz1099.exe
C:\WINDOWS\system32\pxmhlwhm.exe
C:\WINDOWS\system32\W2
C:\WINDOWS\system32\W2\mwspasrt83122.exe
C:\WINDOWS\system32\W3
C:\WINDOWS\system32\W3\626wr.exe
C:\WINDOWS\system32\W4
C:\WINDOWS\system32\W9
C:\WINDOWS\system32\win
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\ystem~1
C:\WINDOWS\system32\Z1
C:\WINDOWS\system32\Z1\mwspasrt83122.exe
C:\WINDOWS\system32\Z3
C:\WINDOWS\system32\Z3\w0716.exe
C:\WINDOWS\system32\Z5
C:\WINDOWS\system32\Z5\st2.exe
C:\WINDOWS\system32\Z7
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\TISKY009.exe
C:\WINDOWS\tk58.exe
C:\WINDOWS\wr.txt
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_NET_AGENT
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
((((((((((((((((((((((((( Files Created from 2007-06-21 to 2007-07-21 )))))))))))))))))))))))))))))))
2007-07-20 18:16 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-20 14:00 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-07-19 19:47
2007-07-17 12:16 192,612 --a------ C:\WINDOWS\system32\twinqndt.exe
2007-07-17 12:15 816,352 -r-hs---- C:\WINDOWS\tggvtlwA.exe
2007-07-17 12:15 54,784 --------- C:\WINDOWS\tggvtlw.exe
2007-07-17 12:15 465,212 --a------ C:\Temp\bY001.exe
2007-07-17 12:15
2007-07-17 12:15
2007-07-17 12:11
2007-07-13 16:40
2007-06-30 16:38
2007-06-30 11:36
2007-06-28 21:20
2007-06-26 21:08 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-06-26 21:08 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2007-06-26 21:06
2007-06-26 21:06
2007-06-26 20:39 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-06-26 20:39 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-26 20:39 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-26 20:39 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-26 20:38 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-26 20:38 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-26 20:38 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-26 20:38
2007-06-26 17:42
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-20 23:56:39 10,332 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-20 23:56:05 248 --sh--r C:\WINDOWS\system32\9A3AEA7C99.sys
2007-07-17 23:43:36 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-07-17 19:20:12 -------- d-----w C:\Program Files\Common Files\AOL
2007-07-03 18:34:31 -------- d-----w C:\Program Files\Picasa2
2007-06-30 23:32:45 -------- d-----w C:\DOCUME~1\AmandaK\APPLIC~1\Ulead Systems
2007-06-30 22:57:46 -------- d-----w C:\Program Files\MySpace
2007-06-27 02:52:07 -------- d-----w C:\Program Files\Lavasoft
2007-06-22 22:15:50 -------- d-----w C:\DOCUME~1\AmandaK\APPLIC~1\Corel
2007-06-12 20:29:33 -------- d-----w C:\Program Files\Common Files\Corel
2007-06-12 20:28:26 -------- d-----w C:\Program Files\Corel
2007-06-10 23:46:48 -------- d-----w C:\DOCUME~1\AmandaK\APPLIC~1\Help
2007-06-10 22:18:56 -------- d-----w C:\DOCUME~1\AmandaK\APPLIC~1\MySpace
2007-06-09 03:46:01 -------- d-----w C:\DOCUME~1\AmandaK\APPLIC~1\EPSON
2007-06-03 18:48:28 104 --sh--r C:\WINDOWS\system32\997CEA3A9A.sys
2007-05-30 22:20:49 -------- d-----w C:\Program Files\Google
2007-05-29 00:30:45 -------- d-----w C:\Program Files\EPSON
2007-05-29 00:29:35 -------- d-----w C:\Program Files\ArcSoft
2007-05-29 00:29:30 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-29 00:27:38 -------- d-----w C:\Program Files\Common Files\Python
2007-05-29 00:22:30 -------- d-----w C:\Program Files\Common Files\EPSON
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
C:\WINDOWS\system32\mlljg.dll
C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\obqjtpop.dll
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\awvvv.dll
C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\jkhfg.dll
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 17:42]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 01:12]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44]
"@"="" []
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-20 18:46]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 16:15]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 01:52]
"Ulead AutoDetector"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 08:32]
"Ulead Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe" [2005-08-22 09:10]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 14:12]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 08:42]
"SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [2007-04-26 16:04]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 12:30]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 14:22]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"Pvctk"="C:\WINDOWS\system32\?ystem\?srss.exe" []
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2007-04-16 10:47]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-02-21 16:43:46]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-09 20:57:59]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-12-15 21:28:51]
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-02-21 16:43:46]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38]
Wireless USB 2.0 WLAN Card Utility.lnk - C:\Program Files\Dell Wireless\PRISMCFG.exe [2006-05-09 20:57:02]
C:\WINDOWS\system32\mljjj.dll
PRISMAPI.DLL 2005-12-22 18:08 450646 C:\WINDOWS\system32\PRISMAPI.dll
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
**************************************************************************
bamajim
10.4K Posts
0
July 21st, 2007 11:00
Let's finish getting your PC clean, then we can talk about protection and prevention
1. Open NotePad (not wordpad). Copy and paste the following into Notepad
File::
C:\WINDOWS\system32\twinqndt.exe
C:\WINDOWS\tggvtlwA.exe
C:\WINDOWS\tggvtlw.exe
C:\Temp\bY001.exe
C:\WINDOWS\system32\Z11
C:\Temp\0c2
C:\WINDOWS\system32\mlljg.dll
C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\obqjtpop.dll
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\awvvv.dll
C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\jkhfg.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{271B8912-A286-44DB-B040-C31A46AB79C6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{428E6FBD-638D-4B93-9C38-C01B40DC35C9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D457CC4-B530-414C-89D7-E4662EC183BE}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{621B16F3-DC32-FEE1-491A-FB8DCE518ECA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F626B43-E459-4E4E-B2E4-3BCF153C49EB}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8152B21C-F163-42EB-B93A-191E959A1872}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD9E4C18-86F5-407B-8492-26655446E59F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C635B8E9-66C9-4E4E-8CF9-FA4B67891BF7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DFB737E0-2582-4A14-8101-E9782E363F2C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pvctk"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjj]
Save the File as CFScript ->> Save it to your Desktop
Using the Image as a reference, drag CFScript into ComboFix.exe
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply
ketchlv
35 Posts
0
July 21st, 2007 17:00
Command switches used :: C:\Documents and Settings\AmandaK\My Documents\CFScript.txt
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Temp\0c2
C:\Temp\bY001.exe
C:\WINDOWS\system32\twinqndt.exe
C:\WINDOWS\system32\Z11
C:\WINDOWS\tggvtlw.exe
C:\WINDOWS\tggvtlwA.exe
((((((((((((((((((((((((( Files Created from 2007-06-22 to 2007-07-22 )))))))))))))))))))))))))))))))
2007-07-20 18:16 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-20 14:00 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-07-19 19:47
2007-07-17 12:11
2007-07-13 16:40
2007-06-30 16:38
2007-06-30 11:36
2007-06-28 21:20
2007-06-26 21:08 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-06-26 21:08 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2007-06-26 21:06
2007-06-26 21:06
2007-06-26 20:39 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-06-26 20:39 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-26 20:39 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-26 20:39 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-26 20:38 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-26 20:38 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-26 20:38 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-26 20:38
2007-06-26 17:42
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-21 03:25:36 248 --sh--r C:\WINDOWS\system32\9A3AEA7C99.sys
2007-07-21 03:25:36 10,332 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-17 23:43:36 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-07-17 19:20:12 -------- d-----w C:\Program Files\Common Files\AOL
2007-07-03 18:34:31 -------- d-----w C:\Program Files\Picasa2
2007-06-30 23:32:45 -------- d-----w C:\DOCUME~1\AmandaK\APPLIC~1\Ulead Systems
2007-06-30 22:57:46 -------- d-----w C:\Program Files\MySpace
2007-06-27 02:52:07 -------- d-----w C:\Program Files\Lavasoft
2007-06-22 22:15:50 -------- d-----w C:\DOCUME~1\AmandaK\APPLIC~1\Corel
2007-06-12 20:29:33 -------- d-----w C:\Program Files\Common Files\Corel
2007-06-12 20:28:26 -------- d-----w C:\Program Files\Corel
2007-06-10 23:46:48 -------- d-----w C:\DOCUME~1\AmandaK\APPLIC~1\Help
2007-06-10 22:18:56 -------- d-----w C:\DOCUME~1\AmandaK\APPLIC~1\MySpace
2007-06-09 03:46:01 -------- d-----w C:\DOCUME~1\AmandaK\APPLIC~1\EPSON
2007-06-03 18:48:28 104 --sh--r C:\WINDOWS\system32\997CEA3A9A.sys
2007-05-30 22:20:49 -------- d-----w C:\Program Files\Google
2007-05-29 00:30:45 -------- d-----w C:\Program Files\EPSON
2007-05-29 00:29:35 -------- d-----w C:\Program Files\ArcSoft
2007-05-29 00:29:30 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-29 00:27:38 -------- d-----w C:\Program Files\Common Files\Python
2007-05-29 00:22:30 -------- d-----w C:\Program Files\Common Files\EPSON
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 17:42]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 01:12]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44]
"@"="" []
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-20 18:46]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 16:15]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 01:52]
"Ulead AutoDetector"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 08:32]
"Ulead Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe" [2005-08-22 09:10]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 14:12]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 08:42]
"SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [2007-04-26 16:04]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 12:30]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 14:22]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"Pvctk"="C:\WINDOWS\system32\?ystem\?srss.exe" []
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2007-04-16 10:47]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-02-21 16:43:46]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-09 20:57:59]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-12-15 21:28:51]
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-02-21 16:43:46]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38]
Wireless USB 2.0 WLAN Card Utility.lnk - C:\Program Files\Dell Wireless\PRISMCFG.exe [2006-05-09 20:57:02]
PRISMAPI.DLL 2005-12-22 18:08 450646 C:\WINDOWS\system32\PRISMAPI.dll
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
dlacdbhm - System32\Drivers\DLACDBHM.SYS
dladresn - System32\DLA\DLADResN.SYS
dlaifs_m - System32\DLA\DLAIFS_M.SYS
dlaopiom - System32\DLA\DLAOPIOM.SYS
dlapoolm - System32\DLA\DLAPoolM.SYS
dlartl_n - System32\Drivers\DLARTL_N.SYS
dlaudfam - System32\DLA\DLAUDFAM.SYS
dlaudf_m - System32\DLA\DLAUDF_M.SYS
drvmcdb - System32\Drivers\DRVMCDB.SYS
drvnddm - System32\Drivers\DRVNDDM.SYS
dsunidrv - system32\DRIVERS\dsunidrv.sys - DellSupport UniDriver
fax - %systemroot%\system32\fxssvc.exe - Fax
prismsvc - C:\WINDOWS\system32\PRISMSVC.EXE - PRISMSVC
2007-07-20 23:29:04 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Rootkit scan 2007-07-21 23:17:06
Windows 5.1.2600 Service Pack 2 NTFS
hidden files: 0
C:\ComboFix-quarantined-files.txt ... 2007-07-21 23:20
C:\ComboFix2.txt ... 2007-07-20 18:47
bamajim
10.4K Posts
0
July 22nd, 2007 12:00
bamajim
10.4K Posts
0
July 24th, 2007 00:00
1. Spyware Doctor's OnGuard protective functionality may interfere with certain HijackThis fixes we need to make. Please follow these instructions to disable it:
To deactivate Spyware Doctor's OnGuard Tools
1. From within Spyware Doctor, click the "OnGuard" button on the left side.
2. Uncheck "Activate OnGuard".
You can reenable it once your system is clean.
2. Rerun Hijackthis (scan only) and place a check beside the following entry
Close all other open windows except Hijackthis and Select " Fix checked"
Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log
MRU Graduate
"The world is what you make of it"
ketchlv
35 Posts
0
July 24th, 2007 00:00
Scan saved at 5:53:45 PM, on 7/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
O4 - HKLM\..\Run: [Ulead Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe -scan
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Pvctk] C:\WINDOWS\system32\?ystem\?srss.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: RaptisoftGameLoader - http://miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1.0.0.15-3.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
End of file - 10857 bytes
bamajim
10.4K Posts
0
July 27th, 2007 00:00
MRU Graduate
"The world is what you make of it"
ketchlv
35 Posts
0
July 27th, 2007 00:00
Scan saved at 6:05:34 PM, on 7/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
O4 - HKLM\..\Run: [Ulead Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe -scan
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: RaptisoftGameLoader - http://miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1.0.0.15-3.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
End of file - 10737 bytes
ketchlv
35 Posts
0
July 30th, 2007 23:00
bamajim
10.4K Posts
0
July 31st, 2007 00:00
You may now remove/delete/uninstall the tools we used to clean your PC
Now that your log is clean
There are some final notes:
Disable and Enable System Restore
- Lets create a clean System Restore point
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.the instructions are here
Please follow these steps to remove older version Java components and update.
Updating Java:
- Download the latest version of
Make your Internet Explorer more secureJava Runtime Environment (JRE) 6.u2.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the " Download" button to the right.
Check the box that says: " Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u2-windowsi586-p.exe to install the newest version.
This can be done by following these simple instructions:
- Open Internet Explorer click Tools->> Options.
Update your Anti Virus SoftwareClick Security tab
Click once on the Internet icon so it becomes highlighted.
Click Custom Level.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click OK.
If it prompts you to save the settings, press Yes.
Next press Apply and then OK to exit the Internet Properties page
Use and maintain a Firewall such as ZoneAlarm
- The Windows Firewall is good at blocking incoming threats, but not outgoing threats such as "Backdoor Trojans"
Install IE SPYAD for protection against innocent looking websites that are not innocentSome others are
Sygate
And
Sunbelt personal
All of which are free
Visit Microsoft's Windows Update Site Frequently for critical updates
Backup your Important Documents and Files on a regular basis
- To a disc or a USB key, not your Hardrive
You may want to read this article" So how did I get infected in the first place" by Tony Kleinsurf safe
MRU Graduate
"The world is what you make of it"
ketchlv
35 Posts
0
July 31st, 2007 23:00
ketchlv
35 Posts
0
August 1st, 2007 00:00
Scan saved at 6:18:14 PM, on 7/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\poolsv\svhost.exe
C:\Program Files\Web Buying\v1.8.0\webbuying.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) - {9c29bc4e-fe21-4950-b24d-2453e67befc2} - C:\WINDOWS\system32\ahymjir.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
O4 - HKLM\..\Run: [Ulead Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe -scan
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.0\webbuying.exe
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: RaptisoftGameLoader - http://miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1.0.0.15-3.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
End of file - 11716 bytes
ketchlv
35 Posts
0
August 1st, 2007 00:00
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
C:\Program Files\poolsv
C:\Program Files\poolsv\k11u72.exe
C:\Program Files\poolsv\svhost.exe
C:\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe
C:\Program Files\poolsv\wr-1-0000077.exe
C:\Program Files\poolsv\YazzleBundle-1549.exe
C:\Program Files\svhost
C:\Program Files\web buying
C:\Program Files\web buying\v1.8.0\wbuninst.exe
C:\Program Files\web buying\v1.8.0\webbuying.exe
C:\WINDOWS\poolsv.exe
C:\WINDOWS\svhost.exe
C:\WINDOWS\system32\b10FdUe
C:\WINDOWS\system32\b10FdUe\b10FdUe1099.exe
C:\WINDOWS\system32\win
C:\WINDOWS\system32\X1
C:\WINDOWS\system32\X3
C:\WINDOWS\system32\X7
C:\WINDOWS\system32\X9
C:\WINDOWS\system32\X9\wb720.exe
((((((((((((((((((((((((( Files Created from 2007-07-01 to 2007-08-01 )))))))))))))))))))))))))))))))
2007-07-31 13:07 598,581 --a------ C:\Temp\bY001.exe
2007-07-31 13:07 171,520 --a------ C:\WINDOWS\system32\ahymjir.dll
2007-07-31 13:07
2007-07-31 13:07
2007-07-27 15:07 33,588 --a------ C:\WINDOWS\system32\drivers\wanatw4.sys
2007-07-27 15:07 225,280 --a------ C:\WINDOWS\system32\AOLDial.dll
2007-07-26 20:50
2007-07-25 19:37 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-07-25 19:37 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-07-25 19:37 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-07-25 19:37 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-07-25 19:37 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-07-25 19:37
2007-07-20 18:16 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-20 14:00 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-07-19 19:47
2007-07-17 12:11
2007-07-13 16:40
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-30 22:28:18 10,332 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-30 22:28:17 248 --sh--r C:\WINDOWS\system32\9A3AEA7C99.sys
2007-07-27 22:17:08 -------- d-----w C:\Program Files\America Online 9.0
2007-07-27 22:07:46 -------- d-----w C:\Program Files\Common Files\AOL
2007-07-17 23:43:36 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-07-03 18:34:31 -------- d-----w C:\Program Files\Picasa2
2007-06-30 23:32:45 -------- d-----w C:\DOCUME~1\AmandaK\APPLIC~1\Ulead Systems
2007-06-30 22:57:46 -------- d-----w C:\Program Files\MySpace
2007-06-30 18:36:13 -------- d-----w C:\Program Files\Enigma Software Group
2007-06-27 04:06:23 -------- d-----w C:\DOCUME~1\AmandaK\APPLIC~1\PC Tools
2007-06-27 03:38:38 -------- d-----w C:\Program Files\Alwil Software
2007-06-27 02:52:07 -------- d-----w C:\Program Files\Lavasoft
2007-06-22 22:15:50 -------- d-----w C:\DOCUME~1\AmandaK\APPLIC~1\Corel
2007-06-12 20:29:33 -------- d-----w C:\Program Files\Common Files\Corel
2007-06-12 20:28:26 -------- d-----w C:\Program Files\Corel
2007-06-10 23:46:48 -------- d-----w C:\DOCUME~1\AmandaK\APPLIC~1\Help
2007-06-10 22:18:56 -------- d-----w C:\DOCUME~1\AmandaK\APPLIC~1\MySpace
2007-06-09 03:46:01 -------- d-----w C:\DOCUME~1\AmandaK\APPLIC~1\EPSON
2007-06-03 18:48:28 104 --sh--r C:\WINDOWS\system32\997CEA3A9A.sys
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
2007-07-31 13:07 171520 --a------ C:\WINDOWS\system32\ahymjir.dll
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 17:42]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 01:12]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44]
"@"="" []
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-20 18:46]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 16:15]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 01:52]
"Ulead AutoDetector"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 08:32]
"Ulead Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe" [2005-08-22 09:10]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 14:12]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 08:42]
"SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [2007-04-26 16:04]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-07-25 20:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 12:30]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 14:22]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 14:17]
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-02-21 16:43:46]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-09 20:57:59]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-12-15 21:28:51]
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-02-21 16:43:46]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38]
Wireless USB 2.0 WLAN Card Utility.lnk - C:\Program Files\Dell Wireless\PRISMCFG.exe [2006-05-09 20:57:02]
PRISMAPI.DLL 2005-12-22 18:08 450646 C:\WINDOWS\system32\PRISMAPI.dll
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
dlacdbhm - System32\Drivers\DLACDBHM.SYS
dladresn - System32\DLA\DLADResN.SYS
dlaifs_m - System32\DLA\DLAIFS_M.SYS
dlaopiom - System32\DLA\DLAOPIOM.SYS
dlapoolm - System32\DLA\DLAPoolM.SYS
dlartl_n - System32\Drivers\DLARTL_N.SYS
dlaudfam - System32\DLA\DLAUDFAM.SYS
dlaudf_m - System32\DLA\DLAUDF_M.SYS
drvmcdb - System32\Drivers\DRVMCDB.SYS
drvnddm - System32\Drivers\DRVNDDM.SYS
dsunidrv - system32\DRIVERS\dsunidrv.sys - DellSupport UniDriver
fax - %systemroot%\system32\fxssvc.exe - Fax
ikfileflt - system32\drivers\ikfileflt.sys - File Filter Driver
ikfilesec - system32\drivers\ikfilesec.sys - File Security Driver
iksysflt - system32\drivers\iksysflt.sys - System Filter Driver
iksyssec - system32\drivers\iksyssec.sys - System Security Driver
prismsvc - C:\WINDOWS\system32\PRISMSVC.EXE - PRISMSVC
Contents of the 'Scheduled Tasks' folder
2007-07-27 23:29:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Rootkit scan 2007-07-31 18:34:27
Windows 5.1.2600 Service Pack 2 NTFS
"TracesProcessed"=dword:000004f3
hidden files: 0
C:\ComboFix-quarantined-files.txt ... 2007-07-31 18:35
C:\ComboFix2.txt ... 2007-07-21 23:20
C:\ComboFix3.txt ... 2007-07-20 18:47
bamajim
10.4K Posts
0
August 1st, 2007 00:00
MRU Graduate
"The world is what you make of it"