Hello. :)
I wanted to find out the proper procedure for relaying info before attempting to run then post the results of HijackThis.
My neighbor's laptop has been done in by some malware.
I read a couple of threads on here relating to PCSecurityLab.com, but there doesn't seem to be one universal removal process, hence my thread.
- The computer is so paralyzed that I can't even start the 5 step "do this first" process.
Even in Safe Mode, the malware app has disabled the Task Manager.
- The internet appears disabled in normal mode, so I can't download any apps (I'll have to burn them to CD and try moving them to the desktop and running them that way).
- And I can't uninstall any of the Recommended Removals because when I try to uninstall an app from the Add/Remove panel, it gives me a "The Windows Installer Service could not be accessed..." error.
Please advise on my next step.
Thank you in advance!
A resource like this online is greatly appreciated. :)
A bit more info:
It's running Service Pack 2.
Not sure the last time it was updated.
It's running Trend Micro PC-cillin for anti-virus protection.
Looks like it was last updated in October.
The only mentions I'm seeing with a specific virus name are:
A windows alert pops up, mentioning TrojanDownloader.xs
and a PC-cillin warning pops up mentioning:
TROJ_VB.CXL
c:\windows\fkwggshm.exe
---------
On the 5-steps to perform first, because of the internet problem,
I can't do 2 and 4.
And because of the Add/Remove problem,
I can't do 1.
And I'm squeamish of doing step 3 just because I can't do the other steps.
I went ahead and ran DSS.
Attached is the extra log.
here are the results from the main log:
Deckard's System Scanner v20071014.68
Run by Sonia on 2007-12-23 21:16:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
86: 2007-12-24 02:16:48 UTC - RP619 - Deckard's System Scanner Restore Point
85: 2007-12-23 04:19:03 UTC - RP618 - Last known good configuration
84: 2007-12-23 04:18:43 UTC - RP617 - Software Distribution Service 3.0
83: 2007-12-23 04:18:43 UTC - RP616 - System Checkpoint
82: 2007-12-23 04:18:42 UTC - RP615 - System Checkpoint
-- First Restore Point --
1: 2007-12-23 04:16:19 UTC - RP534 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 504 MiB (512 MiB recommended).
-- HijackThis (run as Sonia.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:21 PM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lpcywinp.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe
C:\Program Files\Real\RealPlayer\RealPlay .exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\Program Files\Dell\Media Experience\DMXLauncher .exe
C:\WINDOWS\system32\dla\tfswctrl .exe
C:\WINDOWS\system32\hkcmd .exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\igfxpers .exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide .exe
C:\Program Files\QdrModule\QdrModule11 .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect .exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center .exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon .exe
C:\Program Files\QdrPack\QdrPack11 .exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Sonia\Desktop\dss.exe
C:\DOCUME~1\Sonia\Desktop\Sonia.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\geede.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\lpcywinp.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: egmulhxk.msdn_hlp - {477840F3-BA52-44D9-8E41-38D61CAA010F} - C:\WINDOWS\system32\egmulhxk.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: BndBlock4 BHO Class - {8F9E2BE3-766D-4831-BB0E-766D5B819995} - C:\Program Files\QdrDrive\QdrDrive9.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} - C:\WINDOWS\system32\wvusrqq.dll
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {DF60DCA4-3063-4539-AD14-706EFD9FA00B} - C:\WINDOWS\system32\geede.dll
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset .exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1132961551\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Coast to Coast AM] C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center .exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [QdrModule11] "C:\Program Files\QdrModule\QdrModule11.exe"
O4 - HKCU\..\Run: [QdrPack11] "C:\Program Files\QdrPack\QdrPack11.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) -
http://games.pogo.com/online2/pogo/d...h.1.0.0.80.cab
O20 - Winlogon Notify: wvusrqq - C:\WINDOWS\SYSTEM32\wvusrqq.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 11744 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Component 1.0>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 tm_cfw (Common Firewall Driver) - c:\windows\system32\drivers\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~1\pcctlcom.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
R2 Tmntsrv (Trend Micro Real-time Service) - c:\progra~1\trendm~1\intern~1\tmntsrv.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
R2 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~1\tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
R2 tmproxy (Trend Micro Proxy Service) - c:\progra~1\trendm~1\intern~1\tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 1.0>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2007-12-21 14:19:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2007-11-23 and 2007-12-23 -----------------------------
2007-12-23 18:10:22 0 --a------ C:\WINDOWS\fkwggshm.exe
2007-12-23 17:50:43 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-12-23 17:50:43 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-12-23 17:50:43 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-12-23 17:50:43 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-12-23 17:50:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-12-23 17:50:43 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-12-23 17:50:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-12-23 17:50:42 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-12-23 17:50:42 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-12-23 17:50:42 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-12-23 17:50:42 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-12-23 17:50:42 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-12-23 17:50:42 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-12-23 17:50:42 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-12-23 17:50:42 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-12-23 17:50:41 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-12-23 10:09:43 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-12-23 10:08:23 28672 --a------ C:\WINDOWS\eventlowg.dll
2007-12-23 10:08:23 11008 --a------ C:\WINDOWS\daxtime.dll
2007-12-23 10:08:20 11520 --a------ C:\WINDOWS\system32\msole32.exe
2007-12-23 10:08:18 13056 --a------ C:\WINDOWS\liqui-Uninstaller.exe
2007-12-23 10:08:18 20736 --a------ C:\WINDOWS\liqui.exe
2007-12-23 10:08:18 21248 --a------ C:\WINDOWS\liqui.dll
2007-12-23 10:08:18 28672 --a------ C:\WINDOWS\fhfmm.exe
2007-12-23 10:08:17 32000 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe
2007-12-23 10:08:16 30464 --a------ C:\WINDOWS\xadbrk_.exe
2007-12-23 10:08:16 28928 --a------ C:\WINDOWS\xadbrk.exe
2007-12-23 10:08:16 15616 --a------ C:\WINDOWS\xadbrk.dll
2007-12-23 10:08:15 27136 --a------ C:\WINDOWS\kkcomp.dll
2007-12-23 10:08:14 16896 --a------ C:\WINDOWS\liqad.dll
2007-12-23 10:08:14 25856 --a------ C:\WINDOWS\kkcomp.exe
2007-12-23 10:08:14 12544 --a------ C:\WINDOWS\kkcomp$.exe
2007-12-23 10:08:13 16640 --a------ C:\WINDOWS\liqad.exe
2007-12-23 10:08:13 17920 --a------ C:\WINDOWS\liqad$.exe
2007-12-23 10:08:13 10496 --a------ C:\WINDOWS\kvnab.exe
2007-12-23 10:08:13 13568 --a------ C:\WINDOWS\kvnab.dll
2007-12-23 10:08:13 16896 --a------ C:\WINDOWS\kvnab$.exe
2007-12-23 10:08:12 24064 --a------ C:\WINDOWS\settn.dll
2007-12-23 10:08:12 16128 --a------ C:\WINDOWS\hcwprn.exe
2007-12-23 10:08:12 32256 --a------ C:\WINDOWS\cbinst$.exe
2007-12-23 10:08:11 12544 --a------ C:\WINDOWS\wbeInst$.exe
2007-12-23 10:08:11 11776 --a------ C:\WINDOWS\wbeCheck.exe
2007-12-23 10:08:11 19968 --a------ C:\WINDOWS\pbsysie.dll
2007-12-23 10:08:09 18432 --a------ C:\WINDOWS\iexplorr23.dll
2007-12-23 10:08:07 23552 --a------ C:\WINDOWS\adbar.dll
2007-12-23 10:08:04 23552 --a------ C:\WINDOWS\jd2002.dll
2007-12-23 10:08:03 9984 --a------ C:\WINDOWS\system32\ESHOPEE.exe
2007-12-23 10:08:03 14336 --a------ C:\WINDOWS\spredirect.dll
2007-12-23 10:08:02 0 d-------- C:\Program Files\e-zshopper
2007-12-23 10:07:59 0 d-------- C:\Program Files\amsys
2007-12-23 10:07:56 21504 --a------ C:\WINDOWS\ie_32.exe
2007-12-23 10:07:56 21760 --a------ C:\WINDOWS\aconti.exe
2007-12-23 10:07:54 0 d-------- C:\WINDOWS\system32\acespy
2007-12-23 10:07:54 10496 --a------ C:\WINDOWS\system32\ace16win.dll
2007-12-23 10:07:53 31232 --a------ C:\WINDOWS\xxxvideo.exe
2007-12-23 10:07:53 0 d-------- C:\Program Files\Accoona
2007-12-23 10:07:52 28928 --a------ C:\WINDOWS\ngd.dll
2007-12-23 10:07:52 13312 --a------ C:\WINDOWS\hotporn.exe
2007-12-23 10:07:52 13824 --a------ C:\WINDOWS\dp0.dll
2007-12-23 10:07:51 0 d-------- C:\Program Files\p2pnetworks
2007-12-23 10:07:48 0 d-------- C:\Program Files\akl
2007-12-23 10:07:47 25600 --a------ C:\WINDOWS\vxddsk.exe
2007-12-23 10:07:47 31488 --a------ C:\WINDOWS\system32\vxddsk.exe
2007-12-23 10:07:46 8960 --a------ C:\WINDOWS\wml.exe
2007-12-23 10:07:46 16128 --a------ C:\WINDOWS\system32\wml.exe
2007-12-23 10:07:44 16640 --a------ C:\WINDOWS\flt.dll
2007-12-23 10:07:44 21760 --a------ C:\WINDOWS\7search.dll
2007-12-23 10:07:43 11264 --a------ C:\WINDOWS\764.exe
2007-12-23 10:07:42 12544 --a------ C:\WINDOWS\pbar.dll
2007-12-23 10:07:38 0 d-------- C:\Program Files\3721
2007-12-23 09:44:54 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
2007-12-23 09:44:15 108551 --a------ C:\WINDOWS\system32\lpcywinp.exe <Not Verified; Microsoft; _>
2007-12-23 09:44:15 21504 --a------ C:\WINDOWS\system32\egmulhxk.dll <Not Verified; Microsoft; Windows Explorer cdrom optimizer>
2007-12-23 09:43:51 8711 --a------ C:\info.exe <Not Verified; Microsoft; rundll32>
2007-12-22 23:17:11 347648 --a------ C:\WINDOWS\system32\geede.exe
2007-12-22 23:15:58 9114 --ahs---- C:\WINDOWS\system32\edeeg.ini2
2007-12-22 23:15:48 344064 --a------ C:\WINDOWS\system32\geede.dll
2007-12-22 23:10:47 0 d-------- C:\Program Files\QdrPack
2007-12-22 23:10:25 40448 --a------ C:\WINDOWS\system32\wvusrqq.dll
2007-12-22 23:10:16 0 d-------- C:\Program Files\QdrModule
2007-12-22 23:10:14 0 d-------- C:\Program Files\QdrDrive
2007-12-22 23:10:12 0 d-------- C:\Program Files\ISM
-- Find3M Report ---------------------------------------------------------------
2007-12-23 21
33 0 d-------- C:\Program Files\QuickTime
2007-12-23 21
32 0 d-------- C:\Program Files\Coast to Coast AM Media Center
2007-12-23 21
12 0 d-------- C:\Program Files\iTunes
2007-12-23 21
08 0 d-------- C:\Program Files\Hello
2007-12-23 21
04 463360 --a------ C:\WINDOWS\system32\igfxpers.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2007-12-23 21
03 426496 --a------ C:\WINDOWS\system32\hkcmd.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2007-12-23 21
02 442880 --a------ C:\WINDOWS\system32\igfxtray.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2007-12-23 21:05:36 0 d-------- C:\Program Files\DellSupport
2007-10-25 12:42:07 0 d-------- C:\Documents and Settings\Sonia\Application Data\AdobeUM
2007-10-23 11:02:19 3766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-23 11:02:19 56 -r-hs---- C:\WINDOWS\system32\147D76203B.sys
2007-10-03 07:23:08 268 -r-h----- C:\Documents and Settings\Sonia\Application Data\Framework
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{477840F3-BA52-44D9-8E41-38D61CAA010F}]
12/23/2007 09:44 AM 21504 --a------ C:\WINDOWS\system32\egmulhxk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F9E2BE3-766D-4831-BB0E-766D5B819995}]
12/14/2007 09:26 PM 192512 --a------ C:\Program Files\QdrDrive\QdrDrive9.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21}]
12/22/2007 11:10 PM 40448 --a------ C:\WINDOWS\system32\wvusrqq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF60DCA4-3063-4539-AD14-706EFD9FA00B}]
12/22/2007 11:15 PM 344064 --a------ C:\WINDOWS\system32\geede.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [12/23/2007 09:05 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12/23/2007 09:05 PM]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [12/23/2007 09:05 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset .exe" [12/23/2007 09:06 PM]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [12/23/2007 09:05 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/23/2007 09:05 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" [12/23/2007 09:06 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [12/23/2007 09:05 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [12/23/2007 09:05 PM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [12/23/2007 09:05 PM]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [12/23/2007 09:05 PM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [12/23/2007 09:05 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1132961551\ee\AOLSoftware.exe" [12/23/2007 09:06 PM]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [12/23/2007 09:06 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/23/2007 09:06 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/23/2007 09:06 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/23/2007 09:06 PM]
"PicasaNet"="C:\Program Files\Hello\Hello.exe" [12/23/2007 09:06 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [12/23/2007 09:06 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/23/2007 09:06 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/23/2007 09:06 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [12/23/2007 09:05 PM]
"Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" [12/23/2007 09:05 PM]
"Coast to Coast AM"="C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center .exe" [12/23/2007 09:06 PM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [12/23/2007 09:05 PM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [12/23/2007 09:05 PM]
"QdrModule11"="C:\Program Files\QdrModule\QdrModule11.exe" [12/23/2007 09:05 PM]
"QdrPack11"="C:\Program Files\QdrPack\QdrPack11.exe" [12/23/2007 09:05 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [11/18/2005 11:46:22 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [11/18/2005 11:42:15 AM]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [10/3/2007 7:23:45 AM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [11/11/2004 12:59:36 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21}"= C:\WINDOWS\system32\wvusrqq.dll [12/22/2007 11:10 PM 40448]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\lpcywinp.exe,C:\WINDOWS\system32\userinit.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvusrqq]
wvusrqq.dll 12/22/2007 11:10 PM 40448 C:\WINDOWS\system32\wvusrqq.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geede
-- End of Deckard's System Scanner: finished at 2007-12-23 21:24:26 ------------