Thread: Apparent Malware/Spyware problem
View Single Post
Old 11-11-2008, 08:09 PM   #5 (permalink)
dwdwdw
Registered User
 
Join Date: Nov 2008
Posts: 6
OS: xp


Re: Apparent Malware/Spyware problem
I followed the steps and here and the new logs from combofix and HJ.

--------

ComboFix 08-11-10.01 - Dave Whalen 2008-11-11 23:15:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.636 [GMT -3.5:30]
Command switches used :: c:\documents and settings\Dave Whalen\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dave Whalen\Application Data\gadcom
c:\documents and settings\Dave Whalen\Application Data\Gool
c:\documents and settings\Dave Whalen\Application Data\Gool\Gool.exe
c:\documents and settings\Dave Whalen\Application Data\SSTEM~1
c:\documents and settings\Dave Whalen\Application Data\SSTEM~1\?xplorer.exe
c:\documents and settings\Dave Whalen\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Dave Whalen\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Dave Whalen\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\Instafinder
c:\program files\Instafinder\uninstall.exe
c:\program files\Mjcore
c:\program files\Mjcore\Mjcore.dll
c:\program files\Need2Find
c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR
c:\program files\Need2Find\bar\1.bin\PARTNER.DAT
c:\program files\Need2Find\bar\Cache\0188B18A
c:\program files\Need2Find\bar\Cache\0188B38E
c:\program files\Need2Find\bar\Cache\files.ini
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\prevcfg.htm
c:\program files\outerinfo
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\windows\Fonts\acrsecB.fon
c:\windows\Fonts\acrsecI.fon
c:\windows\smdat32m.sys
c:\windows\ssembl~1
c:\windows\ssembl~1\?ssembly\
c:\windows\ssembl~1\dexplore.exe
c:\windows\system32\DelSelf.bat
c:\windows\system32\drivers\1a2def1.sys
c:\windows\system32\drivers\TDSSpqlt.sys
c:\windows\system32\kaxs.dat
c:\windows\system32\MSINET.oca
c:\windows\system32\rbsgam.dll
c:\windows\system32\TDSShrxx.dll
c:\windows\system32\TDSSlxcp.dll
c:\windows\system32\TDSSmtvd.dat
c:\windows\system32\TDSSmxoe.log
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoiqt.dll
c:\windows\system32\TDSSotpa.log
c:\windows\system32\TDSSsahc.dll
c:\windows\system32\TDSSvkql.dll
c:\windows\system32\TDSSxfmm.dll
c:\windows\system32\testdll.dll
c:\windows\system32\wini108023.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Legacy_cmdservice
-------\Legacy_network_monitor
-------\Service_1a2def1


((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.

2008-11-11 20:14 . 2008-11-11 20:14 250 --a------ c:\windows\gmer.ini
2008-11-09 19:49 . 2008-11-09 19:49 <DIR> d-------- c:\program files\Webroot
2008-11-09 19:49 . 2008-11-09 19:49 <DIR> d-------- c:\documents and settings\Dave Whalen\Application Data\Webroot
2008-11-09 19:49 . 2008-11-09 19:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Webroot
2008-11-09 19:49 . 2008-11-09 19:49 <DIR> d-------- C:\Binaries
2008-11-09 19:49 . 2008-10-12 13:18 1,553,272 --a------ c:\windows\WRSetup.dll
2008-11-09 19:40 . 2008-11-09 19:40 164 --a------ C:\install.dat
2008-11-09 17:47 . 2008-11-09 17:47 1,374 --a------ c:\windows\imsins.BAK
2008-11-09 15:07 . 2008-11-10 23:17 <DIR> d--hs---- c:\windows\RGF2ZSBXaGFsZW4
2008-11-09 14:47 . 2008-11-09 14:47 <DIR> d-------- c:\program files\Webtools
2008-11-08 19:59 . 2008-11-08 19:59 <DIR> d-------- c:\program files\Enigma Software Group
2008-11-08 17:32 . 2008-11-10 01:28 <DIR> d-------- C:\HaxFix
2008-11-08 17:32 . 2008-11-08 17:31 486,678 --a------ C:\HaxFix.exe
2008-11-08 16:18 . 2008-11-08 16:19 <DIR> d-------- c:\windows\system32\NtmsData
2008-11-08 14:34 . 2008-11-08 14:34 <DIR> d-------- c:\program files\Trend Micro
2008-11-07 23:02 . 2008-11-07 23:02 2 --a------ c:\windows\msoffice.ini
2008-11-07 21:15 . 2008-11-07 21:15 <DIR> d--h----- c:\windows\PIF
2008-11-07 21:14 . 2006-03-14 08:35 380,928 -r------- c:\windows\system32\pSOAP32.dll
2008-11-07 21:14 . 2006-03-14 08:35 188,416 -r------- c:\windows\system32\pocketHTTP.dll
2008-11-07 21:14 . 2006-03-14 08:35 110,676 -r------- c:\windows\system32\psDime.dll
2008-11-07 21:14 . 2006-03-14 08:35 73,728 -r------- c:\windows\system32\psProxy.dll
2008-11-07 20:56 . 2008-11-07 20:56 <DIR> d-------- c:\program files\Lavasoft
2008-11-07 20:56 . 2008-11-07 20:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-07 20:55 . 2008-11-07 20:55 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-07 20:36 . 2005-08-27 02:38 1,435,272 --a------ c:\windows\system32\Flash.ocx
2008-11-07 20:36 . 2004-05-11 10:56 423,784 --a------ c:\windows\system32\XceedBkp.dll
2008-11-07 20:36 . 2004-02-05 21:53 389,120 --a------ c:\windows\system32\ACTSKN43.OCX
2008-11-07 20:36 . 2004-01-09 11:54 188,416 --a------ c:\windows\system32\actsplash.ocx
2008-11-07 20:36 . 2004-03-09 00:00 131,856 --a------ c:\windows\system32\MSADODC.ocx
2008-11-07 20:36 . 2000-07-15 06:00 101,888 --a------ c:\windows\system32\VB6STKIT.DLL
2008-11-07 20:36 . 2001-03-28 23:02 89,088 --a------ c:\windows\system32\ProgressBar4.ocx
2008-11-07 20:36 . 1999-01-26 19:36 11,012 --a------ c:\windows\system32\threadapi.tlb
2008-11-07 19:36 . 2008-11-08 21:02 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-07 19:28 . 2008-11-11 23:25 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-07 19:28 . 2008-11-08 20:02 <DIR> d-------- c:\documents and settings\Dave Whalen\Application Data\AVGTOOLBAR
2008-11-07 19:28 . 2008-11-07 19:28 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-07 19:28 . 2008-11-07 19:28 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-07 17:54 . 2008-11-07 17:54 <DIR> d-------- c:\program files\AVG
2008-11-07 17:54 . 2008-11-07 19:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-07 14:32 . 2008-11-07 14:32 10,000 --a------ c:\windows\system32\jsne87fidgf.dll
2008-11-07 14:32 . 2008-11-07 14:32 2 --a------ C:\-1341593358
2008-11-07 14:30 . 2008-11-07 14:30 <DIR> d-------- c:\windows\system32\sX3i19
2008-11-07 14:30 . 2008-11-07 19:21 <DIR> d-------- c:\windows\system32\pg3
2008-11-07 14:30 . 2008-11-07 19:21 <DIR> d-------- c:\windows\system32\OMS
2008-11-07 14:30 . 2008-11-07 19:20 <DIR> d-------- c:\windows\system32\emi
2008-11-07 14:30 . 2008-11-07 14:30 <DIR> d-------- c:\windows\system32\db1
2008-11-07 14:30 . 2008-11-07 14:30 <DIR> d-------- c:\temp\PRE45
2008-11-07 14:30 . 2008-11-11 23:16 <DIR> d-------- C:\Temp
2008-11-07 14:30 . 2008-11-07 14:30 79,094 --a------ c:\windows\system32\oexyhuvhtie.exe
2008-10-24 19:53 . 2008-10-24 19:53 <DIR> d-------- c:\windows\Logs
2008-10-19 23:01 . 2008-03-05 15:26 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2008-10-19 23:01 . 2007-07-19 17:44 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2008-10-19 23:01 . 2007-05-16 16:15 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
2008-10-19 23:01 . 2007-03-12 16:12 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2008-10-19 23:01 . 2006-11-29 12:36 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-10-19 23:01 . 2006-09-28 15:35 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2008-10-19 23:01 . 2007-04-04 18:23 81,768 --a------ c:\windows\system32\xinput1_3.dll
2008-10-14 12:09 . 2008-10-14 12:09 171,520 --a------ c:\windows\system32\ffksqtcpfaaaeh.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 02:23 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-11 23:01 --------- d-----w c:\program files\Common Files\Adobe
2008-11-10 04:09 --------- d-----w c:\program files\Virtools
2008-11-08 03:51 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 02:32 --------- d-----w c:\program files\Common Files\AOL
2008-11-08 02:32 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-11-04 22:34 --------- d-----w c:\program files\Common Files\HP
2008-11-04 22:20 --------- d-----w c:\program files\Hewlett-Packard
2008-11-04 22:19 --------- d-----w c:\program files\HP
2008-10-24 23:24 --------- d-----w c:\program files\EA SPORTS
2008-10-02 07:45 29,808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys
2008-10-02 07:45 23,152 ----a-w c:\windows\system32\drivers\sshrmd.sys
2008-10-02 07:45 170,608 ----a-w c:\windows\system32\drivers\ssidrv.sys
2008-04-18 15:48 43,432 ----a-w c:\documents and settings\Dave Whalen\Application Data\GDIPFONTCACHEV1.DAT
2005-08-02 20:16 187,904 --sha-r c:\windows\RGF2ZSBXaGFsZW4\asappsrv.dll
2005-07-29 19:54 472 --sha-r c:\windows\RGF2ZSBXaGFsZW4\l3IZtm1ru3IPtqb.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33CD1052-E42E-65E7-6C28-CE8E11FBCA4A}]
2008-10-14 12:09 171520 --a------ c:\windows\system32\ffksqtcpfaaaeh.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznltci"="c:\documents and settings\Dave Whalen\Application Data\s?stem\?xplorer.exe" [?]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"Google Update"="c:\documents and settings\Dave Whalen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-08 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-02-15 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"xtezvpoecqrgjoa"="c:\windows\system32\ffksqtcpfaaaeh.dll" [2008-10-14 171520]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-07 1234712]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

c:\documents and settings\Dave Whalen\Start Menu\Programs\Startup\
FIFA 09 Registration.lnk - c:\program files\EA SPORTS\FIFA 09\Support\EAregister.exe [2008-10-19 4369408]
NHLr 09 Registration.lnk - c:\program files\EA SPORTS\NHL 09\Support\EAregister.exe [2008-10-24 4374792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-08-07 24576]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=karna.dat,avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wrconsumerservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\EA SPORTS\\NHL 09\\nhl2009.exe"=
"c:\\Program Files\\EA SPORTS\\FIFA 09\\FIFA09.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2008-10-02 29808]
R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-07 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-07 231704]
R2 wrconsumerservice;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2008-10-12 1066360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0fd0bde-d83c-11dc-8877-001302d557fe}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-11-12 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Dave Whalen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-08 00:57]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Sen - c:\windows\SSEMBL~1\dexplore.exe
HKU-Default-Run-brastk - c:\windows\system32\brastk.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Dave Whalen\Application Data\Mozilla\Firefox\Profiles\2hpyyq4s.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - c:\documents and settings\Dave Whalen\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 23:23:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\regsvr32.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-11-11 23:28:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-12 02:58:29

Pre-Run: 69,465,575,424 bytes free
Post-Run: 75,309,957,120 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

275 --- E O F --- 2008-11-11 17:04:20






------------------------






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:46 PM, on 11/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Documents and Settings\Dave Whalen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&c...row&channel=ca
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca/ig/dell?hl=en&c...row&channel=ca
O2 - BHO: netupbanner browser enhancer - {33CD1052-E42E-65E7-6C28-CE8E11FBCA4A} - C:\WINDOWS\system32\ffksqtcpfaaaeh.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [xtezvpoecqrgjoa] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\ffksqtcpfaaaeh.dll"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dave Whalen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Seznltci] "C:\Documents and Settings\Dave Whalen\Application Data\s?stem\?xplorer.exe"
O4 - Startup: FIFA 09 Registration.lnk = C:\Program Files\EA SPORTS\FIFA 09\Support\EAregister.exe
O4 - Startup: NHL® 09 Registration.lnk = C:\Program Files\EA SPORTS\NHL 09\Support\EAregister.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [international] International*
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1157038000312
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/act...cheManager.CAB
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - http://nsprdnacw-vip.aliant.net/lwp/...XInstaller.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: karna.dat,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (webrootspysweeperservice) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Webroot Client Service (wrconsumerservice) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 11268 bytes
dwdwdw is offline