Tech Support Forum - View Single Post

Socha_62 · 12-02-2006, 06:20 PM

Okay, heres the new logs after the first bit of cleaning.

SmitFraudFix v2.126

Scan done at 20:03:03.75, Sat 12/02/2006
Run from C:\Documents and Settings\Jason\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates"

[HKEY_CLASSES_ROOT\CLSID\{1a01a98c-4f25-42e1-971a-185cf63569b2}\InProcServer32]
@="C:\WINDOWS\system32\tpedvf.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1a01a98c-4f25-42e1-971a-185cf63569b2}\InProcServer32]
@="C:\WINDOWS\system32\tpedvf.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\tpedvf.dll -> Hoax.Win32.Renos.gen.i
C:\WINDOWS\system32\tpedvf.dll -> Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\drvtum.dll Deleted
C:\Documents and Settings\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Virus-Bursters 6.3.lnk Deleted
C:\DOCUME~1\Jason\Desktop\Virus-Bursters.lnk Deleted
C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url Deleted
C:\DOCUME~1\Jason\FAVORI~1\Antivirus Test Online.url Deleted
C:\DOCUME~1\Jason\STARTM~1\Virus-Bursters 6.3.lnk Deleted
C:\DOCUME~1\Jason\STARTM~1\Programs\Virus-Bursters Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\Virus-Bursters\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Jason - 06-12-02 20:11:27.84 Service Pack 2
ComboFix 06-12-01W-BetaE - Running from: "C:\Documents and Settings\Jason\My Documents\Software Downloads"

((((((((((((((((((((((((((((((( Files Created from 2006-11-02 to 2006-12-02 ))))))))))))))))))))))))))))))))))

2006-12-02 20:02 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-02 20:02 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-02 20:02 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-02 20:02 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-02 19:47 <DIR> d-------- C:\Program Files\HJT
2006-12-01 22:17 826,554 ---hs---- C:\WINDOWS\system32\svvwa.bak2
2006-12-01 16:11 <DIR> d-------- C:\WINDOWS\temp
2006-12-01 16:08 <DIR> d-------- C:\WINNT
2006-12-01 16:06 <DIR> d-------- C:\WINDOWS\erdnt
2006-12-01 12:02 94,208 --a------ C:\WINDOWS\system32\txvxvj.dll
2006-12-01 12:02 70,656 --a------ C:\WINDOWS\system32\zlkbjsi.dll
2006-12-01 12:00 40,973 ---hs---- C:\WINDOWS\system32\iiiihii.dll
2006-11-28 21:10 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\dvdcss
2006-11-28 20:37 <DIR> d-------- C:\Program Files\Lavasoft
2006-11-28 20:37 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Lavasoft
2006-11-28 20:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-28 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-28 17:39 <DIR> d-------- C:\Program Files\VSAdd-in
2006-11-28 17:38 801,914 ---hs---- C:\WINDOWS\system32\svvwa.bak1
2006-11-28 17:38 704,564 ---hs---- C:\WINDOWS\system32\awvvs.dll
2006-11-28 17:38 42,516 --a------ C:\WINDOWS\system32\kobtkxyl.dll
2006-11-28 17:06 <DIR> d-------- C:\Program Files\WinRAR
2006-11-28 12:30 641,021 --a------ C:\WINDOWS\unins000.exe
2006-11-28 12:30 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2006-11-28 12:30 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2006-11-28 12:30 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2006-11-28 12:30 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2006-11-28 12:30 187,904 --a------ C:\WINDOWS\system32\Lame.exe
2006-11-28 12:30 166,912 --a------ C:\WINDOWS\system32\Lame_enc.dll
2006-11-28 12:30 <DIR> d-------- C:\Program Files\XviD
2006-11-19 22:04 <DIR> d-------- C:\Program Files\Alarm Clock
2006-11-16 09:27 <DIR> d-------- C:\a960884c588070d1b2f0
2006-11-12 17:24 <DIR> d-------- C:\Program Files\iTunes
2006-11-12 17:24 <DIR> d-------- C:\Program Files\iPod
2006-11-12 17:23 <DIR> d-------- C:\Program Files\QuickTime
2006-11-12 17:22 <DIR> d-------- C:\Program Files\Apple Software Update
2006-11-08 12:33 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2006-11-08 12:33 356,096 --a------ C:\WINDOWS\system32\rt61.sys
2006-11-08 12:33 356,096 --a------ C:\WINDOWS\system32\drivers\rt61.sys
2006-11-08 12:33 243,328 --a------ C:\WINDOWS\system32\rt2500.sys
2006-11-08 12:33 17,992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys
2006-11-08 12:33 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys
2006-11-08 12:33 17,992 --a------ C:\WINDOWS\bcm42rly.sys
2006-11-08 12:33 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2006-11-08 12:32 <DIR> d-------- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-02 19:55 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-01 16:08 -------- d-------- C:\Program Files\Common Files
2006-11-22 21:21 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-22 21:21 -------- d-------- C:\Documents and Settings\Jason\Application Data\Adobe
2006-11-22 21:20 -------- d-------- C:\Program Files\Adobe
2006-11-21 23:05 4096 --a------ C:\Documents and Settings\Jason\Application Data\dvd.bmk
2006-11-16 09:27 -------- d-------- C:\Program Files\Internet Explorer
2006-11-10 14:47 -------- d-------- C:\Documents and Settings\Jason\Application Data\SolidWorks
2006-11-08 12:33 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2006-11-08 12:33 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-01 21:11 88 -r-hs---- C:\WINDOWS\system32\9D64738EF4.sys
2006-11-01 21:11 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-10-31 21:19 -------- d-------- C:\Program Files\TallStick
2006-10-30 15:18 -------- d-------- C:\Program Files\VstPlugins
2006-10-30 15:18 -------- d-------- C:\Program Files\Image-Line
2006-10-22 23:00 -------- d-------- C:\Documents and Settings\Jason\Application Data\DivX
2006-10-22 22:59 -------- d-------- C:\Program Files\DivX
2006-10-16 23:30 -------- d-------- C:\Program Files\Audacity 1.3 Beta
2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 05:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-09 12:26 -------- d-------- C:\Program Files\LimeWire
2006-10-09 12:26 -------- d-------- C:\Program Files\Java
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 14:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 14:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"OE_OEM"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\TMAS_OE\\TMAS_OEMon.exe\""
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SigmatelSysTrayApp"="stsystra.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
@=""
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccguide.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"txvxvj.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\txvxvj.dll,mxrultb"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C671A733-A4AA-4B5F-8CEE-006242C457B5}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-02 20:14:27.17
C:\ComboFix2.txt ... 06-12-01 16:10

Logfile of HijackThis v1.99.1
Scan saved at 8:15:37 PM, on 12/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\UGS\License Servers\UGNXFLEXlm\uglmd.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HJT\hijackthis\Socha.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {252D228E-225D-7305-991F-0AD64BCC551B} - C:\WINDOWS\system32\zlkbjsi.dll
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\kobtkxyl.dll
O2 - BHO: (no name) - {4DE3D314-D309-C3DC-9D22-0743EEF87D7E} - C:\WINDOWS\system32\qrsgpbc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7FA7970D-BE9F-445F-AD17-F534D7C668AE} - C:\WINDOWS\system32\awvvs.dll
O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - C:\WINDOWS\system32\iiiihii.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Safety Bar - {fbea0445-4c4a-4136-864a-c72a4a182a84} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [txvxvj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\txvxvj.dll,mxrultb
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{95248D73-4C96-41BC-954A-1A5B3723BEA9}: NameServer = 24.247.15.53,24.247.24.53
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll
O20 - Winlogon Notify: iiiihii - C:\WINDOWS\SYSTEM32\iiiihii.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzwr32 - C:\WINDOWS\SYSTEM32\winzwr32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Unigraphics License Server (uglmd) - Macrovision Corporation - C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

12-02-2006, 06:20 PM	#7 (permalink)
Socha_62 Registered User Join Date: Nov 2005 Posts: 29 OS: XP	Okay, heres the new logs after the first bit of cleaning. SmitFraudFix v2.126 Scan done at 20:03:03.75, Sat 12/02/2006 Run from C:\Documents and Settings\Jason\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates" [HKEY_CLASSES_ROOT\CLSID\{1a01a98c-4f25-42e1-971a-185cf63569b2}\InProcServer32] @="C:\WINDOWS\system32\tpedvf.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1a01a98c-4f25-42e1-971a-185cf63569b2}\InProcServer32] @="C:\WINDOWS\system32\tpedvf.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri C:\WINDOWS\system32\tpedvf.dll -> Hoax.Win32.Renos.gen.i C:\WINDOWS\system32\tpedvf.dll -> Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\ot.ico Deleted C:\WINDOWS\system32\ts.ico Deleted C:\WINDOWS\system32\drvtum.dll Deleted C:\Documents and Settings\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Virus-Bursters 6.3.lnk Deleted C:\DOCUME~1\Jason\Desktop\Virus-Bursters.lnk Deleted C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url Deleted C:\DOCUME~1\Jason\FAVORI~1\Antivirus Test Online.url Deleted C:\DOCUME~1\Jason\STARTM~1\Virus-Bursters 6.3.lnk Deleted C:\DOCUME~1\Jason\STARTM~1\Programs\Virus-Bursters Deleted C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted C:\Program Files\Virus-Bursters\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Jason - 06-12-02 20:11:27.84 Service Pack 2 ComboFix 06-12-01W-BetaE - Running from: "C:\Documents and Settings\Jason\My Documents\Software Downloads" ((((((((((((((((((((((((((((((( Files Created from 2006-11-02 to 2006-12-02 )))))))))))))))))))))))))))))))))) 2006-12-02 20:02 53,248 --a------ C:\WINDOWS\system32\Process.exe 2006-12-02 20:02 40,960 --a------ C:\WINDOWS\system32\swsc.exe 2006-12-02 20:02 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2006-12-02 20:02 135,168 --a------ C:\WINDOWS\system32\swreg.exe 2006-12-02 19:47 <DIR> d-------- C:\Program Files\HJT 2006-12-01 22:17 826,554 ---hs---- C:\WINDOWS\system32\svvwa.bak2 2006-12-01 16:11 <DIR> d-------- C:\WINDOWS\temp 2006-12-01 16:08 <DIR> d-------- C:\WINNT 2006-12-01 16:06 <DIR> d-------- C:\WINDOWS\erdnt 2006-12-01 12:02 94,208 --a------ C:\WINDOWS\system32\txvxvj.dll 2006-12-01 12:02 70,656 --a------ C:\WINDOWS\system32\zlkbjsi.dll 2006-12-01 12:00 40,973 ---hs---- C:\WINDOWS\system32\iiiihii.dll 2006-11-28 21:10 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\dvdcss 2006-11-28 20:37 <DIR> d-------- C:\Program Files\Lavasoft 2006-11-28 20:37 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Lavasoft 2006-11-28 20:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2006-11-28 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2006-11-28 17:39 <DIR> d-------- C:\Program Files\VSAdd-in 2006-11-28 17:38 801,914 ---hs---- C:\WINDOWS\system32\svvwa.bak1 2006-11-28 17:38 704,564 ---hs---- C:\WINDOWS\system32\awvvs.dll 2006-11-28 17:38 42,516 --a------ C:\WINDOWS\system32\kobtkxyl.dll 2006-11-28 17:06 <DIR> d-------- C:\Program Files\WinRAR 2006-11-28 12:30 641,021 --a------ C:\WINDOWS\unins000.exe 2006-11-28 12:30 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL 2006-11-28 12:30 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2006-11-28 12:30 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE 2006-11-28 12:30 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2006-11-28 12:30 187,904 --a------ C:\WINDOWS\system32\Lame.exe 2006-11-28 12:30 166,912 --a------ C:\WINDOWS\system32\Lame_enc.dll 2006-11-28 12:30 <DIR> d-------- C:\Program Files\XviD 2006-11-19 22:04 <DIR> d-------- C:\Program Files\Alarm Clock 2006-11-16 09:27 <DIR> d-------- C:\a960884c588070d1b2f0 2006-11-12 17:24 <DIR> d-------- C:\Program Files\iTunes 2006-11-12 17:24 <DIR> d-------- C:\Program Files\iPod 2006-11-12 17:23 <DIR> d-------- C:\Program Files\QuickTime 2006-11-12 17:22 <DIR> d-------- C:\Program Files\Apple Software Update 2006-11-08 12:33 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll 2006-11-08 12:33 356,096 --a------ C:\WINDOWS\system32\rt61.sys 2006-11-08 12:33 356,096 --a------ C:\WINDOWS\system32\drivers\rt61.sys 2006-11-08 12:33 243,328 --a------ C:\WINDOWS\system32\rt2500.sys 2006-11-08 12:33 17,992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys 2006-11-08 12:33 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys 2006-11-08 12:33 17,992 --a------ C:\WINDOWS\bcm42rly.sys 2006-11-08 12:33 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys 2006-11-08 12:32 <DIR> d-------- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor 2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-02 19:55 -------- d-------- C:\Program Files\Mozilla Firefox 2006-12-01 16:08 -------- d-------- C:\Program Files\Common Files 2006-11-22 21:21 -------- d-------- C:\Program Files\Common Files\Adobe 2006-11-22 21:21 -------- d-------- C:\Documents and Settings\Jason\Application Data\Adobe 2006-11-22 21:20 -------- d-------- C:\Program Files\Adobe 2006-11-21 23:05 4096 --a------ C:\Documents and Settings\Jason\Application Data\dvd.bmk 2006-11-16 09:27 -------- d-------- C:\Program Files\Internet Explorer 2006-11-10 14:47 -------- d-------- C:\Documents and Settings\Jason\Application Data\SolidWorks 2006-11-08 12:33 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2006-11-08 12:33 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-11-01 21:11 88 -r-hs---- C:\WINDOWS\system32\9D64738EF4.sys 2006-11-01 21:11 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2006-10-31 21:19 -------- d-------- C:\Program Files\TallStick 2006-10-30 15:18 -------- d-------- C:\Program Files\VstPlugins 2006-10-30 15:18 -------- d-------- C:\Program Files\Image-Line 2006-10-22 23:00 -------- d-------- C:\Documents and Settings\Jason\Application Data\DivX 2006-10-22 22:59 -------- d-------- C:\Program Files\DivX 2006-10-16 23:30 -------- d-------- C:\Program Files\Audacity 1.3 Beta 2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll 2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll 2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll 2006-10-13 05:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys 2006-10-09 12:26 -------- d-------- C:\Program Files\LimeWire 2006-10-09 12:26 -------- d-------- C:\Program Files\Java 2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll 2006-10-02 14:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll 2006-10-02 14:04 635486 --a------ C:\WINDOWS\system32\DivX.dll 2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll 2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup" "OE_OEM"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\TMAS_OE\\TMAS_OEMon.exe\"" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SigmatelSysTrayApp"="stsystra.exe" "ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\"" "DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe" "ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" @="" "pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccguide.exe\"" "DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE" "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "txvxvj.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\txvxvj.dll,mxrultb" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{C671A733-A4AA-4B5F-8CEE-006242C457B5}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Usnsvc REG_MULTI_SZ usnsvc\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job Completion time: 06-12-02 20:14:27.17 C:\ComboFix2.txt ... 06-12-01 16:10 Logfile of HijackThis v1.99.1 Scan saved at 8:15:37 PM, on 12/2/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Program Files\UGS\License Servers\UGNXFLEXlm\uglmd.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HJT\hijackthis\Socha.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {252D228E-225D-7305-991F-0AD64BCC551B} - C:\WINDOWS\system32\zlkbjsi.dll O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\kobtkxyl.dll O2 - BHO: (no name) - {4DE3D314-D309-C3DC-9D22-0743EEF87D7E} - C:\WINDOWS\system32\qrsgpbc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: (no name) - {7FA7970D-BE9F-445F-AD17-F534D7C668AE} - C:\WINDOWS\system32\awvvs.dll O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - C:\WINDOWS\system32\iiiihii.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: Safety Bar - {fbea0445-4c4a-4136-864a-c72a4a182a84} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing) O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [txvxvj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\txvxvj.dll,mxrultb O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{95248D73-4C96-41BC-954A-1A5B3723BEA9}: NameServer = 24.247.15.53,24.247.24.53 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll O20 - Winlogon Notify: iiiihii - C:\WINDOWS\SYSTEM32\iiiihii.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winzwr32 - C:\WINDOWS\SYSTEM32\winzwr32.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Unigraphics License Server (uglmd) - Macrovision Corporation - C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)