Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Please help spyware and trojans killing comp.
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 02-11-2008, 05:08 PM   #1 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 7
OS: win xp


Please help spyware and trojans killing comp.
I have done the five step process, however microsoft could not download updates.net framework 2.0 service packand cumulative service update for ie 7. macafee keeps poping up trojans generic.dx, vundo, adclicker-fx, and downloader.gen.a. Here is a copy of panda scan, and hijackthis reports.....
Deckard's System Scanner v20071014.68
Run by JON SMITH on 2008-02-11 17:09:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-02-11 23:09:38 UTC - RP15 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-11 17:12:29
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\DOCUME~1\JONSMI~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\browser\ycommon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files\McAfee\VirusScan\mcvsshld.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\JON SMITH\My Documents\software\dss.exe
C:\Program Files\McAfee\MPF\MC\MpfAlert.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...inc&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&...inc&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.com/ig/dell?hl=en&...inc&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...inc&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 192.168.1.64 HP000D9D1030C5
O1 - Hosts: 192.168.1.103 HP0017A430AC07
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: {e3b78d08-17ea-356a-9264-d2efcaf98b44} - {44b89fac-fe2d-4629-a653-ae7180d87b3e} - C:\WINDOWS\system32\dxmhvefg.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {A3E9D6C8-C2F2-4BD5-BA13-A8928702795D} - C:\WINDOWS\system32\vtstt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [6cf998c2] rundll32.exe "C:\WINDOWS\system32\vicejwdb.dll",b
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1151727849984
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...nt/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...96/mcfscan.cab
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: jkkjgfe - C:\WINDOWS\system32\jkkjgfe.dll (file missing)
O23 - Service: McAfee Application Installer Cleanup (0203921202644438) (0203921202644438mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\020392~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\jegvbmyd.exe /service
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe


--
End of file - 18472 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.1100>

S3 btwhid - c:\windows\system32\drivers\btwhid.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.1100>
S3 btwmodem (Bluetooth Modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.1100>
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 NETw4x32 (Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit) - c:\windows\system32\drivers\netw4x32.sys <Not Verified; Intel Corporation; Intel® Wireless WiFi Link Adapter>
S3 Profos - c:\program files\common files\bitdefender\bitdefender threat scanner\profos.sys (file missing)
S3 shwMirror - c:\windows\system32\drivers\shwmirror.sys (file missing)
S3 Trufos - c:\program files\common files\bitdefender\bitdefender threat scanner\trufos.sys (file missing)
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Creative Labs Licensing Service - "c:\program files\common files\creative labs shared\service\creativelicensing.exe" <Not Verified; Creative Labs; Creative Labs Licensing Service>
R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter
R2 WLANKEEPER (Intel(R) PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel Corporation; SSO Service>

S2 0203921202644438mcinstcleanup (McAfee Application Installer Cleanup (0203921202644438)) - c:\windows\temp\020392~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)
S2 DomainService - c:\windows\system32\jegvbmyd.exe /service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: OmniCom Mirror Driver
Device ID: ROOT\DISPLAY\0000
Manufacturer: OmniCom
Name: OmniCom Mirror Driver
PNP Device ID: ROOT\DISPLAY\0000
Service: shwMirror


-- Scheduled Tasks -------------------------------------------------------------

2008-02-04 19:36:14 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-02-01 01:01:10 360 --a------ C:\WINDOWS\Tasks\McQcTask.job
2007-12-15 01:22:04 358 --a------ C:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2008-01-11 and 2008-02-11 -----------------------------

2008-02-11 06:32:46 0 d-------- C:\ie-spyad_zo
2008-02-11 06:29:44 0 d-------- C:\Program Files\SpywareBlaster
2008-02-10 22:04:53 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-02-10 22:03:06 8576 --a------ C:\WINDOWS\system32\drivers\kvsisqxvirna.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-02-10 21:44:20 86080 --a------ C:\WINDOWS\system32\vicejwdb.dll
2008-02-10 21:41:19 70720 --a------ C:\WINDOWS\system32\kypaxmms.dll
2008-02-10 21:38:19 93248 --a------ C:\WINDOWS\system32\dxmhvefg.dll
2008-02-10 21:33:52 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-10 05:53:53 0 d-------- C:\WINDOWS\LastGood
2008-02-09 21:43:56 89664 -----n--- C:\WINDOWS\system32\eqejntvd.dll
2008-02-09 21:40:56 93760 --a------ C:\WINDOWS\system32\sgkbocfk.dll
2008-02-09 21:37:56 70208 --a------ C:\WINDOWS\system32\tpbgrvmp.dll
2008-02-08 16:33:34 88640 -----n--- C:\WINDOWS\system32\icdrcwoe.dll
2008-02-08 16:26:53 94784 --a------ C:\WINDOWS\system32\myfkmkwj.dll
2008-02-08 16:26:42 68160 --a------ C:\WINDOWS\system32\mckhgkry.dll
2008-02-08 16:26:08 68160 --a------ C:\WINDOWS\system32\chqmovib.dll
2008-02-08 16:25:55 94784 --a------ C:\WINDOWS\system32\adsepich.dll
2008-02-06 19:26:34 68672 --a------ C:\WINDOWS\system32\bwtaivyw.dll
2008-02-06 19:26:30 92224 --a------ C:\WINDOWS\system32\lshajsnn.dll
2008-02-05 18:26:54 94272 --a------ C:\WINDOWS\system32\jjviysbi.dll
2008-02-05 18:23:54 70208 --a------ C:\WINDOWS\system32\acbthfxb.dll
2008-02-04 23:34:52 0 d-------- C:\Program Files\iTunes
2008-02-04 23:27:23 0 d-------- C:\Program Files\QuickTime
2008-02-04 23:11:58 44304 --a------ C:\WINDOWS\system32\msrpfs35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-04 23:11:58 344064 --a------ C:\WINDOWS\system32\msexch35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-04 23:11:57 294912 --a------ C:\WINDOWS\system32\msxbse35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-04 23:11:57 166672 --a------ C:\WINDOWS\system32\mstext35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-04 23:11:57 250128 --a------ C:\WINDOWS\system32\mspdox35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-04 23:11:57 39424 --a------ C:\WINDOWS\system32\JETCOMP.exe <Not Verified; Microsoft Corporation; Microsoft® Database Compact Utility>
2008-02-04 23:11:56 168720 --a------ C:\WINDOWS\system32\msltus35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-04 23:11:56 1238288 --a------ C:\WINDOWS\system32\msjt4jlt.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-04 23:11:56 252688 --a------ C:\WINDOWS\system32\msexcl35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-04 23:11:42 0 d-------- C:\Program Files\Motorola
2008-02-04 18:23:57 68672 --a------ C:\WINDOWS\system32\fhmavsjl.dll
2008-02-03 21:57:43 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-01-30 21:29:58 353056 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-30 21:29:58 2811680 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-30 21:20:43 0 d-------- C:\Program Files\Kaspersky Lab
2008-01-30 21:20:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-30 21:17:21 0 d-------- C:\KAV
2008-01-30 20:44:47 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-01-30 20:08:53 0 d-------- C:\VundoFix Backups
2008-01-30 19:29:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-29 16:42:39 0 d-------- C:\Documents and Settings\JON SMITH\.housecall6.6
2008-01-16 16:26:28 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-01-14 18:33:25 0 d-------- C:\Program Files\Avanquest update
2008-01-14 18:33:20 0 d-------- C:\Documents and Settings\JON SMITH\Application Data\InstallShield


-- Find3M Report ---------------------------------------------------------------

2008-02-11 17:11:16 248554 --ahs---- C:\WINDOWS\system32\ttstv.ini2
2008-02-10 22:42:19 0 d-------- C:\Program Files\Messenger
2008-02-10 22:37:04 0 d-------- C:\Program Files\Digital Line Detect
2008-02-05 16:33:21 0 d-------- C:\Documents and Settings\JON SMITH\Application Data\Adobe
2008-02-04 23:35:23 0 d-------- C:\Program Files\iPod
2008-02-04 23:11:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-03 21:55:59 0 d-------- C:\Program Files\Common Files\BitDefender
2008-01-31 13:36:41 0 d-------- C:\Program Files\McAfee
2008-01-30 19:29:32 0 d-------- C:\Program Files\Common Files
2008-01-30 16:35:08 0 d-------- C:\Documents and Settings\JON SMITH\Application Data\AdobeUM
2008-01-29 16:41:18 0 d-------- C:\Program Files\Java
2008-01-28 17:29:24 0 d-------- C:\Program Files\DIGStream
2008-01-14 18:37:07 0 d-------- C:\Program Files\Motorola Phone Tools
2008-01-06 19:07:48 0 d-------- C:\Program Files\Yahoo!
2008-01-06 18:54:26 0 d-------- C:\Program Files\SBC Yahoo!
2008-01-04 19:51:49 0 d-------- C:\Documents and Settings\JON SMITH\Application Data\MSNInstaller
2008-01-03 20:46:49 0 d-------- C:\Program Files\Common Files\Real
2008-01-03 20:37:59 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-03 20:26:55 0 d-------- C:\Program Files\Common Files\Corel
2008-01-03 20:09:58 7518 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-03 20:09:57 88 -r-hs---- C:\WINDOWS\system32\B04A70B156.sys
2008-01-03 20:08:31 104 -r-hs---- C:\WINDOWS\system32\56B1704AB0.sys
2008-01-03 19:46:02 0 d-------- C:\Program Files\Common Files\Scanner
2008-01-02 23:14:25 0 d-------- C:\Program Files\MSXML 6.0
2008-01-02 22:23:49 0 d-------- C:\Program Files\Starware325
2008-01-02 20:33:00 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-01-02 20:33:00 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-01-02 20:25:58 0 d-------- C:\Documents and Settings\JON SMITH\Application Data\Sunbelt Software
2008-01-02 18:01:47 0 d-------- C:\Documents and Settings\JON SMITH\Application Data\Intel
2008-01-01 19:04:39 28458458 --a------ C:\sdat5196.exe <Not Verified; McAfee, Inc.; McAfee Core Components>
2007-12-23 19:48:41 0 d-------- C:\Documents and Settings\JON SMITH\Application Data\SiteAdvisor
2007-12-23 18:46:08 0 d-------- C:\Program Files\SiteAdvisor
2007-12-23 18:44:41 0 d-------- C:\Documents and Settings\JON SMITH\Application Data\McAfee
2007-12-19 18:59:52 0 d-------- C:\Program Files\Dell Support Center
2007-12-19 18:58:20 0 d-------- C:\Program Files\Common Files\supportsoft
2007-12-19 17:37:40 28672 --a------ C:\WINDOWS\system32\tracker.dll <Not Verified; SidneyChong Inc; IdleTracker>
2007-12-19 17:37:40 337920 --a------ C:\WINDOWS\system32\PicShowXControl1.dll
2007-12-18 17:31:57 0 d-------- C:\Program Files\Dell
2007-12-18 17:23:33 0 d-------- C:\Program Files\GemMaster
2007-12-18 17:21:53 0 d-------- C:\Program Files\Coupons
2007-12-15 19:45:14 334848 --a------ C:\WINDOWS\system32\vtstt.dll
2007-12-11 18:00:56 0 d-------- C:\Documents and Settings\JON SMITH\Application Data\Image Zone Express


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
09/19/2007 06:15 AM 329032 --a------ C:\Program Files\McAfee\MSK\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44b89fac-fe2d-4629-a653-ae7180d87b3e}]
02/10/2008 09:38 PM 93248 --a------ C:\WINDOWS\system32\dxmhvefg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3E9D6C8-C2F2-4BD5-BA13-A8928702795D}]
12/15/2007 07:45 PM 334848 --a------ C:\WINDOWS\system32\vtstt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 01:01 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/13/2005 03:44 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/13/2005 03:41 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/13/2005 03:45 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04/06/2006 01:58 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 10:48 AM]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [10/31/2005 09:51 AM]
"MBMon"="CTMBHA.DLL" [03/03/2006 02:18 AM C:\WINDOWS\system32\CTMBHA.DLL]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 12:00 AM]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [01/02/2006 08:13 AM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 07:29 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 09:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 09:44 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [06/19/2006 06:09 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [05/31/2005 04:33 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 01:41 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [02/08/2007 08:39 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 10:33 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 12:59 PM]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 10:22 AM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [10/08/2007 02:18 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/08/2007 02:13 PM]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 04:19 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/10/2008 03:27 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 03:22 AM]
"6cf998c2"="C:\WINDOWS\system32\vicejwdb.dll" [02/10/2008 09:44 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 05:23 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 04:00 AM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/12/2007 03:34 PM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 09:23 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Bluetooth.lnk - C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe [4/12/2006 9:37:48 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [6/19/2006 5:50:54 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 3:21:22 AM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/28/2004 1036 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjgfe]
jkkjgfe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau C:\WINDOWS\system32\vtstt.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

*Newly Created Service* - KVSISQXVIRNA
*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SDTHOOK



-- Hosts -----------------------------------------------------------------------

192.168.1.64 HP000D9D1030C5
192.168.1.103 HP0017A430AC07


-- End of Deckard's System Scanner: finished at 2008-02-11 17:15:00 ------------



Incident Status Location

Spyware:spyware/virtumonde Not disinfected c:\windows\system32\vtstt.dll
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\JON SMITH\Cookies\jon_smith@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\JON SMITH\Cookies\jon_smith@adrevolver[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\JON SMITH\Cookies\jon_smith@adserver.easyad[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\JON SMITH\Cookies\jon_smith@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\JON SMITH\Cookies\jon_smith@atdmt[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\JON SMITH\Cookies\jon_smith@burstnet[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\JON SMITH\Cookies\jon_smith@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\JON SMITH\Cookies\jon_smith@fastclick[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\JON SMITH\Cookies\jon_smith@overture[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\JON SMITH\Cookies\jon_smith@realmedia[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\JON SMITH\Cookies\jon_smith@tribalfusion[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\JON SMITH\Cookies\jon_smith@zedo[2].txt


Thanks for the help.
Attached Files
File Type: txt extra.txt (29.1 KB, 2 views)
File Type: txt Activescan.txt (5.0 KB, 2 views)
roadrunr57 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 02-14-2008, 03:17 PM   #2 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: USA
Posts: 7,450
OS: XP SP3


Re: Please help spyware and trojans killing comp.
Hello and welcome to TSF.

We'll begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
__________________
My services are free. However, you can donate to TSF to help keep it running.




Member of ASAP since 2005
Member of UNITE since 2006
amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-14-2008, 06:52 PM   #3 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 7
OS: win xp


Re: Please help spyware and trojans killing comp.
ran combofix,awaiting next step here are the new logs. thanks for the help.
ComboFix 08-02-15.1 - JON SMITH 2008-02-14 19:05:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.268 [GMT -6:00]
Running from: C:\Documents and Settings\JON SMITH\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\vtstt.dll
C:\Documents and Settings\All Users\Application Data\Starware325
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\1499_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\1499_button_1b_over.bmp
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\WeatherHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware325\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware325\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware325\contexts\travel.xml
C:\Program Files\Starware325
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\acbthfxb.dll
C:\WINDOWS\system32\aegoucbr.ini
C:\WINDOWS\system32\bdwjeciv.ini
C:\WINDOWS\system32\bpwfmngr.ini
C:\WINDOWS\system32\bwtaivyw.dll
C:\WINDOWS\system32\chqmovib.dll
C:\WINDOWS\system32\ckwhtogq.ini
C:\WINDOWS\system32\dsdnsmrp.ini
C:\WINDOWS\system32\dvtnjeqe.ini
C:\WINDOWS\system32\ecktkojl.ini
C:\WINDOWS\system32\eowcrdci.ini
C:\WINDOWS\system32\fhmavsjl.dll
C:\WINDOWS\system32\htbsbncp.ini
C:\WINDOWS\system32\imjypqjq.ini
C:\WINDOWS\system32\ioyxqbdh.dll
C:\WINDOWS\system32\iqxulvln.ini
C:\WINDOWS\system32\jhtnafem.ini
C:\WINDOWS\system32\jjviysbi.dll
C:\WINDOWS\system32\jxixxxso.ini
C:\WINDOWS\system32\kypaxmms.dll
C:\WINDOWS\system32\mbaevmbp.ini
C:\WINDOWS\system32\mckhgkry.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdrwbatx.ini
C:\WINDOWS\system32\nlvluxqi.dll
C:\WINDOWS\system32\nokymvdx.dll
C:\WINDOWS\system32\otstavcw.ini
C:\WINDOWS\system32\pdqvjsxy.ini
C:\WINDOWS\system32\pduqeufq.ini
C:\WINDOWS\system32\pmsbdcfb.ini
C:\WINDOWS\system32\rionripp.ini
C:\WINDOWS\system32\sgkbocfk.dll
C:\WINDOWS\system32\sstlovqg.ini
C:\WINDOWS\system32\sxissexe.ini
C:\WINDOWS\system32\tpbgrvmp.dll
C:\WINDOWS\system32\ttstv.ini
C:\WINDOWS\system32\ttstv.ini2
C:\WINDOWS\system32\ustdmccu.ini
C:\WINDOWS\system32\vtstt.dll
C:\WINDOWS\system32\wnehaecb.ini
C:\WINDOWS\system32\wyctmhju.ini
C:\WINDOWS\system32\ytkbudwc.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.

2008-02-11 06:32 . 2008-02-11 06:32 <DIR> d-------- C:\ie-spyad_zo
2008-02-11 06:29 . 2008-02-11 06:29 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-11 06:29 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-02-10 22:04 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-02-10 22:03 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\kvsisqxvirna.sys
2008-02-10 21:46 . 2008-02-10 21:46 10,834,944 --a------ C:\WINDOWS\system32\600.tmp
2008-02-10 21:34 . 2008-02-10 21:58 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-10 21:34 . 2008-02-10 21:58 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-10 21:34 . 2008-02-10 21:58 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-10 21:33 . 2008-02-10 23:08 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-10 20:31 . 2008-02-10 20:31 <DIR> d-------- C:\Deckard
2008-02-04 23:37 . 2008-02-13 16:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-04 23:37 . 2008-02-04 23:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-04 23:34 . 2008-02-10 22:40 <DIR> d-------- C:\Program Files\iTunes
2008-02-04 23:27 . 2008-02-04 23:29 <DIR> d-------- C:\Program Files\QuickTime
2008-02-04 23:11 . 2008-02-04 23:14 <DIR> d-------- C:\Program Files\Motorola
2008-02-04 18:24 . 2008-02-09 21:37 118 --a------ C:\WINDOWS\BM6fcaab5e.xml
2008-02-04 18:23 . 2008-02-12 21:38 22 --a------ C:\WINDOWS\pskt.ini
2008-02-03 21:57 . 2008-02-05 16:15 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-30 21:29 . 2008-02-05 16:14 2,811,680 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-30 21:29 . 2008-02-05 16:14 353,056 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-30 21:29 . 2008-02-05 16:14 39,776 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-30 21:29 . 2008-02-05 16:14 35,216 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-30 21:20 . 2008-01-30 21:20 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-30 21:20 . 2008-01-30 21:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-30 21:17 . 2008-01-30 21:17 <DIR> d-------- C:\KAV
2008-01-30 20:44 . 2008-01-30 20:44 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-01-30 20:08 . 2008-01-31 06:41 <DIR> d-------- C:\VundoFix Backups
2008-01-30 19:29 . 2008-01-30 19:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-29 16:43 . 2008-01-29 16:42 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-29 16:42 . 2008-01-29 16:47 <DIR> d-------- C:\Documents and Settings\JON SMITH\.housecall6.6
2008-01-16 16:26 . 2008-01-16 16:26 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-11 04:37 --------- d-----w C:\Program Files\Digital Line Detect
2008-02-11 03:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-02-05 05:35 --------- d-----w C:\Program Files\iPod
2008-02-05 05:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 03:55 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-01-31 19:36 --------- d-----w C:\Program Files\McAfee
2008-01-31 02:45 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-01-30 22:35 --------- d-----w C:\Documents and Settings\JON SMITH\Application Data\AdobeUM
2008-01-29 22:41 --------- d-----w C:\Program Files\Java
2008-01-28 23:29 --------- d-----w C:\Program Files\DIGStream
2008-01-15 00:37 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-01-15 00:33 --------- d-----w C:\Program Files\Avanquest update
2008-01-15 00:33 --------- d-----w C:\Documents and Settings\JON SMITH\Application Data\InstallShield
2008-01-15 00:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-01-07 01:07 --------- d-----w C:\Program Files\Yahoo!
2008-01-07 00:54 --------- d-----w C:\Program Files\SBC Yahoo!
2008-01-06 21:08 --------- d-----w C:\Documents and Settings\LocalService\Application Data\McAfee
2008-01-05 01:51 --------- d-----w C:\Documents and Settings\JON SMITH\Application Data\MSNInstaller
2008-01-04 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\logs
2008-01-04 02:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2008-01-04 02:46 --------- d-----w C:\Program Files\Common Files\Real
2008-01-04 02:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-04 02:26 --------- d-----w C:\Program Files\Common Files\Corel
2008-01-04 01:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-04 01:46 --------- d-----w C:\Program Files\Common Files\Scanner
2008-01-03 05:14 --------- d-----w C:\Program Files\MSXML 6.0
2008-01-03 02:25 --------- d-----w C:\Documents and Settings\JON SMITH\Application Data\Sunbelt Software
2008-01-03 00:30 21,361 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-03 00:30 21,361 ----a-w C:\WINDOWS\AegisP.sys
2008-01-03 00:06 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-01-03 00:06 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2008-01-03 00:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Intel
2008-01-03 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-01-03 00:01 --------- d-----w C:\Documents and Settings\JON SMITH\Application Data\Intel
2008-01-02 01:04 28,458,458 ----a-w C:\sdat5196.exe
2007-12-24 01:48 --------- d-----w C:\Documents and Settings\JON SMITH\Application Data\SiteAdvisor
2007-12-24 00:46 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-24 00:44 --------- d-----w C:\Documents and Settings\JON SMITH\Application Data\McAfee
2007-12-22 23:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-20 01:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2007-12-20 01:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-12-20 00:59 --------- d-----w C:\Program Files\Dell Support Center
2007-12-20 00:58 --------- d-----w C:\Program Files\Common Files\supportsoft
2007-12-20 00:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\YAHOO
2007-12-18 23:31 --------- d-----w C:\Program Files\Dell
2007-12-18 23:23 --------- d-----w C:\Program Files\GemMaster
2007-12-18 23:21 --------- d-----w C:\Program Files\Coupons
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-08-03 00:50 24,192 ----a-w C:\Documents and Settings\JON SMITH\usbsermptxp.sys
2007-08-03 00:50 22,768 ----a-w C:\Documents and Settings\JON SMITH\usbsermpt.sys
2007-08-02 00:35 92,064 ----a-w C:\Documents and Settings\JON SMITH\mqdmmdm.sys
2007-08-02 00:35 9,232 ----a-w C:\Documents and Settings\JON SMITH\mqdmmdfl.sys
2007-08-02 00:35 79,328 ----a-w C:\Documents and Settings\JON SMITH\mqdmserd.sys
2007-08-02 00:35 66,656 ----a-w C:\Documents and Settings\JON SMITH\mqdmbus.sys
2007-08-02 00:35 6,208 ----a-w C:\Documents and Settings\JON SMITH\mqdmcmnt.sys
2007-08-02 00:35 5,936 ----a-w C:\Documents and Settings\JON SMITH\mqdmwhnt.sys
2007-08-02 00:35 4,048 ----a-w C:\Documents and Settings\JON SMITH\mqdmcr.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1ba37e9-5740-4415-a4da-7328b123ec23}]
C:\WINDOWS\system32\tslfdqvj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23 102400]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00 15360]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-12 15:34 68856]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 15:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 15:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 15:45 118784]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 13:58 1032192]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 10:48 761947]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 09:51 57344]
"MBMon"="CTMBHA.DLL" [2006-03-03 02:18 1355938 C:\WINDOWS\system32\CTMBHA.DLL]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2006-01-02 08:13 1126400]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 19:29 49152]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-06-19 18:09 169472]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33 122941]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-02-08 20:39 36904]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 12:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 10:22 20480]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 14:18 995328]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 14:13 1101824]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19 129536]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Bluetooth.lnk - C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe [2006-04-12 09:37:48 643133]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-06-19 17:50:54 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22 288472]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 2236 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjgfe]
jkkjgfe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
S2 0121831202942955mcinstcleanup;McAfee Application Installer Cleanup (0121831202942955);C:\WINDOWS\TEMP\012183~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []
S3 AngelUsb;Angel USB MPEG Device;C:\WINDOWS\system32\DRIVERS\AngelUsb.sys [2006-02-03 18:25]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 13:31]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 18:03]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-02-27 13:31]
S3 shwMirror;shwMirror;C:\WINDOWS\system32\DRIVERS\shwMirror.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - 0121831202942955MCINSTCLEANUP
.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 01:36:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-15 07:22:04 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-02-01 07:01:10 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 19:15:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\Rundll32.exe
C:\DOCUME~1\JONSMI~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-02-14 19:20:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-15 01:20:00
.
2008-02-13 09:10:05 --- E O F ---






Deckard's System Scanner v20071014.68
Run by JON SMITH on 2008-02-14 19:44:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as JON SMITH.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:21 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\DOCUME~1\JONSMI~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\JON SMITH\My Documents\software\dss.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JON SMITH.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: {32ce321b-8237-ad4a-5144-04759e73ab1a} - {a1ba37e9-5740-4415-a4da-7328b123ec23} - C:\WINDOWS\system32\tslfdqvj.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1151727849984
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...96/mcfscan.cab
O18 - Filter hijack: text/xml - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: jkkjgfe - jkkjgfe.dll (file missing)
O23 - Service: McAfee Application Installer Cleanup (0121831202942955) (0121831202942955mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\012183~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 15159 bytes

-- Files created between 2008-01-14 and 2008-02-14 -----------------------------

2008-02-14 19:45:15 0 d-------- C:\Program Files\Trend Micro
2008-02-14 19:29:53 0 d-------- C:\WINDOWS\LastGood
2008-02-14 18:48:05 0 dr-hs---- C:\cmdcons
2008-02-14 18:48:04 0 d-------- C:\WINDOWS\setup.pss
2008-02-14 18:47:42 0 d-------- C:\WINDOWS\setupupd
2008-02-14 18:36:06 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-14 18:36:06 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-14 18:36:06 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-14 18:36:06 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-11 06:32:46 0 d-------- C:\ie-spyad_zo
2008-02-11 06:29:44 0 d-------- C:\Program Files\SpywareBlaster
2008-02-10 22:04:53 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-02-10 22:03:06 8576 --a------ C:\WINDOWS\system32\drivers\kvsisqxvirna.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-02-10 21:33:52 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-04 23:34:52 0 d-------- C:\Program Files\iTunes
2008-02-04 23:27:23 0 d-------- C:\Program Files\QuickTime
2008-02-04 23:11:58 44304 --a------ C:\WINDOWS\system32\msrpfs35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-04 23:11:58 344064 --a------ C:\WINDOWS\system32\msexch35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-04 23:11:57 294912 --a------ C:\WINDOWS\system32\msxbse35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-04 23:11:57 166672 --a------ C:\WINDOWS\system32\mstext35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-04 23:11:57 250128 --a------ C:\WINDOWS\system32\mspdox35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-04 23:11:57 39424 --a------ C:\WINDOWS\system32\JETCOMP.exe <Not Verified; Microsoft Corporation; Microsoft® Database Compact Utility>
2008-02-04 23:11:56 168720 --a------ C:\WINDOWS\system32\msltus35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-04 23:11:56 1238288 --a------ C:\WINDOWS\system32\msjt4jlt.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-04 23:11:56 252688 --a------ C:\WINDOWS\system32\msexcl35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-04 23:11:42 0 d-------- C:\Program Files\Motorola
2008-02-03 21:57:43 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-01-30 21:29:58 353056 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-30 21:29:58 2811680 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-30 21:20:43 0 d-------- C:\Program Files\Kaspersky Lab
2008-01-30 21:20:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-30 21:17:21 0 d-------- C:\KAV
2008-01-30 20:44:47 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-01-30 20:08:53 0 d-------- C:\VundoFix Backups
2008-01-30 19:29:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-29 16:42:39 0 d-------- C:\Documents and Settings\JON SMITH\.housecall6.6
2008-01-16 16:26:28 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-01-14 18:33:25 0 d-------- C:\Program Files\Avanquest update
2008-01-14 18:33:20 0 d-------- C:\Documents and Settings\JON SMITH\Application Data\InstallShield


-- Find3M Report ---------------------------------------------------------------

2008-02-10 22:42:19 0 d-------- C:\Program Files\Messenger
2008-02-10 22:37:04 0 d-------- C:\Program Files\Digital Line Detect
2008-02-05 16:33:21 0 d-------- C:\Documents and Settings\JON SMITH\Application Data\Adobe
2008-02-04 23:35:23 0 d-------- C:\Program Files\iPod
2008-02-04 23:11:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-03 21:55:59 0 d-------- C:\Program Files\Common Files\BitDefender
2008-01-31 13:36:41 0 d-------- C:\Program Files\McAfee
2008-01-30 19:29:32 0 d-------- C:\Program Files\Common Files
2008-01-30 16:35:08 0 d-------- C:\Documents and Settings\JON SMITH\Application Data\AdobeUM
2008-01-29 16:41:18 0 d-------- C:\Program Files\Java
2008-01-28 17:29:24 0 d-------- C:\Program Files\DIGStream
2008-01-14 18:37:07 0 d-------- C:\Program Files\Motorola Phone Tools
2008-01-06 19:07:48 0 d-------- C:\Program Files\Yahoo!
2008-01-06 18:54:26 0 d-------- C:\Program Files\SBC Yahoo!
2008-01-04 19:51:49 0 d-------- C:\Documents and Settings\JON SMITH\Application Data\MSNInstaller
2008-01-03 20:46:49 0 d-------- C:\Program Files\Common Files\Real
2008-01-03 20:37:59 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-03 20:26:55 0 d-------- C:\Program Files\Common Files\Corel
2008-01-03 20:09:58 7518 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-03 20:09:57 88 -r-hs---- C:\WINDOWS\system32\B04A70B156.sys
2008-01-03 20:08:31 104 -r-hs---- C:\WINDOWS\system32\56B1704AB0.sys
2008-01-03 19:46:02 0 d-------- C:\Program Files\Common Files\Scanner
2008-01-02 23:14:25 0 d-------- C:\Program Files\MSXML 6.0
2008-01-02 20:33:00 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-01-02 20:33:00 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-01-02 20:25:58 0 d-------- C:\Documents and Settings\JON SMITH\Application Data\Sunbelt Software
2008-01-02 18:01:47 0 d-------- C:\Documents and Settings\JON SMITH\Application Data\Intel
2008-01-01 19:04:39 28458458 --a------ C:\sdat5196.exe <Not Verified; McAfee, Inc.; McAfee Core Components>
2007-12-23 19:48:41 0 d-------- C:\Documents and Settings\JON SMITH\Application Data\SiteAdvisor
2007-12-23 18:46:08 0 d-------- C:\Program Files\SiteAdvisor
2007-12-23 18:44:41 0 d-------- C:\Documents and Settings\JON SMITH\Application Data\McAfee
2007-12-19 18:59:52 0 d-------- C:\Program Files\Dell Support Center
2007-12-19 18:58:20 0 d-------- C:\Program Files\Common Files\supportsoft
2007-12-19 17:37:40 28672 --a------ C:\WINDOWS\system32\tracker.dll <Not Verified; SidneyChong Inc; IdleTracker>
2007-12-19 17:37:40 337920 --a------ C:\WINDOWS\system32\PicShowXControl1.dll
2007-12-18 17:31:57 0 d-------- C:\Program Files\Dell
2007-12-18 17:23:33 0 d-------- C:\Program Files\GemMaster
2007-12-18 17:21:53 0 d-------- C:\Program Files\Coupons


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
09/19/2007 06:15 AM 329032 --a------ C:\Program Files\McAfee\MSK\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1ba37e9-5740-4415-a4da-7328b123ec23}]
C:\WINDOWS\system32\tslfdqvj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 01:01 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/13/2005 03:44 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/13/2005 03:41 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/13/2005 03:45 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04/06/2006 01:58 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 10:48 AM]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [10/31/2005 09:51 AM]
"MBMon"="CTMBHA.DLL" [03/03/2006 02:18 AM C:\WINDOWS\system32\CTMBHA.DLL]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 12:00 AM]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [01/02/2006 08:13 AM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 07:29 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 09:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 09:44 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [06/19/2006 06:09 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [05/31/2005 04:33 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 01:41 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [02/08/2007 08:39 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 10:33 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 12:59 PM]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 10:22 AM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [10/08/2007 02:18 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/08/2007 02:13 PM]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 04:19 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/10/2008 03:27 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 03:22 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 05:23 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 04:00 AM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/12/2007 03:34 PM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 09:23 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Bluetooth.lnk - C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe [4/12/2006 9:37:48 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [6/19/2006 5:50:54 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 3:21:22 AM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/28/2004 1036 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjgfe]
jkkjgfe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

*Newly Created Service* - 0121831202942955MCINSTCLEANUP



-- End of Deckard's System Scanner: finished at 2008-02-14 19:47:04 ------------
roadrunr57 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-14-2008, 08:23 PM   #4 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: USA
Posts: 7,450
OS: XP SP3


Re: Please help spyware and trojans killing comp.
Hi,

Please scan with HijackThis again and put a checkmark against the following entries:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: {32ce321b-8237-ad4a-5144-04759e73ab1a} - {a1ba37e9-5740-4415-a4da-7328b123ec23} - C:\WINDOWS\system32\tslfdqvj.dll (file missing)
O18 - Filter hijack: text/xml - (no CLSID) - (no file)
O20 - Winlogon Notify: jkkjgfe - jkkjgfe.dll (file missing)


Close all browsers and windows other than HijackThis and click on "fix checked".

=======================================

Submit a file to Jotti
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the filepath, copy and paste this filepath:

C:\sdat5196.exe

Then hit Submit
The scan will take a while before the result comes up so please be patient.
Then copy the result and post it here in this thread.

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustotal.com/xhtml/index_en.html

====================================

Open notepad (Start>All programs>accessories>notepad ). and copy/paste the text in the quotebox below into it (It must be notepad, not wordpad, or it won't work):

Code:
File::
C:\WINDOWS\BM6fcaab5e.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\VundoFixSVC.exe
C:\sdat5196.exe
C:\WINDOWS\system32\600.tmp

Folder::
C:\VundoFix Backups
Save this as CFScript.txt



Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

================================

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u4.
  • Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • In the pull down menu next to Platform select Windows
  • Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement"
  • Click Continue
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u4-windowsi586-p.exe to install the newest version.

=================================

Please post the combofix.txt and a fresh HijackThis log.
__________________
My services are free. However, you can donate to TSF to help keep it running.




Member of ASAP since 2005
Member of UNITE since 2006
amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-14-2008, 10:17 PM   #5 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 7
OS: win xp


Re: Please help spyware and trojans killing comp.
here is the jotti log.
Last file scanned at least one scanner reported something about: iuVCR_v4.17.0.408_rus_Patch.exe (MD5: 243e60c57123f6704fe3b573f2883ba6, size: 48640 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir X
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
CPsecure X
Dr.Web Trojan.MulDrop.11168
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Ikarus Backdoor.Pigeon.6620
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Rising Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 X


here is the combo fix log.
ComboFix 08-02-15.1 - JON SMITH 2008-02-14 22:26:20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.423 [GMT -6:00]
Running from: C:\Documents and Settings\JON SMITH\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\JON SMITH\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\sdat5196.exe
C:\WINDOWS\BM6fcaab5e.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\600.tmp
C:\WINDOWS\system32\VundoFixSVC.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\sdat5196.exe
C:\VundoFix Backups
C:\VundoFix Backups\wgivxuyn.ini.bad
C:\VundoFix Backups\wgivxuyn.ini2.bad
C:\VundoFix Backups\wgivxuyn.tmp.bad
C:\WINDOWS\BM6fcaab5e.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\600.tmp
C:\WINDOWS\system32\VundoFixSVC.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.

2008-02-14 19:45 . 2008-02-14 19:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-11 06:32 . 2008-02-11 06:32 <DIR> d-------- C:\ie-spyad_zo
2008-02-11 06:29 . 2008-02-11 06:29 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-11 06:29 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-02-10 22:04 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-02-10 22:03 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\kvsisqxvirna.sys
2008-02-10 21:34 . 2008-02-10 21:58 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-10 21:34 . 2008-02-10 21:58 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-10 21:34 . 2008-02-10 21:58 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-10 21:33 . 2008-02-10 23:08 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-10 20:31 . 2008-02-10 20:31 <DIR> d-------- C:\Deckard
2008-02-04 23:37 . 2008-02-14 19:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-04 23:37 . 2008-02-04 23:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-04 23:34 . 2008-02-10 22:40 <DIR> d-------- C:\Program Files\iTunes
2008-02-04 23:27 . 2008-02-04 23:29 <DIR> d-------- C:\Program Files\QuickTime
2008-02-04 23:11 . 2008-02-04 23:14 <DIR> d-------- C:\Program Files\Motorola
2008-02-03 21:57 . 2008-02-05 16:15 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-30 21:29 . 2008-02-05 16:14 2,811,680 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-30 21:29 . 2008-02-05 16:14 353,056 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-30 21:29 . 2008-02-05 16:14 39,776 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-30 21:29 . 2008-02-05 16:14 35,216 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-30 21:20 . 2008-01-30 21:20 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-30 21:20 . 2008-01-30 21:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-30 21:17 . 2008-01-30 21:17 <DIR> d-------- C:\KAV
2008-01-30 19:29 . 2008-01-30 19:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-29 16:43 . 2008-01-29 16:42 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-29 16:42 . 2008-01-29 16:47 <DIR> d-------- C:\Documents and Settings\JON SMITH\.housecall6.6
2008-01-16 16:26 . 2008-01-16 16:26 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-11 04:37 --------- d-----w C:\Program Files\Digital Line Detect
2008-02-11 03:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-02-05 05:35 --------- d-----w C:\Program Files\iPod
2008-02-05 05:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 03:55 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-01-31 19:36 --------- d-----w C:\Program Files\McAfee
2008-01-31 02:45 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-01-30 22:35 --------- d-----w C:\Documents and Settings\JON SMITH\Application Data\AdobeUM
2008-01-29 22:41 --------- d-----w C:\Program Files\Java
2008-01-28 23:29 --------- d-----w C:\Program Files\DIGStream
2008-01-15 00:37 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-01-15 00:33 --------- d-----w C:\Program Files\Avanquest update
2008-01-15 00:33 --------- d-----w C:\Documents and Settings\JON SMITH\Application Data\InstallShield
2008-01-15 00:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-01-07 01:07 --------- d-----w C:\Program Files\Yahoo!
2008-01-07 00:54 --------- d-----w C:\Program Files\SBC Yahoo!
2008-01-06 21:08 --------- d-----w C:\Documents and Settings\LocalService\Application Data\McAfee
2008-01-05 01:51 --------- d-----w C:\Documents and Settings\JON SMITH\Application Data\MSNInstaller
2008-01-04 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\logs
2008-01-04 02:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2008-01-04 02:46 --------- d-----w C:\Program Files\Common Files\Real
2008-01-04 02:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-04 02:26 --------- d-----w C:\Program Files\Common Files\Corel
2008-01-04 01:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-04 01:46 --------- d-----w C:\Program Files\Common Files\Scanner
2008-01-03 05:14 --------- d-----w C:\Program Files\MSXML 6.0
2008-01-03 02:25 --------- d-----w C:\Documents and Settings\JON SMITH\Application Data\Sunbelt Software
2008-01-03 00:30 21,361 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-03 00:30 21,361 ----a-w C:\WINDOWS\AegisP.sys
2008-01-03 00:06 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-01-03 00:06 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2008-01-03 00:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Intel
2008-01-03 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-01-03 00:01 --------- d-----w C:\Documents and Settings\JON SMITH\Application Data\Intel
2007-12-24 01:48 --------- d-----w C:\Documents and Settings\JON SMITH\Application Data\SiteAdvisor
2007-12-24 00:46 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-24 00:44 --------- d-----w C:\Documents and Settings\JON SMITH\Application Data\McAfee
2007-12-22 23:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-20 01:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2007-12-20 01:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-12-20 00:59 --------- d-----w C:\Program Files\Dell Support Center
2007-12-20 00:58 --------- d-----w C:\Program Files\Common Files\supportsoft
2007-12-20 00:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\YAHOO
2007-12-18 23:31 --------- d-----w C:\Program Files\Dell
2007-12-18 23:23 --------- d-----w C:\Program Files\GemMaster
2007-12-18 23:21 --------- d-----w C:\Program Files\Coupons
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-08-03 00:50 24,192 ----a-w C:\Documents and Settings\JON SMITH\usbsermptxp.sys
2007-08-03 00:50 22,768 ----a-w C:\Documents and Settings\JON SMITH\usbsermpt.sys
2007-08-02 00:35 92,064 ----a-w C:\Documents and Settings\JON SMITH\mqdmmdm.sys
2007-08-02 00:35 9,232 ----a-w C:\Documents and Settings\JON SMITH\mqdmmdfl.sys
2007-08-02 00:35 79,328 ----a-w C:\Documents and Settings\JON SMITH\mqdmserd.sys
2007-08-02 00:35 66,656 ----a-w C:\Documents and Settings\JON SMITH\mqdmbus.sys
2007-08-02 00:35 6,208 ----a-w C:\Documents and Settings\JON SMITH\mqdmcmnt.sys
2007-08-02 00:35 5,936 ----a-w C:\Documents and Settings\JON SMITH\mqdmwhnt.sys
2007-08-02 00:35 4,048 ----a-w C:\Documents and Settings\JON SMITH\mqdmcr.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23 102400]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00 15360]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-12 15:34 68856]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 15:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 15:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 15:45 118784]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 13:58 1032192]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 10:48 761947]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 09:51 57344]
"MBMon"="CTMBHA.DLL" [2006-03-03 02:18 1355938 C:\WINDOWS\system32\CTMBHA.DLL]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2006-01-02 08:13 1126400]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 19:29 49152]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-06-19 18:09 169472]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33 122941]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-02-08 20:39 36904]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 12:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 10:22 20480]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 14:18 995328]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 14:13 1101824]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19 129536]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Bluetooth.lnk - C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe [2006-04-12 09:37:48 643133]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-06-19 17:50:54 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22 288472]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 2236 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
S2 0121831202942955mcinstcleanup;McAfee Application Installer Cleanup (0121831202942955);C:\WINDOWS\TEMP\012183~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []
S3 AngelUsb;Angel USB MPEG Device;C:\WINDOWS\system32\DRIVERS\AngelUsb.sys [2006-02-03 18:25]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 13:31]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 18:03]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-02-27 13:31]
S3 shwMirror;shwMirror;C:\WINDOWS\system32\DRIVERS\shwMirror.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 01:36:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-15 07:22:04 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-02-01 07:01:10 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 22:32:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\Rundll32.exe
C:\DOCUME~1\JONSMI~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-02-14 22:36:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-15 04:36:02
ComboFix2.txt 2008-02-15 01:20:05
.
2008-02-13 09:10:05 --- E O F ---


here is a fresh hijackthis log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1144 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\DOCUME~1\JONSMI~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1151727849984
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...96/mcfscan.cab
O18 - Filter hijack: text/xml - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0121831202942955) (0121831202942955mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\012183~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14742 bytes


tried to reinstall java from download to desktop, windows could not find appropriate program to open it. clicked -on find appropriate prog on web and it freezes up.
roadrunr57 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-15-2008, 07:12 AM   #6 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: USA
Posts: 7,450
OS: XP SP3


Re: Please help spyware and trojans killing comp.
Quote:
tried to reinstall java from download to desktop, windows could not find appropriate program to open it. clicked -on find appropriate prog on web and it freezes up.
This line in your log suggest that there are some group policies set . Did you set these restrictions yourself or are you part of a network where a LAN admin might have set them?

C:\WINDOWS\system32\GroupPolicy
__________________
My services are free. However, you can donate to TSF to help keep it running.




Member of ASAP since 2005
Member of UNITE since 2006
amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-15-2008, 07:28 PM   #7 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 7
OS: win xp


Re: Please help spyware and trojans killing comp.
not to my knowledge it is my personal comp. , on my home network.
roadrunr57 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-15-2008, 08:20 PM   #8 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: USA
Posts: 7,450
OS: XP SP3


Re: Please help spyware and trojans killing comp.
Hi,

Are you the original owner of the computer? Has it ever been used in a network?

Anyway, you can try the online installation option for Java. Visit the same page in my previous instructions, but select the "online installation" option. Later, when the computer is clean, you can take up this issue with the Windows XP forum.

Open notepad. It must be notepad, not wordpad.
Copy and paste the text inside the code box below into notepad, including the blank line at the end. Make sure that wordwrap is turned off in notepad - click the format menu and uncheck wordwrap.
Choose file save as and set file type to all files.
Type fixreg.reg in the file name and save it to your desktop. It should look like this:

Quote:
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml]
Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Close notepad. Make sure that all windows are closed.

Find the fixreg.reg file on your desktop.
Double click it.
It will then ask if you want the file merged to your registry.
Answer yes.

============================

Reboot your computer.

============================

Go to Start>Control Panel>Add/Remove Programs and remove if Kaspersky online scanner is present prior to downloading the most up-to-date one.

Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
  • Scan using the following Anti-Virus database:
  • Standard
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
  • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop in txt format.

Copy and paste that information from Kapersky in your next post.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans for no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Or use Firefox with IE-Tab plugin

=================================

Please post back the Kaspersky results and a fresh HijackThis log.
__________________
My services are free. However, you can donate to TSF to help keep it running.




Member of ASAP since 2005
Member of UNITE since 2006
amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-17-2008, 02:14 PM   #9 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 7
OS: win xp


Re: Please help spyware and trojans killing comp.
here is the requested logs.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:12:25 PM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\DOCUME~1\JONSMI~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1151727849984
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...96/mcfscan.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0061891203232116) (0061891203232116mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\006189~1.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14614 bytes


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 17, 2008 11:27:33 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/02/2008
Kaspersky Anti-Virus database records: 527592
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
X:\

Scan Statistics:
Total number of scanned objects: 67598
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:15:36

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{97B87D1A-696C-4783-B676-5AEF8D23ABA9}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR2C.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\JON SMITH\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\JON SMITH\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\JON SMITH\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\JON SMITH\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\JON SMITH\Application Data\McAfee\MBK\ARBUSFILE.GDB Object is locked skipped
C:\Documents and Settings\JON SMITH\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\ApplicationHistory\McAfeeDataBackup.exe.e548c4c.ini.inuse Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Application Data\SupportSoft\DellSupportCenter\JON SMITH\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\History\History.IE5\MSHist012008021620080217\index.dat Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Temp\clclean.0001.dir.0003\~efe2.tmp Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Temp\fb_2644.lck Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Temp\~DF69C1.tmp Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Temp\~DFDCE5.tmp Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\JON SMITH\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\JON SMITH\ntuser.dat Object is locked skipped
C:\Documents and Settings\JON SMITH\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP22\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{40B90B23-7FED-4CED-9643-374238043A8D}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{00EE5618-B344-442D-9F84-DE89FA61F408}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\fb_784.lck Object is locked skipped
C:\WINDOWS\Temp\mcafee_0JNadiPN1zyfaOC Object is locked skipped
C:\WINDOWS\Temp\mcmsc_8j92RiW0NKodtk1 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_KTjelnmb1WbdssW Object is locked skipped
C:\WINDOWS\Temp\mcmsc_STclWQy2wnaj94Q Object is locked skipped
C:\WINDOWS\Temp\sqlite_5MGZ1rqsfZOjbyb Object is locked skipped
C:\WINDOWS\Temp\sqlite_JsmMwZEg1TZB1eL Object is locked skipped
C:\WINDOWS\Temp\sqlite_xsBeweVQVtuXoZC Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
roadrunr57 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-17-2008, 02:23 PM   #10 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 7
OS: win xp


Re: Please help spyware and trojans killing comp.
yes i bought the computer brand new from dell. the only network this has been used on was this one at home and maybe a few hotels.
roadrunr57 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-17-2008, 04:11 PM   #11 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: USA
Posts: 7,450
OS: XP SP3


Re: Please help spyware and trojans killing comp.
The logs are clean. Were you able to remove the old versions of Java and install the latest? Can you take a peek inside that Group Policy folder and let me know what's in there?
__________________
My services are free. However, you can donate to TSF to help keep it running.




Member of ASAP since 2005
Member of UNITE since 2006
amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-17-2008, 10:34 PM   #12 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 7
OS: win xp


Re: Please help spyware and trojans killing comp.
have no idea where this came from, one folder with machine on it, and o bytes in it. one folder with user on it and 0 bytes in it. one gpt.ini file all where created on 1/16/2008.
shows date accessed with 2/17/2008. i was able to remove and install latest versions of java. since we started this i seem to be gettingerrors on ie. for example a runtime error has occured do you wish to debug, and on this tech support page, i get two. gat is undefined and object expected. seem to be getting this on almost every page i visit.
thanks for your help.
roadrunr57 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-18-2008, 06:50 AM   #13 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: USA
Posts: 7,450
OS: XP SP3


Re: Please help spyware and trojans killing comp.
Hi,

As far as malware is concerned, the logs are clean. I would suggest that you bring the other issues up with the XP forum. They have the expertise to help you with such problems. Please give them the link to this thread so that they'll know what has taken place.

Now that your logs are clean, you can go ahead and perform the following steps:
  • Click Start then Run
  • Now type Combofix /u in the runbox and click OK. Notice the space between the Combofix and the /



    This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore to prevent reinfection from old restore points.

Here are some steps to make your surfing more secure in future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Avoid illegal sites, because that's where most malware is present.

* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Keep your antivirus-program up-to-date and do regular scans with it. Please make sure that you have only one active antivirus program on your system.

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site http://windowsupdate.microsoft.com/ to get the critical updates.

If you are running Microsoft, or any portion thereof, go to the Microsoft's Office Update site http://office.microsoft.com/officeup....aspx?lc=en-us and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

The following free realtime pestscanners prevent a number of malware-variants from entering your computer, in the first place:

SpywareBlaster A tutorial on installing & using this product can be found here: http://www.bleepingcomputer.com/forums/tutorial49.html
SpywareGuard here

If you haven't got one, already, install a firewall and keep it up-to-date. Please make sure that you have only one active firewall on your system.

A firewall will prevent unauthorized contact between your computer and internet. A tutorial on Firewalls and a listing of some available ones can be found here:
http://forum.malwareremoval.com/viewtopic.php?p=56#56
http://www.bleepingcomputer.com/forums/tutorial60.html

Test your firewall here to make sure that it's working properly

Ccleaner is a useful utility to clean the temporary files and cookies on a regular basis. Tutorial for CCleaner will explain how to use it. Note: Don't use the Registry (formerly Issues) block as it deals with the registry and can be dangerous.

But above all, keep all your software UP-TO-DATE at all time!!

A colleague of ours has excellent information and tips on the prevention of malware here and more on improving speed/system performance after malware removal here .

If you want to fight back the Malware Writers, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

Happy Surfing!
__________________
My services are free. However, you can donate to TSF to help keep it running.




Member of ASAP since 2005
Member of UNITE since 2006
amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 11:35 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85