Jump to content

Help Malwarebytes Log and HiJack This Log


Recommended Posts

Help!!! A couple of nights ago I was on the internet when the WinPC Antivirus file came up - I know to cancel these, but I have a tremmor which got the better of me that night....

Anyway, after much frustration, here is where I am now and I am not sure which step to take now.....

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:59:16 PM, on 5/26/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:Program FilesIntelWirelessBinS24EvMon.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilesAdobePhotoshop Elements 4.0PhotoshopElementsFileAgent.exe

C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

C:Program FilesBonjourmDNSResponder.exe

C:Program FilesIntelWirelessBinEvtEng.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:PROGRA~1TRENDM~1INTERN~1PcCtlCom.exe

C:Program FilesPDF Completepdfsvc.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesIntelWirelessBinRegSrvc.exe

C:Program FilesDell Support Centerbinsprtsvc.exe

C:WINDOWSsystem32svchost.exe

C:PROGRA~1TRENDM~1INTERN~1Tmntsrv.exe

C:PROGRA~1TRENDM~1INTERN~1TmPfw.exe

C:PROGRA~1TRENDM~1INTERN~1tmproxy.exe

C:Program FilesIntelWirelessBinWLKeeper.exe

C:WINDOWSsystem32SearchIndexer.exe

C:WINDOWSExplorer.EXE

C:PROGRA~1TRENDM~1INTERN~1PccGuide.exe

C:Program FilesSynapticsSynTPSynTPEnh.exe

C:WINDOWSsystem32igfxtray.exe

C:WINDOWSsystem32hkcmd.exe

C:WINDOWSsystem32igfxpers.exe

C:WINDOWSOEM02Mon.exe

C:Program FilesDellQuickSetquickset.exe

C:Program FilesIntelWirelessbinZCfgSvc.exe

C:Program FilesIntelWirelessBinifrmewrk.exe

C:WINDOWSstsystra.exe

C:WINDOWSsystem32igfxsrvc.exe

C:WINDOWSsystem32KADxMain.exe

C:Program FilesAdobeReader 8.0ReaderReader_sl.exe

C:Program FilesDell Support Centerbinsprtcmd.exe

C:Program FilesAdobePhotoshop Elements 4.0apdproxy.exe

C:Program FilesHPHP Software UpdateHPWuSchd2.exe

C:Program FilesiTunesiTunesHelper.exe

C:Program FilesDell DataSafe OnlineDataSafeOnline.exe

C:Program FilesTrend MicroInternet Security 14TMAS_OETMAS_OEMon.exe

C:WINDOWSsystem32wuauclt.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesWindows Media PlayerWMPNSCFG.exe

C:Program FilesDigital Line DetectDLG.exe

C:Program FilesHPDigital Imagingbinhpqtra08.exe

C:Program FilesWindows Desktop SearchWindowsSearch.exe

C:Program FilesIntelWirelessBinDot1XCfg.exe

C:Program FilesSonySony Picture UtilityPMBCoreSPUVolumeWatcher.exe

C:Program FilesiPodbiniPodService.exe

C:Program FilesDell Support Centergs_agentdsc.exe

C:Documents and SettingsJANEDesktopHijackThis.exe

C:Program FilesHPDigital ImagingbinhpqSTE08.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080412

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerSearch,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080412

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:Program FilesHPSmart Web Printinghpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:Program FilesHPSmart Web Printinghpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll

O2 - BHO: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll

O2 - BHO: Discover deskshop Browser Helper Object - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:WINDOWSsystem32BhoDshop.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:Program FilesDellBAEBAE.dll

O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:Program FilesTrend MicroTrendProtectMSIEwrs.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll

O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)

O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:Program FilesTrend MicroTrendProtectMSIEwrs.dll

O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe

O4 - HKLM..Run: [igfxTray] C:WINDOWSsystem32igfxtray.exe

O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe

O4 - HKLM..Run: [Persistence] C:WINDOWSsystem32igfxpers.exe

O4 - HKLM..Run: [OEM02Mon.exe] C:WINDOWSOEM02Mon.exe

O4 - HKLM..Run: [Dell QuickSet] C:Program FilesDellQuickSetquickset.exe

O4 - HKLM..Run: [intelZeroConfig] "C:Program FilesIntelWirelessbinZCfgSvc.exe"

O4 - HKLM..Run: [intelWireless] "C:Program FilesIntelWirelessBinifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM..Run: [DELL Webcam Manager] "C:Program FilesDellDell Webcam ManagerDellWMgr.exe" /s

O4 - HKLM..Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM..Run: [KADxMain] C:WINDOWSsystem32KADxMain.exe

O4 - HKLM..Run: [pccguide.exe] "C:Program FilesTrend MicroInternet Security 14pccguide.exe"

O4 - HKLM..Run: [Google Desktop Search] "C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe" /startup

O4 - HKLM..Run: [ECenter] C:DellE-CenterEULALauncher.exe

O4 - HKLM..Run: [dscactivate] "C:Program FilesDell Support Centergs_agentcustomdsca.exe"

O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"

O4 - HKLM..Run: [secure Online Account Numbers] C:PROGRA~1DiscoverSOANSOAN.exe /dontopenmycards

O4 - HKLM..Run: [PDF Complete] C:Program FilesPDF Completepdfsty.exe

O4 - HKLM..Run: [DellSupportCenter] "C:Program FilesDell Support Centerbinsprtcmd.exe" /P DellSupportCenter

O4 - HKLM..Run: [Adobe Photo Downloader] "C:Program FilesAdobePhotoshop Elements 4.0apdproxy.exe"

O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"

O4 - HKLM..Run: [Dell DataSafe Online] "C:Program FilesDell DataSafe OnlineDataSafeOnline.exe" /m

O4 - HKCU..Run: [OE_OEM] "C:Program FilesTrend MicroInternet Security 14TMAS_OETMAS_OEMon.exe"

O4 - HKCU..Run: [DellSupportCenter] "C:Program FilesDell Support Centerbinsprtcmd.exe" /P DellSupportCenter

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE

O4 - Startup: PMB Media Check Tool.lnk = C:Program FilesSonySony Picture UtilityPMBCoreSPUVolumeWatcher.exe

O4 - Global Startup: Digital Line Detect.lnk = C:Program FilesDigital Line DetectDLG.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe

O4 - Global Startup: Windows Search.lnk = C:Program FilesWindows Desktop SearchWindowsSearch.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:Program FilesHPSmart Web Printinghpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:Program FilesHPSmart Web Printinghpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra button: Secure Online Account Numbers - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - C:PROGRA~1DiscoverSOANSOAN.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O15 - Trusted Zone: http://myspam.cableone.net

O15 - Trusted Zone: http://www.(private).com

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208724684453

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - https://www.(private).com/Remote/msrdp.cab

O16 - DPF: {819EDD4C-7EB6-4D97-B831-D68B57E7D3ED} (Wyncs Control) - http://www.highschoolsports.net/Wyncs.cab

O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax7322.cab

O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:Program FilesTrend MicroTrendProtectMSIEwrs.dll

O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~2GOEC62~1.DLL

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:Program FilesAdobePhotoshop Elements 4.0PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe

O23 - Service: Intel

Link to post
Share on other sites

Please UPDATE MBAM and run a new Quick Scan and post back that log and a new HJT log.

Thanks for your assistance - I think I have killed this thing, but would truely appreciate any suggestions you have after reviewing my new logs. :P

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:50:41 PM, on 5/29/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\Program Files\PDF Complete\pdfsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\OEM02Mon.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe

C:\PROGRA~1\Discover\SOAN\SOAN.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Documents and Settings\JANE\Desktop\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.(private).com

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208724684453

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - https://www.(private).com/Remote/msrdp.cab

O16 - DPF: {819EDD4C-7EB6-4D97-B831-D68B57E7D3ED} (Wyncs Control) - http://www.highschoolsports.net/Wyncs.cab

O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax7322.cab

O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 13798 bytes

Malwarebytes' Anti-Malware 1.37

Database version: 2195

Windows 5.1.2600 Service Pack 2

5/29/2009 7:48:47 PM

mbam-log-2009-05-29 (19-48-47).txt

Scan type: Quick Scan

Objects scanned: 103303

Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Root Admin

STEP 01

With all other applications closed (Taskbar empty), open HijackThis again

and run Do a system scan only and place a check mark on the following items.

STEP 02

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.
    When done, DDS will open two (2) logs:

  1. DDS.txt
  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Link to post
Share on other sites

I ran HijackThis and placed check marks by all items except the 2 "015" trusted zones and one of the "016" you had suggested:

Also included is the text from the DDS.txt and Attach.txt - do you need me to attach these files also?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:12:29 PM, on 5/29/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\Program Files\PDF Complete\pdfsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\OEM02Mon.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe

C:\PROGRA~1\Discover\SOAN\SOAN.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\Documents and Settings\JANE\Desktop\HijackThis.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080412

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [secure Online Account Numbers] C:\PROGRA~1\Discover\SOAN\SOAN.exe /dontopenmycards

O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m

O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Secure Online Account Numbers - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - C:\PROGRA~1\Discover\SOAN\SOAN.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://myspam.cableone.net

O15 - Trusted Zone: http://www.fitchtax.com

O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - https://www.fitchtax.com/Remote/msrdp.cab

O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 11978 bytes

DDS (Ver_09-05-14.01) - NTFSx86

Run by JANE at 21:12:52.29 on Fri 05/29/2009

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3062.2082 [GMT -5:00]

AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\Program Files\PDF Complete\pdfsvc.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\OEM02Mon.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe

C:\PROGRA~1\Discover\SOAN\SOAN.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\JANE\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com

uInternet Connection Wizard,ShellNext = iexplore

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll

BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll

BHO: BhoMisc Class: {e3578b37-6346-4ec1-a82b-38273a100dcf} - c:\program files\trend micro\trendprotect\msie\wrs.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll

TB: TrendProtect: {f83be649-1cc3-48ee-b2e2-0826cef3822a} - c:\program files\trend micro\trendprotect\msie\wrs.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - No File

uRun: [OE_OEM] "c:\program files\trend micro\internet security 14\tmas_oe\TMAS_OEMon.exe"

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [KADxMain] c:\windows\system32\KADxMain.exe

mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [ECenter] c:\dell\e-center\EULALauncher.exe

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [secure Online Account Numbers] c:\progra~1\discover\soan\SOAN.exe /dontopenmycards

mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m

StartupFolder: c:\docume~1\jane\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\jane\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - c:\progra~1\discover\soan\SOAN.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: cableone.net\myspam

Trusted Zone: fitchtax.com\www

Trusted Zone: usaswimming.org\www

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://www.fitchtax.com/Remote/msrdp.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

Handler: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - c:\program files\trend micro\trendprotect\msie\WRS.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-5-11 576536]

R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2007-11-8 345696]

R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2007-11-8 923216]

R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2007-11-8 36368]

R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2007-11-8 566872]

R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;c:\windows\system32\drivers\OEM02Afx.sys [2008-4-12 141376]

R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2008-4-12 235648]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-4-12 7424]

R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-11-8 280392]

S2 cddyhms;cddyhms;c:\windows\system32\drivers\djqrlz.sys --> c:\windows\system32\drivers\djqrlz.sys [?]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-4-12 29744]

=============== Created Last 30 ================

2009-05-28 23:35 <DIR> --d----- c:\documents and settings\jane\.housecall6.6

2009-05-28 20:32 161,792 a------- c:\windows\SWREG.exe

2009-05-28 20:32 154,624 a------- c:\windows\PEV.exe

2009-05-28 20:32 98,816 a------- c:\windows\sed.exe

2009-05-26 18:43 <DIR> --d----- c:\program files\Sophos

2009-05-25 17:58 42,072 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT

2009-05-14 00:47 <DIR> --d----- c:\docume~1\jane\applic~1\Fuel Industries

2009-05-09 20:34 <DIR> --d----- c:\windows\Logs

2009-05-09 20:29 <DIR> --d----- c:\program files\Sony

2009-05-09 20:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony Corporation

2009-05-04 00:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MumboJumbo

==================== Find3M ====================

2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys

2009-04-08 21:30 139,875 a------- c:\windows\hpoins15.dat

2009-03-31 01:48 110,436 a------- c:\windows\hpoins11.dat

2009-03-21 09:18 986,112 -------- c:\windows\system32\dllcache\kernel32.dll

2009-03-06 09:00 284,160 a------- c:\windows\system32\pdh.dll

2009-03-06 09:00 284,160 -------- c:\windows\system32\dllcache\pdh.dll

2009-03-02 19:18 826,368 a------- c:\windows\system32\wininet.dll

2009-03-02 19:18 826,368 -------- c:\windows\system32\dllcache\wininet.dll

2008-04-27 10:01 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat

2008-04-16 21:46 0 a------- c:\docume~1\jane\applic~1\wklnhst.dat

2008-04-12 04:46 74 ---shr-- c:\windows\CT4CET.bin

============= FINISH: 21:13:15.09 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 4/16/2008 3:53:58 PM

System Uptime: 5/28/2009 8:49:28 PM (25 hours ago)

Motherboard: Dell Inc. | | 0KY767

Processor: Intel Pentium III Xeon processor | Microprocessor | 789/200mhz

Processor: Intel Pentium III Xeon processor | Microprocessor | 789/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 292 GiB total, 243.981 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP46: 3/1/2009 2:00:56 AM - System Checkpoint

RP47: 3/2/2009 11:07:42 PM - System Checkpoint

RP48: 3/5/2009 2:20:31 AM - Software Distribution Service 3.0

RP49: 3/8/2009 7:30:23 PM - System Checkpoint

RP50: 3/9/2009 10:45:46 PM - Restore Operation

RP51: 3/11/2009 2:01:29 AM - Software Distribution Service 3.0

RP52: 3/16/2009 2:23:38 AM - Software Distribution Service 3.0

RP53: 3/18/2009 8:18:32 PM - System Checkpoint

RP54: 3/25/2009 10:20:43 PM - Installed Ancestry Toolbar

RP55: 4/8/2009 10:42:45 PM - System Checkpoint

RP56: 4/9/2009 10:52:00 PM - System Checkpoint

RP57: 4/10/2009 10:15:42 PM - Removed Dell DataSafe Online

RP58: 4/10/2009 10:15:51 PM - Installed Dell DataSafe Online.

RP59: 4/10/2009 11:41:11 PM - Installed Trend Micro TrendProtect for Internet Explorer.

RP60: 4/12/2009 5:42:09 PM - System Checkpoint

RP61: 4/16/2009 1:37:42 AM - System Checkpoint

RP62: 4/17/2009 12:51:42 AM - Software Distribution Service 3.0

RP63: 4/22/2009 1:26:10 AM - System Checkpoint

RP64: 4/23/2009 12:17:41 PM - System Checkpoint

RP65: 4/30/2009 2:33:26 AM - Software Distribution Service 3.0

RP66: 5/3/2009 11:38:18 PM - System Checkpoint

RP67: 5/7/2009 11:32:17 PM - System Checkpoint

RP68: 5/9/2009 8:28:21 PM - Installed Sony Picture Utility

RP69: 5/9/2009 8:29:15 PM - Installed Shared2

RP70: 5/9/2009 8:30:07 PM - Installed TapeUtility

RP71: 5/9/2009 8:31:12 PM - Installed PMBCore

RP72: 5/9/2009 8:33:19 PM - Installed VideoUtility

RP73: 5/9/2009 8:34:23 PM - Installed DirectX

RP74: 5/15/2009 6:57:36 PM - System Checkpoint

RP75: 5/17/2009 9:53:02 PM - System Checkpoint

RP76: 5/19/2009 10:08:43 PM - Software Distribution Service 3.0

RP77: 5/28/2009 9:41:12 PM - after combofix

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)

32 Bit HP CIO Components Installer

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)

Adobe Flash Player 10 ActiveX

Adobe Help Center 2.0

Adobe Photoshop Elements 4.0

Adobe Reader 8.1.2

Adobe Reader 8.1.2 Security Update 1 (KB403742)

Advanced Audio FX Engine

Advanced Video FX Engine

AIO_Scan

AiO_Scan_CDA

Amazon MP3 Downloader 1.0.3

Ancestry Toolbar

AnswerWorks 5.0 English Runtime

Apple Mobile Device Support

Apple Software Update

Auction!® V3

Auction!® V3 Manual

Banctec Service Agreement

Bonjour

Broadcom Management Programs

Browser Address Error Redirector

BufferChm

Client Bookkeeping Solution 2007.1

Compatibility Pack for the 2007 Office system

Conexant HDA D330 MDC V.92 Modem

Copy

Creative Solutions Accounting

Critical Update for Windows Media Player 11 (KB959772)

CustomerResearchQFolder

Dell DataSafe Online

Dell Support Center (Support Software)

Dell System Restore

Dell Touchpad

Dell Webcam Center

Dell Webcam Manager

Destination Component

DeviceDiscovery

DeviceManagementQFolder

Digital Line Detect

DocProc

DocProcQFolder

Documentation & Support Launcher

eSupportQFolder

Games, Music, & Photos Launcher

Garmin Communicator Plugin

Google Desktop

Google Toolbar for Internet Explorer

High Definition Audio Driver Package - KB835221

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.0 (KB932471)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB896344)

Hotfix for Windows XP (KB906569)

Hotfix for Windows XP (KB908673)

Hotfix for Windows XP (KB909095)

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB934428-v2)

Hotfix for Windows XP (KB935448)

Hotfix for Windows XP (KB937930)

Hotfix for Windows XP (KB952287)

HP Customer Participation Program 9.0

HP Games

HP Imaging Device Functions 9.0

HP OCR Software 9.0

HP Photosmart All-In-One Software 9.0

HP Photosmart Essential 2.01

HP Photosmart Essential2.01

HP Photosmart, Officejet and Deskjet 7.0.A

HP Smart Web Printing

HP Solution Center 9.0

HP Update

HPProductAssistant

HPSSupply

Intel® Graphics Media Accelerator Driver

Intel® PROSet/Wireless Software

IntelliSonic Speech Enhancement

Internet Service Offers Launcher

iTunes

J2SE Runtime Environment 5.0 Update 6

Laptop Integrated Webcam Driver (1.04.01.1011)

Live! Cam Avatar Creator

Live! Cam Avatar v1.0

Logitech Harmony Remote Software 7

Malwarebytes' Anti-Malware

MarketResearch

mCore

mDrWiFi

MediaDirect

MEET MANAGER Demo 2.0 for Swimming

mHlpDell

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 1

Microsoft .NET Framework 3.0 Service Pack 1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

mIWA

mLogView

mMHouse

Modem Diagnostic Tool

mPfMgr

mPfWiz

mProSafe

mSCfg

MSN Music Assistant

mSSO

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 6 Service Pack 2 (KB954459)

Musicmatch for Windows Media Player

mWlsSafe

mWMI

mZConfig

NetWaiting

Nvu 1.0

OutlookAddinSetup

PDF Complete

Primo

PS_AIO_ProductContext

PS_AIO_Software

PS_AIO_Software_min

PSSWCORE

Quicken 2009

QuickSet

QuickTime

Remote Control USB Driver

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Runtime

Scan

SearchAssist

Secure Online Account Numbers

Security Update for 2007 Microsoft Office System (KB951550)

Security Update for 2007 Microsoft Office System (KB951944)

Security Update for 2007 Microsoft Office System (KB960003)

Security Update for Microsoft Office Excel 2007 (KB959997)

Security Update for Microsoft Office OneNote 2007 (KB950130)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office system 2007 (KB954326)

Security Update for Microsoft Office system 2007 (KB956828)

Security Update for Microsoft Office Word 2007 (KB956358)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB938127)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB941202)

Security Update for Windows XP (KB941568)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB941644)

Security Update for Windows XP (KB941693)

Security Update for Windows XP (KB942615)

Security Update for Windows XP (KB943055)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB943485)

Security Update for Windows XP (KB944653)

Security Update for Windows XP (KB945553)

Security Update for Windows XP (KB946026)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB948590)

Security Update for Windows XP (KB948881)

Security Update for Windows XP (KB950749)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB961373)

SolutionCenter

Sony Picture Utility

Status

TEAM MANAGER 4.0 for Swimming

TEAM MANAGER 5.0 for Swimming

TestDrive Client

Toolbox

TrayApp

Trend Micro PC-cillin Internet Security 14

Trend Micro TrendProtect for Internet Explorer

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB957244)

Update for Microsoft Office Excel 2007 Help (KB957242)

Update for Microsoft Office Outlook 2007 (KB952142)

Update for Microsoft Office Outlook 2007 Help (KB957246)

Update for Microsoft Office PowerPoint 2007 Help (KB957247)

Update for Microsoft Office Word 2007 Help (KB957252)

Update for Microsoft Script Editor Help (KB957253)

Update for Outlook 2007 Junk Email Filter (kb968503)

Update for Windows XP (KB894391)

Update for Windows XP (KB896256)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB912945)

Update for Windows XP (KB916595)

Update for Windows XP (KB920342)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB925720)

Update for Windows XP (KB925876)

Update for Windows XP (KB927891)

Update for Windows XP (KB930916)

Update for Windows XP (KB932823-v3)

Update for Windows XP (KB933360)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Update for Windows XP (KB942763)

Update for Windows XP (KB946627)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

VideoToolkit01

Virtual Earth 3D (Beta)

WebFldrs XP

WebReg

WildGames

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Live Sign-in Assistant

Windows Media Format 11 runtime

Windows Media Format SDK Hotfix - KB891122

Windows Media Player 10

Windows Media Player 11

Windows Presentation Foundation

Windows Search 4.0

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB885855

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB889673

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

5/28/2009 8:34:34 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.

5/26/2009 7:58:06 PM, error: Service Control Manager [7000] - The cddyhms service failed to start due to the following error: The system cannot find the file specified.

5/26/2009 4:03:49 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm tmtdi

5/25/2009 8:06:46 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

5/25/2009 8:02:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

5/25/2009 8:02:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service PcCtlCom with arguments "-Service" in order to run the server: {5F9DCAF1-2A98-4135-AEFF-8C76B1D7C52C}

5/25/2009 8:01:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip tmtdi

5/25/2009 8:01:57 PM, error: Service Control Manager [7001] - The Trend Micro Proxy Service service depends on the Trend Micro TDI Driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/25/2009 8:01:57 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

5/25/2009 8:01:57 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/25/2009 8:01:57 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/25/2009 8:01:57 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

5/25/2009 8:01:57 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/25/2009 8:01:57 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/25/2009 8:01:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

5/25/2009 8:01:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/25/2009 5:17:20 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.

5/25/2009 5:12:56 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The class is configured to run as a security id different from the caller

5/23/2009 2:45:51 PM, error: DCOM [10000] - Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}. The error: "%3" Happened while starting this command: "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

5/23/2009 1:55:42 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer KATHERINE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{69FF5AFC-D0C9-4. The master browser is stopping or an election is being forced.

5/23/2009 1:43:12 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.

5/23/2009 1:43:12 PM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

Thanks again for your help!! I just ran maywarebytes on the kids' computer and it found 20 items... and here I thought I was almost done with this :P

Link to post
Share on other sites

  • Root Admin

Yes the box is infected still. We need to get a file off of the box to analyze so we can detect and fix your system.

DO NOT reboot the computer because this file renames itself each time the computer restarts.

Create a NEW folder on your Desktop named: BadFiles

Please download the following scanning tool. GMER

  • Download the randomly named EXE and copy the file to your Desktop. Remember what its name is.

  • Double click on
    random named exe file
    and run it.

  • It may take a minute to load and become available.

  • You should see a tab on top with 3
    >
Link to post
Share on other sites

Nothing in red..

In the initial window and on the Rootkit/Malware tab is the following info.... what about the "catchme.sys"?

GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-05-29 22:23:44

Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.15 ----

Code \??\C:\DOCUME~1\JANE\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

  • Root Admin

Try this scan. If it does not work then we'll need to do a more intensive routine to find and remove this pesky item.

You already have the program so you don't need to download it again.

Please download the following scanning tool. GMER

  • Download the randomly named EXE and copy the file to your Desktop. Remember what its name is.
  • Double click on
    random named exe file
    and run it.

  • It may take a minute to load and become available.

  • Do not make any changes. Click on the
    SCAN
    button and DO NOT use the computer while it's scanning.

  • Once the scan is done click on the
    SAVE
    button and browse to your Desktop and save the file as
    GMER.LOG

  • Zip up the
    GMER.LOG
    file and save it as
    gmerlog.zip
    and attach it to your reply post.

  • DO NOT
    directly post this log into a reply. You
    MUST
    attach it as a .ZIP file.

  • Click OK and quit the GMER program.

Link to post
Share on other sites

  • Root Admin

Not good, that did not list the file we're looking for. Allow Combofix to reboot the box but after that DO NOT reboot the box again.

You should already have the file: C:\Windows\ntbtlog.txt so please delete it now so that we don't have old information.

STEP 01

Delete your current copy of Combofix.exe and Download a NEW fresh copy of Combofix.exe

Then rename it to TUMS.EXE and run it again.

Additional links to download the tool:

ComboFix.exe

ComboFix.exe

ComboFix.exe

If Combofix DOES NOT reboot the box then you will need to reboot it once when it is all done, so that the bootlog file will be regenerated for us.

STEP 02

Click on
START - RUN
and type in
SIGVERIF
and click OK

This is a Microsoft File Signature Verification program that will check some file status for us.
  • Click on the
    START
    button and let it run.
  • It will popup a box when it's done to show the status, you can close that box.

  • Close the
    File Signature Verification
    application.

  • Find and attach the file C:\WINDOWS\
    SIGVERIF.TXT
    to your reply.

  • DO NOT
    post the log directly into your reply, attach the file please.

STEP 03

This may CRASH the computer or force a reboot if Malware is blocking it. If it does then let me know.

RootRepeal - Rootkit Detector

    Close ALL applications and as many items in the task tray that will stop and exit.
  • Please download the following tool:
    RootRepeal - Rootkit Detector

  • Direct download link is here:
    RootRepeal.rar

  • If you don't already have a program to open a .RAR compressed file you can download a trial version from here:
    WinRAR

  • Extract the program file to a new folder such as
    C:\RootRepeal

  • Run the program
    RootRepeal.exe
    and go to the
    REPORT
    tab and click on the
    Scan
    button

  • Select
    ALL
    of the checkboxes and then click
    OK
    and it will start scanning your system.

  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.

  • When done, click on
    Save Report

  • Save it to the same location where you ran it from, such as
    C:\RootRepeal

  • Save it as
    your_name_rootrepeal.txt
    - where your_name is your
    forum name

  • This makes it more easy to track who the log belongs to.

  • Then open that log and select all and copy/paste it back on your next reply please.

  • Quit the RootRepeal program.

STEP 04

Update MBAM and do another QUICK SCAN and post back it's log too.

Link to post
Share on other sites

Thanks again for your help!!!

NO CRASHES!! :)

1. - Deleted ntbtlog.txt

2. - Deleted old Combo Fix, downloaded new file as TUMS.exe (this if funny - my husband was just at the store getting some TUMS for me!!)

3. - Ran TUMS.exe - it installed windows recovery console this time!!

Link to post
Share on other sites

Thanks again for your help!!!

NO CRASHES!! :)

I deleted ntbtlog.txt

Step 1. - Deleted old Combo Fix, downloaded new file as TUMS.exe (this if funny - my husband just brought home TUMS for me!!)

Ran TUMS.exe - it installed windows recovery console this time!! ComboFix did not restart the computer. I did a "restart" and looked for the the new ntbtlog.txt - did not see it, so I did a complete shutdown - still no ntbtlog.txt??? Log of ComboFix below.

ComboFix 09-05-30.06 - JANE 05/31/2009 12:51.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3062.1978 [GMT -5:00]

Running from: c:\documents and settings\JANE\Desktop\TUMS.exe

AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: PC-cillin Internet Security - Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

.

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))

.

2009-05-30 04:06 . 2008-10-16 19:06 208744 ----a-w- c:\windows\system32\muweb.dll

2009-05-29 04:35 . 2009-05-29 07:33 -------- d-----w- c:\documents and settings\JANE\.housecall6.6

2009-05-28 04:39 . 2009-05-28 04:39 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-05-27 00:31 . 2009-05-27 00:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-05-26 23:43 . 2009-05-26 23:43 -------- d-----w- c:\program files\Sophos

2009-05-25 23:02 . 2009-05-25 23:02 -------- d-----w- c:\documents and settings\OTHERS.D3Z6J1G1\Local Settings\Application Data\DataSafeOnline

2009-05-25 23:01 . 2009-05-25 23:01 -------- d-----w- c:\documents and settings\OTHERS.D3Z6J1G1\Local Settings\Application Data\Identities

2009-05-25 22:58 . 2009-05-25 23:01 42072 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

2009-05-25 22:58 . 2009-05-25 22:58 -------- d-----w- c:\documents and settings\OTHERS.D3Z6J1G1\Application Data\Windows Desktop Search

2009-05-25 22:57 . 2009-05-25 22:57 -------- d-----w- c:\documents and settings\OTHERS.D3Z6J1G1\Application Data\HPAppData

2009-05-25 03:33 . 2009-05-25 03:33 422 ----a-w- c:\documents and settings\JANE\Application Data\Amazon\socks1.exe

2009-05-25 03:33 . 2009-05-25 03:33 16141 ----a-w- c:\documents and settings\JANE\Application Data\BeachPartyCraze\lego.exe

2009-05-25 03:33 . 2009-05-25 03:33 145131 ----a-w- c:\documents and settings\JANE\Application Data\Apple Computer\nomad.exe

2009-05-25 03:33 . 2009-05-25 03:33 13221 ----a-w- c:\documents and settings\JANE\Application Data\AlterLab\rengo.dll

2009-05-25 03:33 . 2009-05-25 03:33 11410 ----a-w- c:\documents and settings\JANE\Application Data\Boolat Games\msgdi.dll

2009-05-25 03:33 . 2009-05-25 03:33 11232 ----a-w- c:\documents and settings\JANE\Application Data\Adobe\shalom.exe

2009-05-25 03:33 . 2009-05-25 03:33 10121 ----a-w- c:\documents and settings\JANE\Application Data\Boomzap\kern.dll

2009-05-14 05:47 . 2009-05-14 05:47 -------- d-----w- c:\documents and settings\JANE\Application Data\Fuel Industries

2009-05-10 01:35 . 2009-05-10 01:35 -------- d-----w- c:\documents and settings\JANE\Application Data\Sony Corporation

2009-05-10 01:34 . 2009-05-10 01:34 -------- d-----w- c:\windows\Logs

2009-05-10 01:31 . 2009-05-10 01:31 10134 ----a-r- c:\documents and settings\JANE\Application Data\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe

2009-05-10 01:29 . 2009-05-10 01:29 -------- d-----w- c:\program files\Sony

2009-05-10 01:28 . 2009-05-10 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation

2009-05-04 05:19 . 2009-05-04 05:19 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-30 01:12 . 2008-05-08 01:24 1699984 ----a-w- c:\documents and settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en-us\Installers\SetupGamesClient.exe

2009-05-28 04:39 . 2009-04-12 04:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-05-26 18:20 . 2009-04-12 04:44 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-26 18:19 . 2009-04-12 04:44 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-05-25 23:01 . 2008-04-28 01:14 8224 ----a-w- c:\documents and settings\OTHERS.D3Z6J1G1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-25 03:33 . 2009-04-04 04:13 -------- d-----w- c:\documents and settings\JANE\Application Data\Boolat Games

2009-05-25 03:33 . 2009-01-08 07:13 -------- d-----w- c:\documents and settings\JANE\Application Data\AlterLab

2009-05-25 03:33 . 2009-01-02 02:03 -------- d-----w- c:\documents and settings\JANE\Application Data\Amazon

2009-05-25 03:33 . 2008-11-08 04:26 -------- d-----w- c:\documents and settings\JANE\Application Data\BeachPartyCraze

2009-05-25 03:33 . 2008-08-05 22:21 -------- d-----w- c:\documents and settings\JANE\Application Data\Boomzap

2009-05-25 03:33 . 2008-05-23 17:36 -------- d-----w- c:\documents and settings\JANE\Application Data\Apple Computer

2009-05-24 20:47 . 2008-04-17 03:47 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent

2009-05-24 20:17 . 2008-04-18 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games

2009-05-23 22:55 . 2008-04-17 03:47 -------- d-----w- c:\program files\HP Games

2009-05-23 19:43 . 2008-05-01 03:45 -------- d-----w- c:\documents and settings\JANE\Application Data\U3

2009-05-20 03:10 . 2008-04-17 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-05-18 04:11 . 2008-04-21 21:09 -------- d-----w- c:\program files\Client Bookkeeping Solution

2009-05-10 01:34 . 2008-04-12 09:43 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-05-02 06:22 . 2008-04-26 00:52 14 ----a-w- c:\windows\popcinfo.dat

2009-04-23 05:23 . 2009-04-23 05:23 -------- d-----w- c:\documents and settings\JANE\Application Data\CobiMobi

2009-04-19 03:15 . 2008-04-17 04:57 -------- d-----w- c:\documents and settings\All Users\Application Data\HipSoft

2009-04-12 04:44 . 2009-04-12 04:44 -------- d-----w- c:\documents and settings\JANE\Application Data\Malwarebytes

2009-04-12 04:44 . 2009-04-12 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-04-11 04:41 . 2008-04-12 09:49 -------- d-----w- c:\program files\Trend Micro

2009-04-11 03:25 . 2009-04-11 03:17 -------- d-----w- c:\documents and settings\JANE\Application Data\DataSafeOnline

2009-04-11 03:15 . 2008-04-12 09:52 -------- d-----w- c:\program files\Dell DataSafe Online

2009-04-09 02:30 . 2008-09-14 17:28 139875 ----a-w- c:\windows\hpoins15.dat

2009-04-04 05:35 . 2009-04-04 05:35 -------- d-----w- c:\documents and settings\JANE\Application Data\World-LooM

2009-03-31 06:48 . 2009-03-31 06:46 110436 ----a-w- c:\windows\hpoins11.dat

2009-03-28 05:22 . 2009-03-28 05:22 3616768 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181311-181414.dll

2009-03-28 05:22 . 2009-03-28 05:22 1536000 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181414-18154.dll

2009-03-28 05:21 . 2009-01-11 23:39 242976 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE

2009-03-06 14:00 . 2004-08-10 17:51 284160 ----a-w- c:\windows\system32\pdh.dll

2009-03-03 00:18 . 2004-08-10 17:51 826368 ----a-w- c:\windows\system32\wininet.dll

2008-04-12 09:46 . 2008-04-12 09:46 74 --sh--r- c:\windows\CT4CET.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OE_OEM"="c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 321040]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-10 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-10 851968]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-10 137752]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-10 162328]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-10 137752]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]

"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 1807960]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-25 29744]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-01-18 17920]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-14 16384]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"Secure Online Account Numbers"="c:\progra~1\Discover\SOAN\SOAN.exe" [2007-02-02 233472]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-05-05 318488]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]

"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-07-10 405504]

c:\documents and settings\JANE\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-5-9 333088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-12 50688]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [5/11/2008 10:42 AM 576536]

R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [11/8/2007 7:19 PM 345696]

R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [11/8/2007 7:19 PM 923216]

R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [11/8/2007 7:20 PM 36368]

R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [11/8/2007 7:19 PM 566872]

R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;c:\windows\system32\drivers\OEM02Afx.sys [4/12/2008 4:22 AM 141376]

R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [4/12/2008 4:22 AM 235648]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [4/12/2008 4:22 AM 7424]

R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [11/8/2007 7:20 PM 280392]

S2 cddyhms;cddyhms;c:\windows\system32\drivers\djqrlz.sys --> c:\windows\system32\drivers\djqrlz.sys [?]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/12/2008 4:54 AM 29744]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AUJASNKJ

*Deregistered* - aujasnkj

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2009-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.msn.com

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: cableone.net\myspam

Trusted Zone: fitchtax.com\www

Trusted Zone: usaswimming.org\www

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-31 12:57

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1292)

c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(6088)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2009-05-31 13:05

ComboFix-quarantined-files.txt 2009-05-31 18:05

ComboFix2.txt 2009-05-29 02:02

Pre-Run: 261,934,227,456 bytes free

Post-Run: 262,043,693,056 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

202 --- E O F --- 2009-05-20 03:10

Step 2. - Ran SIGVERIF - 2 files created - original too large to upload - 1st attached to this reply, 2nd will be attached to next reply

Step 3. - Ran RootRepeal - log below

ROOTREPEAL © AD, 2007-2008

==================================================

Scan Time: 2009/05/31 13:41

Program Version: Version 1.2.3.0

Windows Version: Windows XP SP2

==================================================

Drivers

-------------------

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xA8193000 Size: 98304 File Visible: No

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xBA5FA000 Size: 8192 File Visible: No

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xA6B0B000 Size: 45056 File Visible: No

Status: -

Stealth Objects

-------------------

Object: Hidden Module [Name: sprtmessage.dll]

Process: sprtcmd.exe (PID: 3820) Address: 0x00df0000 Size: 77824

Object: Hidden Module [Name: SupportSoft.Agent.Sprocket.SupportMessage.dll]

Process: sprtcmd.exe (PID: 3820) Address: 0x01080000 Size: 45056

Object: Hidden Module [Name: SupportSoft.Agent.Sprocket.dll]

Process: sprtcmd.exe (PID: 3820) Address: 0x03f60000 Size: 28672

Object: Hidden Module [Name: SdbShared.dll]

Process: DataSafeOnline.exe (PID: 780) Address: 0x03580000 Size: 282624

Object: Hidden Module [Name: BalloonWindow.dll]

Process: DataSafeOnline.exe (PID: 780) Address: 0x03560000 Size: 61440

Object: Hidden Module [Name: SdbUI.dll]

Process: DataSafeOnline.exe (PID: 780) Address: 0x039b0000 Size: 110592

Object: Hidden Module [Name: SdbShared.XmlSerializers.dll]

Process: DataSafeOnline.exe (PID: 780) Address: 0x040f0000 Size: 135168

Step 4. - Updated and ran Malwarebytes - log below.

Malwarebytes' Anti-Malware 1.37

Database version: 2202

Windows 5.1.2600 Service Pack 2

5/31/2009 1:48:46 PM

mbam-log-2009-05-31 (13-48-46).txt

Scan type: Quick Scan

Objects scanned: 101122

Time elapsed: 2 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Thanks so much again for everything!!!!

SIGVERIF1.TXT

SIGVERIF1.TXT

Link to post
Share on other sites

  • Root Admin

Do worry about JAVA for now and hopefully the reboot did not change this.

Let's try to have Combofix remove this and see where we get. Somewhere along the line we must have turned off BOOTLOG so we'll turn that back on later too.

STEP 01

Download but do not yet run ComboFix

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

Download it to your DESKTOP - it MUST run from the Desktop

download.bleepingcomputer.com/sUBs/ComboFix.exe

subs.geekstogo.com/ComboFix.exe

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines

KILLALL::

AtJob::

Driver::
cddyhms

File::
c:\windows\system32\drivers\djqrlz.sys

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

CFScript.gif

  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • Disconnect from the Internet.
  • Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
  • It may identify that Recovery Console is not installed. Please accept when asked if you wish it to be installed.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

STEP 02

    Please create a BOOTLOG
  • Delete the following file if it exists. C:\Windows\ntbtlog.txt
  • Restart the computer and press F8 when Windows start booting. This will bring up the startup options.
  • Select "Enable Boot Logging" option and press enter.
  • Windows prompts you to select a Windows Installation (even if there is only one windows installation)
  • This boots windows normally and creates a boot log named ntbtlog.txt and saves it to C:\Windows
Link to post
Share on other sites

Thanks again!!!

Step 01

ComboFix 09-05-31.02 - JANE 05/31/2009 21:38.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3062.2235 [GMT -5:00]

Running from: c:\documents and settings\JANE\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\JANE\Desktop\CFscript.txt

AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: PC-cillin Internet Security - Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

FILE ::

"c:\windows\system32\drivers\djqrlz.sys"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_cddyhms

((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))

.

2009-05-31 18:33 . 2009-05-31 18:43 -------- d-----w- C:\RootRepeal

2009-05-30 04:06 . 2008-10-16 19:06 208744 ----a-w- c:\windows\system32\muweb.dll

2009-05-29 04:35 . 2009-05-29 07:33 -------- d-----w- c:\documents and settings\JANE\.housecall6.6

2009-05-28 04:39 . 2009-05-28 04:39 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-05-27 00:31 . 2009-05-27 00:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-05-26 23:43 . 2009-05-26 23:43 -------- d-----w- c:\program files\Sophos

2009-05-25 23:02 . 2009-05-25 23:02 -------- d-----w- c:\documents and settings\OTHERS.D3Z6J1G1\Local Settings\Application Data\DataSafeOnline

2009-05-25 23:01 . 2009-05-25 23:01 -------- d-----w- c:\documents and settings\OTHERS.D3Z6J1G1\Local Settings\Application Data\Identities

2009-05-25 22:58 . 2009-05-25 23:01 42072 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

2009-05-25 22:58 . 2009-05-25 22:58 -------- d-----w- c:\documents and settings\OTHERS.D3Z6J1G1\Application Data\Windows Desktop Search

2009-05-25 22:57 . 2009-05-25 22:57 -------- d-----w- c:\documents and settings\OTHERS.D3Z6J1G1\Application Data\HPAppData

2009-05-25 03:33 . 2009-05-25 03:33 422 ----a-w- c:\documents and settings\JANE\Application Data\Amazon\socks1.exe

2009-05-25 03:33 . 2009-05-25 03:33 16141 ----a-w- c:\documents and settings\JANE\Application Data\BeachPartyCraze\lego.exe

2009-05-25 03:33 . 2009-05-25 03:33 145131 ----a-w- c:\documents and settings\JANE\Application Data\Apple Computer\nomad.exe

2009-05-25 03:33 . 2009-05-25 03:33 13221 ----a-w- c:\documents and settings\JANE\Application Data\AlterLab\rengo.dll

2009-05-25 03:33 . 2009-05-25 03:33 11410 ----a-w- c:\documents and settings\JANE\Application Data\Boolat Games\msgdi.dll

2009-05-25 03:33 . 2009-05-25 03:33 11232 ----a-w- c:\documents and settings\JANE\Application Data\Adobe\shalom.exe

2009-05-25 03:33 . 2009-05-25 03:33 10121 ----a-w- c:\documents and settings\JANE\Application Data\Boomzap\kern.dll

2009-05-14 05:47 . 2009-05-14 05:47 -------- d-----w- c:\documents and settings\JANE\Application Data\Fuel Industries

2009-05-10 01:35 . 2009-05-10 01:35 -------- d-----w- c:\documents and settings\JANE\Application Data\Sony Corporation

2009-05-10 01:34 . 2009-05-10 01:34 -------- d-----w- c:\windows\Logs

2009-05-10 01:31 . 2009-05-10 01:31 10134 ----a-r- c:\documents and settings\JANE\Application Data\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe

2009-05-10 01:29 . 2009-05-10 01:29 -------- d-----w- c:\program files\Sony

2009-05-10 01:28 . 2009-05-10 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation

2009-05-04 05:19 . 2009-05-04 05:19 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-30 01:12 . 2008-05-08 01:24 1699984 ----a-w- c:\documents and settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en-us\Installers\SetupGamesClient.exe

2009-05-28 04:39 . 2009-04-12 04:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-05-26 18:20 . 2009-04-12 04:44 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-26 18:19 . 2009-04-12 04:44 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-05-25 23:01 . 2008-04-28 01:14 8224 ----a-w- c:\documents and settings\OTHERS.D3Z6J1G1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-25 03:33 . 2009-04-04 04:13 -------- d-----w- c:\documents and settings\JANE\Application Data\Boolat Games

2009-05-25 03:33 . 2009-01-08 07:13 -------- d-----w- c:\documents and settings\JANE\Application Data\AlterLab

2009-05-25 03:33 . 2009-01-02 02:03 -------- d-----w- c:\documents and settings\JANE\Application Data\Amazon

2009-05-25 03:33 . 2008-11-08 04:26 -------- d-----w- c:\documents and settings\JANE\Application Data\BeachPartyCraze

2009-05-25 03:33 . 2008-08-05 22:21 -------- d-----w- c:\documents and settings\JANE\Application Data\Boomzap

2009-05-25 03:33 . 2008-05-23 17:36 -------- d-----w- c:\documents and settings\JANE\Application Data\Apple Computer

2009-05-24 20:47 . 2008-04-17 03:47 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent

2009-05-24 20:17 . 2008-04-18 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games

2009-05-23 22:55 . 2008-04-17 03:47 -------- d-----w- c:\program files\HP Games

2009-05-23 19:43 . 2008-05-01 03:45 -------- d-----w- c:\documents and settings\JANE\Application Data\U3

2009-05-20 03:10 . 2008-04-17 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-05-18 04:11 . 2008-04-21 21:09 -------- d-----w- c:\program files\Client Bookkeeping Solution

2009-05-10 01:34 . 2008-04-12 09:43 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-05-02 06:22 . 2008-04-26 00:52 14 ----a-w- c:\windows\popcinfo.dat

2009-04-23 05:23 . 2009-04-23 05:23 -------- d-----w- c:\documents and settings\JANE\Application Data\CobiMobi

2009-04-19 03:15 . 2008-04-17 04:57 -------- d-----w- c:\documents and settings\All Users\Application Data\HipSoft

2009-04-12 04:44 . 2009-04-12 04:44 -------- d-----w- c:\documents and settings\JANE\Application Data\Malwarebytes

2009-04-12 04:44 . 2009-04-12 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-04-11 04:41 . 2008-04-12 09:49 -------- d-----w- c:\program files\Trend Micro

2009-04-11 03:25 . 2009-04-11 03:17 -------- d-----w- c:\documents and settings\JANE\Application Data\DataSafeOnline

2009-04-11 03:15 . 2008-04-12 09:52 -------- d-----w- c:\program files\Dell DataSafe Online

2009-04-09 02:30 . 2008-09-14 17:28 139875 ----a-w- c:\windows\hpoins15.dat

2009-04-04 05:35 . 2009-04-04 05:35 -------- d-----w- c:\documents and settings\JANE\Application Data\World-LooM

2009-03-31 06:48 . 2009-03-31 06:46 110436 ----a-w- c:\windows\hpoins11.dat

2009-03-28 05:22 . 2009-03-28 05:22 3616768 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181311-181414.dll

2009-03-28 05:22 . 2009-03-28 05:22 1536000 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181414-18154.dll

2009-03-28 05:21 . 2009-01-11 23:39 242976 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE

2009-03-06 14:00 . 2004-08-10 17:51 284160 ----a-w- c:\windows\system32\pdh.dll

2008-04-12 09:46 . 2008-04-12 09:46 74 --sh--r- c:\windows\CT4CET.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OE_OEM"="c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 321040]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-10 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-10 851968]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-10 137752]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-10 162328]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-10 137752]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]

"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 1807960]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-25 29744]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-01-18 17920]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-14 16384]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"Secure Online Account Numbers"="c:\progra~1\Discover\SOAN\SOAN.exe" [2007-02-02 233472]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-05-05 318488]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]

"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-07-10 405504]

c:\documents and settings\JANE\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-5-9 333088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-12 50688]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [5/11/2008 10:42 AM 576536]

R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [11/8/2007 7:19 PM 345696]

R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [11/8/2007 7:19 PM 923216]

R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [11/8/2007 7:20 PM 36368]

R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [11/8/2007 7:19 PM 566872]

R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;c:\windows\system32\drivers\OEM02Afx.sys [4/12/2008 4:22 AM 141376]

R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [4/12/2008 4:22 AM 235648]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [4/12/2008 4:22 AM 7424]

R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [11/8/2007 7:20 PM 280392]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/12/2008 4:54 AM 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2009-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.msn.com

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: cableone.net\myspam

Trusted Zone: fitchtax.com\www

Trusted Zone: usaswimming.org\www

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-31 21:45

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3536)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\program files\Intel\Wireless\Bin\WLKEEPER.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\searchindexer.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Completion time: 2009-06-01 21:54 - machine was rebooted

ComboFix-quarantined-files.txt 2009-06-01 02:54

ComboFix2.txt 2009-05-31 18:05

ComboFix3.txt 2009-05-29 02:02

Pre-Run: 262,039,412,736 bytes free

Post-Run: 262,036,373,504 bytes free

219 --- E O F --- 2009-05-20 03:10

Step 02

Service Pack 2 5 31 2009 22:02:44.375

Loaded driver \WINDOWS\system32\ntkrnlpa.exe

Loaded driver \WINDOWS\system32\hal.dll

Loaded driver \WINDOWS\system32\KDCOM.DLL

Loaded driver \WINDOWS\system32\BOOTVID.dll

Loaded driver ACPI.sys

Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS

Loaded driver pci.sys

Loaded driver isapnp.sys

Loaded driver compbatt.sys

Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS

Loaded driver pciide.sys

Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Loaded driver MountMgr.sys

Loaded driver ftdisk.sys

Loaded driver PartMgr.sys

Loaded driver VolSnap.sys

Loaded driver atapi.sys

Loaded driver iaStor.sys

Loaded driver disk.sys

Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

Loaded driver fltMgr.sys

Loaded driver sr.sys

Loaded driver PxHelp20.sys

Loaded driver KSecDD.sys

Loaded driver WudfPf.sys

Loaded driver Ntfs.sys

Loaded driver NDIS.sys

Loaded driver ohci1394.sys

Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS

Loaded driver Mup.sys

Loaded driver \SystemRoot\system32\DRIVERS\nic1394.sys

Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys

Loaded driver \SystemRoot\system32\DRIVERS\igxpmp32.sys

Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys

Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys

Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys

Loaded driver \SystemRoot\system32\DRIVERS\NETw4x32.sys

Loaded driver \SystemRoot\system32\DRIVERS\bcm4sbxp.sys

Loaded driver \SystemRoot\system32\DRIVERS\sdbus.sys

Loaded driver \SystemRoot\system32\DRIVERS\rimmptsk.sys

Loaded driver \SystemRoot\system32\DRIVERS\rimsptsk.sys

Loaded driver \SystemRoot\system32\DRIVERS\rixdptsk.sys

Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys

Loaded driver \SystemRoot\system32\DRIVERS\SynTP.sys

Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys

Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys

Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys

Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys

Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys

Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys

Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys

Loaded driver \SystemRoot\system32\DRIVERS\wmiacpi.sys

Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys

Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys

Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys

Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys

Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys

Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys

Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys

Loaded driver \SystemRoot\system32\DRIVERS\psched.sys

Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys

Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys

Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys

Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys

Loaded driver \SystemRoot\system32\DRIVERS\update.sys

Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys

Loaded driver \SystemRoot\system32\DRIVERS\TM_CFW.sys

Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS

Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS

Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys

Loaded driver \SystemRoot\system32\drivers\sthda.sys

Loaded driver \SystemRoot\system32\drivers\dxec02.sys

Loaded driver \??\C:\WINDOWS\system32\Drivers\OEM02Afx.sys

Loaded driver \SystemRoot\system32\DRIVERS\HSFHWAZL.sys

Loaded driver \SystemRoot\system32\DRIVERS\HSF_DPV.sys

Loaded driver \SystemRoot\system32\DRIVERS\HSF_CNXT.sys

Loaded driver \SystemRoot\System32\Drivers\Modem.SYS

Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS

Loaded driver \SystemRoot\System32\Drivers\i2omgmt.SYS

Did not load driver \SystemRoot\System32\Drivers\Changer.SYS

Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS

Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS

Loaded driver \SystemRoot\System32\Drivers\Null.SYS

Loaded driver \SystemRoot\System32\Drivers\Beep.SYS

Did not load driver \SystemRoot\system32\DRIVERS\kbdhid.sys

Loaded driver \SystemRoot\System32\drivers\vga.sys

Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS

Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys

Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS

Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS

Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys

Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys

Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys

Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys

Loaded driver \SystemRoot\System32\drivers\afd.sys

Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys

Did not load driver \SystemRoot\system32\DRIVERS\serial.sys

Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS

Loaded driver \SystemRoot\system32\DRIVERS\tmtdi.sys

Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys

Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys

Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys

Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys

Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys

Loaded driver \SystemRoot\system32\DRIVERS\arp1394.sys

Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys

Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys

Loaded driver \SystemRoot\system32\DRIVERS\OEM02Dev.sys

Loaded driver \SystemRoot\system32\DRIVERS\OEM02Vfx.sys

Loaded driver \SystemRoot\System32\Drivers\Fips.SYS

Loaded driver \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS

Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS

Loaded driver \SystemRoot\system32\DRIVERS\tmpreflt.sys

Loaded driver \SystemRoot\system32\DRIVERS\vsapint.sys

Loaded driver \SystemRoot\system32\drivers\TmXPFlt.sys

Loaded driver \SystemRoot\system32\DRIVERS\AegisP.sys

Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys

Loaded driver \SystemRoot\system32\DRIVERS\s24trans.sys

Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys

Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys

Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys

Loaded driver \SystemRoot\System32\Drivers\HTTP.sys

Loaded driver \SystemRoot\system32\DRIVERS\mdmxsdk.sys

Loaded driver \SystemRoot\system32\DRIVERS\srv.sys

Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys

Loaded driver \SystemRoot\system32\drivers\wdmaud.sys

Loaded driver \SystemRoot\system32\drivers\sysaudio.sys

Loaded driver \SystemRoot\system32\drivers\splitter.sys

Loaded driver \SystemRoot\system32\drivers\aec.sys

Loaded driver \SystemRoot\system32\drivers\swmidi.sys

Loaded driver \SystemRoot\system32\drivers\DMusic.sys

Loaded driver \SystemRoot\system32\drivers\kmixer.sys

Loaded driver \SystemRoot\system32\drivers\drmkaud.sys

Loaded driver \SystemRoot\system32\drivers\kmixer.sys

Again I really appreciate your help!!

I use this laptop for work - and I really need to get back into it!!

Link to post
Share on other sites

  • Root Admin

Looks like we got it. Not showing in bootlog anymore or combofix.

You can delete C:\RootRepeal and any files.

Please run the following to remove any tools that might have been used during the scaning and cleaning of your system.

STEP A

Uninstall ComboFix.exe

  • Click
    START
    then
    RUN
  • Now type
    Combofix /u
    (if you renamed Combofix.exe use that name instead)
    in the runbox and click OK. Note the
    space
    between the
    X
    and the
    /U
    , it needs to be there.

  • CF_Cleanup.png


  • When shown the disclaimer, Select "2"

Remove this folder C:\QooBox if the uninstall instructions don't work and delete Combofix.exe AND check your system time and reset if needed

STEP B

Uninstall GMER

Click on
START - RUN
and type in or copy/paste
%windir%\gmer_uninstall.cmd
to remove GMER.

STEP C

Uninstall other tools

Please
Download
OTMoveIt3
by Old Timer
and save it to your
Desktop
.
  • Double-click
    OTMoveIt3.exe
    to run it.
  • While connected to the Internet, Click on the green
    CleanUp!
    button and it will populate a list of items to clean from your system that we used or may have used.

  • It should ask if you want to clean up, select Yes and allow the system to clean up these items.

    NOW
    please reboot your computer to finish the cleanup process

Then enable your Anti-Virus and get the latest updates and do a FULL SYSTEM scan and let me know what it finds if anything.

Link to post
Share on other sites

Thanks - I have started a complete scan with Trend Micro.

I still have several items on my desktop:

RootRepeal.rar

Gmer.zip

dds.scr

Can I "delete" these as well?

I also have a couple of other questions if you have the time:

I need to update Java - what is the latest version that isn't compromised?

Have you heard of any problems installing XP service pack 3? I was thinking that since my computer is clean right now would be a good time to take that step...

Also - what about internet explorer 8? It is coming up in my windows update. I am usually fairly cautious about updating programs until I know that most of the kinks are worked out of them...

I can't thank you enough for all of your help!! :) Especially this late at night!!!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.