Jump to content

Help removing AVSystem care, all logs done

bucky

By bucky
in Resolved Malware Removal Logs

 Share

Recommended Posts

bucky

bucky

Posted
Posted

Hi. I was downloading some stuff and AVSystem Care automatically started installing on my computer and I couldn't get it to quit. Anyhow, I've done the logs as the pre-HJT post says and will post below. Some of the symptoms I still get are automatic occasional opening of IE to random sites, my comp is pretty slow, and continue to get trojan detection from my antivirus software (avast). I appreciate the help!

Malwarebytes' Anti-Malware 1.03

Database version: 371

Scan type: Full Scan (C:\|)

Objects scanned: 79291

Time elapsed: 23 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 14

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 2

Files Infected: 21

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\WINDOWS\system32\khfgdcb.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{e180f496-8a4b-44e2-9fe0-0364e345db7f} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e180f496-8a4b-44e2-9fe0-0364e345db7f} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfgdcb (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\WebBuying (Adware.WebBuying) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e180f496-8a4b-44e2-9fe0-0364e345db7f} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\WINDOWS\system32\nGpxx01 (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\DOCUME~1\mERW\LOCALS~1\Temp\NI.UGA6P_0001_N122M2210 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:

c:\WINDOWS\system32\khfgdcb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\abitynpe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\epnytiba.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gkfnocee.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\eeconfkg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mgirxauk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kuaxrigm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pmnnn.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nnnmp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nnnmp.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spsdikif.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fikidsps.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\mERW\Local Settings\Temp\is-QA2O3.tmp\gfl.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\mERW\Local Settings\Temp\is-QA2O3.tmp\XmlReplacer.exe (Generic.Malware) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP590\A0048157.exe (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP590\A0048161.dll (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP590\A0048164.exe (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wd11\hiba3133.exe (Adware.RABCO) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\mERW\Local Settings\Temp\NI.UGA6P_0001_N122M2210\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\mERW\Local Settings\Temp\NI.UGA6P_0001_N122M2210\setup.len (Rogue.Multiple) -> Quarantined and deleted successfully.

Link to post
Share on other sites
bucky

bucky

Posted
  • Author
Posted

I'm unable to load the entire panda scan. It's too big to paste in its entirety so I just copied the first portion. The remainder of the log contained incidents very similar to the last 13 lines of this portion of the log. There were 200+ entries on the panda scan for spyware.

Incident Status Location

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\mERW\Application Data\Mozilla\Firefox\Profiles\49lsmjh5.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\mERW\Application Data\Mozilla\Firefox\Profiles\49lsmjh5.default\cookies.txt[.com.com/]

Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\mERW\Application Data\Mozilla\Firefox\Profiles\49lsmjh5.default\cookies.txt[citi.bridgetrack.com/]

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\mERW\Application Data\Mozilla\Firefox\Profiles\49lsmjh5.default\cookies.txt[.perf.overture.com/]

Spyware:Cookie/AdvancedCleaner Not disinfected C:\Documents and Settings\mERW\Application Data\Mozilla\Firefox\Profiles\49lsmjh5.default\cookies.txt[.advancedcleaner.com/]

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\mERW\Application Data\Mozilla\Firefox\Profiles\49lsmjh5.default\cookies.txt[.atwola.com/]

Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\mERW\Application Data\Mozilla\Firefox\Profiles\49lsmjh5.default\cookies.txt[.toplist.cz/]

Spyware:Cookie/AdvancedCleaner Not disinfected C:\Documents and Settings\mERW\Application Data\Mozilla\Firefox\Profiles\49lsmjh5.default\cookies.txt[advancedcleaner.com/]

Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\mERW\Application Data\Mozilla\Firefox\Profiles\49lsmjh5.default\cookies.txt[www.burstbeacon.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\mERW\Cookies\merw@atdmt[1].txt

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\mERW\Cookies\merw@tribalfusion[1].txt

Virus:Trj/Downloader.PLF Disinfected C:\Documents and Settings\mERW\Local Settings\Temp\snapsnet.exe

Adware:Adware/AVSystemCare Not disinfected C:\Documents and Settings\mERW\Local Settings\Temp\winvsnet.exe

Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\mERW\Local Settings\Temporary Internet Files\Content.IE5\YTGNYHC5\tr[1]

Possible Virus. Not disinfected C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00109620.MOZ[.doubleclick.net/]

Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00109620.MOZ[.atdmt.com/]

Spyware:Cookie/PointRoll Not disinfected C:\RECYCLER\NPROTECT\00109620.MOZ[.ads.pointroll.com/]

Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00109620.MOZ[ad.yieldmanager.com/]

Spyware:Cookie/Adrevolver Not disinfected C:\RECYCLER\NPROTECT\00109620.MOZ[.adrevolver.com/]

Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00109620.MOZ[.advertising.com/]

Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00109620.MOZ[.realmedia.com/]

Spyware:Cookie/FastClick Not disinfected C:\RECYCLER\NPROTECT\00109620.MOZ[.fastclick.net/]

Spyware:Cookie/Apmebf Not disinfected C:\RECYCLER\NPROTECT\00109620.MOZ[.apmebf.com/]

Spyware:Cookie/FastClick Not disinfected C:\RECYCLER\NPROTECT\00109620.MOZ[.fastclick.net/]

Spyware:Cookie/Overture Not disinfected C:\RECYCLER\NPROTECT\00109620.MOZ[.overture.com/]

Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00109620.MOZ[.questionmarket.com/]

Spyware:Cookie/Bridgetrack Not disinfected C:\RECYCLER\NPROTECT\00109620.MOZ[citi.bridgetrack.com/]

Link to post
Share on other sites
bucky

bucky

Posted
  • Author
Posted

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:12:40 AM, on 2/18/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Dantz\Retrospect\retrorun.exe

C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\WINDOWS\system32\WDBtnMgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\WDC\SetIcon.exe

C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\PdaNet 4.11\PdaNet.exe

C:\Program Files\PdaNet 4.11\PdaNetUm.exe

C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://updates.installshield.com/GetUpdate...01FD9FB500FDEAC

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {197764E9-AC8E-4665-BAFC-A88F993D7831} - C:\WINDOWS\system32\pmnnn.dll (file missing)

O2 - BHO: (no name) - {22C9777C-A7F5-4380-8020-F570BC4F0AFC} - C:\WINDOWS\system32\mljjj.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {AE86E425-A4AB-4CAB-91EB-627B551F931A} - (no file)

O2 - BHO: (no name) - {B1548685-6664-47B2-B203-4DC3BC379A1B} - C:\WINDOWS\system32\awvvt.dll (file missing)

O2 - BHO: (no name) - {D60114AB-DD77-4BFD-BF2A-F65D9DAC241B} - C:\WINDOWS\system32\pmnlm.dll (file missing)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe

O4 - HKLM\..\Run: [setIcon] \Program Files\WDC\SetIcon.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\AVSystemCare\bm.exe" dm=http://avsystemcare.com ad=http://avsystemcare.com sd=http://ykeeper.avsystemcare.com

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet 4.11\PdaNet.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Handspring\Hotsync.exe

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Handspring\Hotsync.exe

O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A6EFF2AE-B682-461C-BA85-B076D944F8CB}: NameServer = 68.28.58.92 68.28.50.91

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe

O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: WLANKEEPER - Intel

Link to post
Share on other sites
jpshortstuff

jpshortstuff

Posted
Posted

Hi, and Welcome to Malware Bytes :)

My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

As I am still training, my posts to you will be checked by an Expert member. This will ensure that all advice and instructions I give you are accurate and safe. This may mean that my replies may take a little longer.

jpshortstuff

Link to post
Share on other sites
jpshortstuff

jpshortstuff

Posted
Posted

Hi

Sorry about the delays, I was unexpectedly away from home for 2 days, without internet access.

You need to disable TeaTimer, so that it doesn't interfere with our fix.

This is a two step process.

First step:

  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, click once on Resident Protection, then right-click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident

Second step, For both versions :

  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go to the bottom of the vertical panel on the left, click Tools
  • Then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.

Download ComboFix by sUBs from here or here

**Save it to your desktop**

Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please save that log to post in your next reply along with a fresh HJT log

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Thanks.

Link to post
Share on other sites
bucky

bucky

Posted
  • Author
Posted

ComboFix 08-02-21 - mERW 2008-02-20 23:56:45.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.151 [GMT -8:00]

Running from: C:\Documents and Settings\mERW\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\ComPlus Applications\save89104.dll

C:\Temp\1cb

C:\Temp\1cb\syscheck.log

C:\Temp\isgTi19

C:\Temp\isgTi19\lPig.log

C:\WINDOWS\system32\ac1

C:\WINDOWS\system32\ftdwhkdy.dll

C:\WINDOWS\system32\jjjlm.ini

C:\WINDOWS\system32\jjjlm.ini2

C:\WINDOWS\system32\mlnmp.ini

C:\WINDOWS\system32\mlnmp.ini2

C:\WINDOWS\system32\mngyttad.dll

C:\WINDOWS\system32\pac.txt

C:\WINDOWS\system32\rbcxxpqo.dll

C:\WINDOWS\system32\sefqdxwj.dll

C:\WINDOWS\system32\tvvwa.ini

C:\WINDOWS\system32\tvvwa.ini2

C:\WINDOWS\system32\waiqqykw.dll

C:\WINDOWS\system32\ybajwuko.dll

.

((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))

.

2008-02-18 00:57 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS

2008-02-17 23:54 . 2008-02-18 00:10 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-02-17 23:54 . 2008-02-18 00:10 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-02-17 23:54 . 2008-02-18 00:10 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-02-17 23:53 . 2008-02-18 01:37 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-02-17 21:47 . 2008-02-17 21:47 <DIR> d-------- C:\Documents and Settings\mERW\Application Data\Malwarebytes

2008-02-17 21:45 . 2008-02-18 01:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-02-17 21:45 . 2008-02-17 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-02-16 23:05 . 2008-02-16 23:05 294 --ahs---- C:\WINDOWS\system32\bgshnyjf.ini

2008-02-15 11:32 . 2008-02-15 11:32 294 --ahs---- C:\WINDOWS\system32\proqubcc.ini

2008-02-13 20:41 . 2008-02-17 20:46 <DIR> d-------- C:\Program Files\RogueRemover FREE

2008-02-13 20:23 . 2008-02-13 20:23 <DIR> d-------- C:\Program Files\Trend Micro

2008-02-12 20:23 . 2008-02-12 20:23 <DIR> d-------- C:\Program Files\Lavasoft

2008-02-12 20:22 . 2008-02-12 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-02-12 14:44 . 2008-02-18 01:27 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-02-12 14:44 . 2008-02-12 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-02-11 13:30 . 2008-02-11 13:30 <DIR> d--hs---- C:\AVSystemCare

2008-02-11 13:28 . 2008-02-11 13:28 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon

2008-02-11 13:25 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll

2008-02-11 13:20 . 2008-02-17 23:26 <DIR> d-------- C:\WINDOWS\system32\wd11

2008-02-11 13:20 . 2008-02-11 13:20 <DIR> d-------- C:\WINDOWS\system32\vb6

2008-02-11 13:20 . 2008-02-11 13:20 <DIR> d-------- C:\WINDOWS\system32\kp9

2008-02-11 13:20 . 2008-02-11 13:20 <DIR> d-------- C:\WINDOWS\system32\bk5

2008-02-11 13:19 . 2008-02-20 23:57 <DIR> d-------- C:\Temp

2008-02-07 17:15 . 2008-02-18 01:26 <DIR> d-------- C:\Program Files\PdaNet 4.11

2008-02-07 17:15 . 2008-02-07 17:15 <DIR> d-------- C:\Program Files\Common Files\JFTech

2008-02-07 17:15 . 2006-06-06 14:25 77,824 --a------ C:\WINDOWS\pnsock.dll

2008-02-06 21:50 . 2008-02-06 21:50 <DIR> d-------- C:\Program Files\Keyspan

2008-02-06 21:50 . 2003-06-24 20:30 727,908 --a------ C:\WINDOWS\system32\drivers\USA19H2k.sys

2008-02-06 21:50 . 2003-03-17 17:11 77,824 --a------ C:\WINDOWS\system32\USA19HPropPage.dll

2008-02-06 21:50 . 2003-03-17 17:16 49,152 --a------ C:\WINDOWS\system32\k19hinst.dll

2008-02-06 21:50 . 2003-06-24 20:21 44,928 --a------ C:\WINDOWS\system32\drivers\USA19H2kp.sys

2008-02-05 21:35 . 2008-02-05 21:35 <DIR> d-------- C:\Program Files\HOTLLAMA Media

2008-02-04 23:18 . 2008-02-04 23:18 <DIR> d-------- C:\Program Files\Alwil Software

2008-02-04 23:18 . 2007-12-04 05:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-02-04 23:18 . 2004-01-09 01:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-02-04 23:18 . 2007-12-04 04:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-02-04 23:18 . 2007-12-04 06:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-02-04 23:18 . 2007-12-04 06:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-02-04 23:18 . 2007-12-04 06:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-02-04 23:18 . 2007-12-04 06:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-02-04 23:18 . 2007-12-04 06:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-19 00:28 --------- d-----w C:\Program Files\Common Files\Adobe

2008-02-18 09:27 --------- d-----w C:\Program Files\WDC

2008-02-18 09:24 --------- d-----w C:\Program Files\iTunes

2008-02-18 09:22 --------- d-----w C:\Program Files\DellSupport

2008-02-18 09:20 --------- d-----w C:\Program Files\Apoint

2008-02-16 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink

2008-02-13 05:31 --------- d-----w C:\Program Files\Common Files\Sonic Shared

2008-02-13 05:24 --------- d-----w C:\Program Files\Dell

2008-02-13 05:12 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-13 05:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-02-13 05:11 --------- d-----w C:\Program Files\MySpace

2008-02-13 05:07 --------- d-----w C:\Program Files\TABERS

2008-02-13 05:07 --------- d-----w C:\Program Files\Series 1 Flash Utility

2008-02-13 05:07 --------- d-----w C:\Program Files\RN IV DRUGS

2008-02-13 05:07 --------- d-----w C:\Program Files\MOSBY RX

2008-02-13 05:07 --------- d-----w C:\Program Files\DRUG GUIDE

2008-02-13 05:07 --------- d-----w C:\Program Files\BroadJump

2008-02-13 04:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-02-08 22:27 --------- d-----w C:\Documents and Settings\mERW\Application Data\OpenOffice.org2

2008-02-05 19:41 --------- d-----w C:\Program Files\Symantec

2008-02-04 22:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell

2008-02-04 22:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-01-31 19:56 --------- d-----w C:\Documents and Settings\mERW\Application Data\RipIt4Me

2008-01-05 15:40 --------- d-----w C:\Program Files\Picasa2

2008-01-03 03:23 --------- d-----w C:\Program Files\DVD Decrypter

2007-12-23 08:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft

2007-12-23 08:48 --------- d-----w C:\Program Files\Dell Support Center

2007-12-23 08:48 --------- d-----w C:\Program Files\Common Files\supportsoft

2006-01-22 21:49 251 ----a-w C:\Program Files\wt3d.ini

2005-12-18 08:14 56 --sha-r C:\WINDOWS\system32\5A7F16DF57.sys

2005-12-18 08:14 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{197764E9-AC8E-4665-BAFC-A88F993D7831}]

C:\WINDOWS\system32\pmnnn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22C9777C-A7F5-4380-8020-F570BC4F0AFC}]

C:\WINDOWS\system32\mljjj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1548685-6664-47B2-B203-4DC3BC379A1B}]

C:\WINDOWS\system32\awvvt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D60114AB-DD77-4BFD-BF2A-F65D9DAC241B}]

C:\WINDOWS\system32\pmnlm.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Start WingMan Profiler"="" []

"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 12:01 67584]

"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 14:33 155648]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 21:09 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 21:06 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 21:10 114688]

"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 15:48 32881]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 12:59 385024]

"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-12-08 10:53 26112]

"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44 249856]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44 81920]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 11:58 278528]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-21 00:47 155648]

"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]

"WD Button Manager"="WDBtnMgr.exe" [2006-05-24 00:52 335872 C:\WINDOWS\system32\WDBtnMgr.exe]

"SetIcon"="\Program Files\WDC\SetIcon.exe" [2004-04-28 13:02 42496]

"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 03:52 380928]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00 79224]

"bm"="C:\Program Files\Common Files\AVSystemCare\bm.exe" [ ]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 13:18 443968]

C:\Documents and Settings\mERW\Start Menu\Programs\Startup\

PdaNet Desktop.lnk - C:\Program Files\PdaNet 4.11\PdaNet.exe [2008-02-07 17:15:47 185560]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

HotSync Manager.lnk - C:\Program Files\Handspring\Hotsync.exe [2004-06-09 14:16:08 471040]

HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Handspring\Hotsync.exe [2004-06-09 14:16:08 471040]

SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2006-06-21 16:36:34 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 14:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []

R3 pnetmdm;PdaNet Modem;C:\WINDOWS\system32\DRIVERS\pnetmdm.sys [2006-01-01 22:20]

S3 SeratoUsb;SeratoUsb driver;C:\WINDOWS\system32\Drivers\SeratoUsb.sys [2004-01-15 00:49]

S3 USA19H;USA19H;C:\WINDOWS\system32\DRIVERS\USA19H2k.sys [2003-06-24 20:30]

S3 USA19H2KP;Keyspan USB Serial Port Driver;C:\WINDOWS\system32\DRIVERS\USA19H2kp.SYS [2003-06-24 20:21]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

\Shell\AutoRun\command - E:\setup.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-21 00:03:53

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\WDC\SetIcon.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\PdaNet 4.11\PdaNetUm.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Dantz\Retrospect\retrorun.exe

C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

.

**************************************************************************

.

Completion time: 2008-02-21 0:08:14 - machine was rebooted

ComboFix-quarantined-files.txt 2008-02-21 08:08:08

.

2008-02-14 15:53:02 --- E O F ---

Link to post
Share on other sites
bucky

bucky

Posted
  • Author
Posted

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:09:25 AM, on 2/21/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\WINDOWS\system32\WDBtnMgr.exe

C:\Program Files\WDC\SetIcon.exe

C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\PdaNet 4.11\PdaNet.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\PdaNet 4.11\PdaNetUm.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Dantz\Retrospect\retrorun.exe

C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://updates.installshield.com/GetUpdate...01FD9FB500FDEAC

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: (no name) - {197764E9-AC8E-4665-BAFC-A88F993D7831} - C:\WINDOWS\system32\pmnnn.dll (file missing)

O2 - BHO: (no name) - {22C9777C-A7F5-4380-8020-F570BC4F0AFC} - C:\WINDOWS\system32\mljjj.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {B1548685-6664-47B2-B203-4DC3BC379A1B} - C:\WINDOWS\system32\awvvt.dll (file missing)

O2 - BHO: (no name) - {D60114AB-DD77-4BFD-BF2A-F65D9DAC241B} - C:\WINDOWS\system32\pmnlm.dll (file missing)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe

O4 - HKLM\..\Run: [setIcon] \Program Files\WDC\SetIcon.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\AVSystemCare\bm.exe" dm=http://avsystemcare.com ad=http://avsystemcare.com sd=http://ykeeper.avsystemcare.com

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet 4.11\PdaNet.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Handspring\Hotsync.exe

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Handspring\Hotsync.exe

O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe

O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: WLANKEEPER - Intel

Link to post
Share on other sites
jpshortstuff

jpshortstuff

Posted
Posted

Hi

Please click Start >> Control Panel >> Add or Remove Programs.

Find each of the below items on the list and click remove on each one.

Party Poker

Party Gaming

or any similar items.

Open HijackThis. Hit Do A System Scan Only. Place a check next to the following items (if present):

O2 - BHO: (no name) - {197764E9-AC8E-4665-BAFC-A88F993D7831} - C:\WINDOWS\system32\pmnnn.dll (file missing)

O2 - BHO: (no name) - {22C9777C-A7F5-4380-8020-F570BC4F0AFC} - C:\WINDOWS\system32\mljjj.dll (file missing)

O2 - BHO: (no name) - {B15485-6664-47B2-B203-4DC3BC379A1B} - C:\WINDOWS\system32\awvvt.dll (file missing)

O2 - BHO: (no name) - {D60114AB-DD77-4BFD-BF2A-F65D9DAC241B} - C:\WINDOWS\system32\pmnlm.dll (file missing)

O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\AVSystemCare\bm.exe" dm=http://avsystemcare.com ad=http://avsystemcare.com sd=http://ykeeper.avsystemcare.com

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

Close all browsers and windows except for HijackThis and click Fix Checked.

1. Please open Notepad

  • Click Start , then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::C:\WINDOWS\system32\bgshnyjf.iniC:\WINDOWS\system32\proqubcc.ini
Folder::C:\AVSystemCareC:\Program Files\Common Files\AVSystemCareC:\WINDOWS\system32\wd11C:\WINDOWS\system32\vb6C:\WINDOWS\system32\kp9C:\WINDOWS\system32\bk5C:\Program Files\PartyGaming
DirLook:C:\TempC:\Documents and Settings\All Users\Application Data\SalesMon

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

  • Combofix.txt
  • A new HijackThis log.

We need to upload a file to Jotti

1. Click HERE to get to Jotti's site.

2. At the top of the Jotti window, use the Browse button to locate the following file on your system:

C:\WINDOWS\pnsock.dll

3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.

4. Please provide me with the results of the analysis.

Please do an online scan with Kaspersky WebScanner

Follow this link in Internet Explorer (Note: You must use Internet explorer to use Kaspersky): Kaspersky WebScanner

You will be prompted to install an ActiveX component from Kaspersky,

Click Yes.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    o Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    o Scan Options:
    Scan Archives Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    o Now click on the Save as Text button:
  • Save the file to your desktop.

I need to see another log from HijackThis.

  • Run Hijackthis.
  • Click on Open the Misc Tools section.
  • Next click on Open uninstall manager.
  • Press the Save list button.
  • Save the file to your desktop, with the default name of uninstall_list
  • Copy & Paste the entire contents of that file in your in your next post.

Please post the results of the Kaspersky scan in your next reply, please describe how your computer is running and behaving at the moment, listing any remaining problems.

Thanks.

Link to post
Share on other sites
bucky

bucky

Posted
  • Author
Posted

Hi and sorry about the delay, I didn't have time to do all those things till today. My computer is behaving much better now. I don't get the out of the blue pop ups that I used to get. System still seems a little slow but it's not too big of a deal. Also, on the Party Poker programs, I previously uninstalled those quite some time ago but the files files were still in the Program files folder. It wasn't showing up on the Add/Remove programs, so I just deleted the whole folder related to Party Poker/ Party Games. I'll paste the logs below. Thanks again for the help.

ComboFix 08-02-21 - mERW 2008-02-23 2:35:34.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.228 [GMT -8:00]

Running from: C:\Documents and Settings\mERW\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\mERW\Desktop\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\WINDOWS\system32\bgshnyjf.ini

C:\WINDOWS\system32\proqubcc.ini

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\AVSystemCare

C:\WINDOWS\system32\bgshnyjf.ini

C:\WINDOWS\system32\bk5

C:\WINDOWS\system32\kp9

C:\WINDOWS\system32\kp9\liopud89104.exe

C:\WINDOWS\system32\proqubcc.ini

C:\WINDOWS\system32\vb6

C:\WINDOWS\system32\vb6\dromdrv3.exe

C:\WINDOWS\system32\wd11

.

((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))

.

2008-02-18 00:57 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS

2008-02-17 23:54 . 2008-02-18 00:10 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-02-17 23:54 . 2008-02-18 00:10 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-02-17 23:54 . 2008-02-18 00:10 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-02-17 23:53 . 2008-02-18 01:37 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-02-17 21:47 . 2008-02-17 21:47 <DIR> d-------- C:\Documents and Settings\mERW\Application Data\Malwarebytes

2008-02-17 21:45 . 2008-02-18 01:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-02-17 21:45 . 2008-02-17 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-02-13 20:41 . 2008-02-17 20:46 <DIR> d-------- C:\Program Files\RogueRemover FREE

2008-02-13 20:23 . 2008-02-13 20:23 <DIR> d-------- C:\Program Files\Trend Micro

2008-02-12 20:23 . 2008-02-12 20:23 <DIR> d-------- C:\Program Files\Lavasoft

2008-02-12 20:22 . 2008-02-12 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-02-12 14:44 . 2008-02-18 01:27 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-02-12 14:44 . 2008-02-12 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-02-11 13:28 . 2008-02-11 13:28 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon

2008-02-11 13:25 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll

2008-02-11 13:19 . 2008-02-20 23:57 <DIR> d-------- C:\Temp

2008-02-07 17:15 . 2008-02-18 01:26 <DIR> d-------- C:\Program Files\PdaNet 4.11

2008-02-07 17:15 . 2008-02-07 17:15 <DIR> d-------- C:\Program Files\Common Files\JFTech

2008-02-07 17:15 . 2006-06-06 14:25 77,824 --a------ C:\WINDOWS\pnsock.dll

2008-02-06 21:50 . 2008-02-06 21:50 <DIR> d-------- C:\Program Files\Keyspan

2008-02-06 21:50 . 2003-06-24 20:30 727,908 --a------ C:\WINDOWS\system32\drivers\USA19H2k.sys

2008-02-06 21:50 . 2003-03-17 17:11 77,824 --a------ C:\WINDOWS\system32\USA19HPropPage.dll

2008-02-06 21:50 . 2003-03-17 17:16 49,152 --a------ C:\WINDOWS\system32\k19hinst.dll

2008-02-06 21:50 . 2003-06-24 20:21 44,928 --a------ C:\WINDOWS\system32\drivers\USA19H2kp.sys

2008-02-05 21:35 . 2008-02-05 21:35 <DIR> d-------- C:\Program Files\HOTLLAMA Media

2008-02-04 23:18 . 2008-02-04 23:18 <DIR> d-------- C:\Program Files\Alwil Software

2008-02-04 23:18 . 2007-12-04 05:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-02-04 23:18 . 2004-01-09 01:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-02-04 23:18 . 2007-12-04 04:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-02-04 23:18 . 2007-12-04 06:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-02-04 23:18 . 2007-12-04 06:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-02-04 23:18 . 2007-12-04 06:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-02-04 23:18 . 2007-12-04 06:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-02-04 23:18 . 2007-12-04 06:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-23 06:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink

2008-02-19 00:28 --------- d-----w C:\Program Files\Common Files\Adobe

2008-02-18 09:27 --------- d-----w C:\Program Files\WDC

2008-02-18 09:24 --------- d-----w C:\Program Files\iTunes

2008-02-18 09:22 --------- d-----w C:\Program Files\DellSupport

2008-02-18 09:20 --------- d-----w C:\Program Files\Apoint

2008-02-13 05:31 --------- d-----w C:\Program Files\Common Files\Sonic Shared

2008-02-13 05:24 --------- d-----w C:\Program Files\Dell

2008-02-13 05:12 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-13 05:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-02-13 05:11 --------- d-----w C:\Program Files\MySpace

2008-02-13 05:07 --------- d-----w C:\Program Files\TABERS

2008-02-13 05:07 --------- d-----w C:\Program Files\Series 1 Flash Utility

2008-02-13 05:07 --------- d-----w C:\Program Files\RN IV DRUGS

2008-02-13 05:07 --------- d-----w C:\Program Files\MOSBY RX

2008-02-13 05:07 --------- d-----w C:\Program Files\DRUG GUIDE

2008-02-13 05:07 --------- d-----w C:\Program Files\BroadJump

2008-02-13 04:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-02-08 22:27 --------- d-----w C:\Documents and Settings\mERW\Application Data\OpenOffice.org2

2008-02-05 19:41 --------- d-----w C:\Program Files\Symantec

2008-02-04 22:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell

2008-02-04 22:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-01-31 19:56 --------- d-----w C:\Documents and Settings\mERW\Application Data\RipIt4Me

2008-01-05 15:40 --------- d-----w C:\Program Files\Picasa2

2008-01-03 03:23 --------- d-----w C:\Program Files\DVD Decrypter

2007-12-23 08:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft

2007-12-23 08:48 --------- d-----w C:\Program Files\Dell Support Center

2007-12-23 08:48 --------- d-----w C:\Program Files\Common Files\supportsoft

2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys

2007-12-14 19:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2007-12-06 10:05 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe

2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll

2006-01-22 21:49 251 ----a-w C:\Program Files\wt3d.ini

2005-12-18 08:14 56 --sha-r C:\WINDOWS\system32\5A7F16DF57.sys

2005-12-18 08:14 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of C:\Documents and Settings\All Users\Application Data\SalesMon ----

---- Directory of C:\Temp ----

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Start WingMan Profiler"="" []

"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 12:01 67584]

"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 14:33 155648]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 21:09 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 21:06 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 21:10 114688]

"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 15:48 32881]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 12:59 385024]

"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-12-08 10:53 26112]

"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44 249856]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44 81920]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 11:58 278528]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-21 00:47 155648]

"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]

"WD Button Manager"="WDBtnMgr.exe" [2006-05-24 00:52 335872 C:\WINDOWS\system32\WDBtnMgr.exe]

"SetIcon"="\Program Files\WDC\SetIcon.exe" [2004-04-28 13:02 42496]

"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 03:52 380928]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00 79224]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 13:18 443968]

C:\Documents and Settings\mERW\Start Menu\Programs\Startup\

PdaNet Desktop.lnk - C:\Program Files\PdaNet 4.11\PdaNet.exe [2008-02-07 17:15:47 185560]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

HotSync Manager.lnk - C:\Program Files\Handspring\Hotsync.exe [2004-06-09 14:16:08 471040]

HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Handspring\Hotsync.exe [2004-06-09 14:16:08 471040]

SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2006-06-21 16:36:34 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 14:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []

R3 pnetmdm;PdaNet Modem;C:\WINDOWS\system32\DRIVERS\pnetmdm.sys [2006-01-01 22:20]

S3 SeratoUsb;SeratoUsb driver;C:\WINDOWS\system32\Drivers\SeratoUsb.sys [2004-01-15 00:49]

S3 USA19H;USA19H;C:\WINDOWS\system32\DRIVERS\USA19H2k.sys [2003-06-24 20:30]

S3 USA19H2KP;Keyspan USB Serial Port Driver;C:\WINDOWS\system32\DRIVERS\USA19H2kp.SYS [2003-06-24 20:21]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

\Shell\AutoRun\command - E:\setup.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-23 02:38:22

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-02-23 2:39:13

ComboFix-quarantined-files.txt 2008-02-23 10:38:59

ComboFix2.txt 2008-02-21 08:08:14

.

2008-02-14 15:53:02 --- E O F ---

Link to post
Share on other sites
bucky

bucky

Posted
  • Author
Posted

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:21:40 PM, on 2/26/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Dantz\Retrospect\retrorun.exe

C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\WINDOWS\system32\WDBtnMgr.exe

C:\Program Files\WDC\SetIcon.exe

C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\PdaNet 4.11\PdaNet.exe

C:\Program Files\PdaNet 4.11\PdaNetUm.exe

C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe

C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://updates.installshield.com/GetUpdate...01FD9FB500FDEAC

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe

O4 - HKLM\..\Run: [setIcon] \Program Files\WDC\SetIcon.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet 4.11\PdaNet.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Handspring\Hotsync.exe

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Handspring\Hotsync.exe

O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe

O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: WLANKEEPER - Intel

Link to post
Share on other sites
bucky

bucky

Posted
  • Author
Posted

The file C:\WINDOWS\pnsock.dll on Jotti said that no problems were found.

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Tuesday, February 26, 2008 2:11:48 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 26/02/2008

Kaspersky Anti-Virus database records: 581962

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

Scan Target - My Computer:

C:\

D:\

E:\

F:\

Scan Statistics:

Total number of scanned objects: 54343

Number of viruses found: 6

Number of infected objects: 32

Number of suspicious objects: 0

Duration of the scan process: 00:59:24

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped

C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\mERW\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped

C:\Documents and Settings\mERW\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped

C:\Documents and Settings\mERW\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped

C:\Documents and Settings\mERW\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped

C:\Documents and Settings\mERW\Application Data\Mozilla\Firefox\Profiles\49lsmjh5.default\cert8.db Object is locked skipped

C:\Documents and Settings\mERW\Application Data\Mozilla\Firefox\Profiles\49lsmjh5.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\mERW\Application Data\Mozilla\Firefox\Profiles\49lsmjh5.default\history.dat Object is locked skipped

C:\Documents and Settings\mERW\Application Data\Mozilla\Firefox\Profiles\49lsmjh5.default\key3.db Object is locked skipped

C:\Documents and Settings\mERW\Application Data\Mozilla\Firefox\Profiles\49lsmjh5.default\parent.lock Object is locked skipped

C:\Documents and Settings\mERW\Application Data\Mozilla\Firefox\Profiles\49lsmjh5.default\search.sqlite Object is locked skipped

C:\Documents and Settings\mERW\Application Data\Mozilla\Firefox\Profiles\49lsmjh5.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\mERW\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\mERW\Desktop\Slow_Motion_192kb.mp3.part Object is locked skipped

C:\Documents and Settings\mERW\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\mERW\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\mERW\Local Settings\Application Data\Mozilla\Firefox\Profiles\49lsmjh5.default\Cache\850FA2B7d01 Object is locked skipped

C:\Documents and Settings\mERW\Local Settings\Application Data\Mozilla\Firefox\Profiles\49lsmjh5.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\mERW\Local Settings\Application Data\Mozilla\Firefox\Profiles\49lsmjh5.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\mERW\Local Settings\Application Data\Mozilla\Firefox\Profiles\49lsmjh5.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\mERW\Local Settings\Application Data\Mozilla\Firefox\Profiles\49lsmjh5.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\mERW\Local Settings\Application Data\SupportSoft\DellSupportCenter\mERW\state\logs\sprtcmd.log Object is locked skipped

C:\Documents and Settings\mERW\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\mERW\Local Settings\History\History.IE5\MSHist012008022620080227\index.dat Object is locked skipped

C:\Documents and Settings\mERW\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\mERW\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\mERW\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

C:\Program Files\SBC Self Support Tool\log\mpbtn.log Object is locked skipped

C:\Program Files\SBC Self Support Tool\SmartBridge\AlertFilter.log Object is locked skipped

C:\Program Files\SBC Self Support Tool\SmartBridge\log\httpclient.log Object is locked skipped

C:\Program Files\SBC Self Support Tool\SmartBridge\SmartBridge.log Object is locked skipped

C:\QooBox\Quarantine\C\Program Files\ComPlus Applications\save89104.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.d skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\ftdwhkdy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\kp9\liopud89104.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.d skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\kp9\liopud89104.exe.vir NSIS: infected - 1 skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\mngyttad.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\rbcxxpqo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\sefqdxwj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\vb6\dromdrv3.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.co skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\waiqqykw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\ybajwuko.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP591\A0048213.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.imh skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP592\A0049214.dll Infected: not-a-virus:AdWare.Win32.Agent.acn skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP592\A0049218.dll Infected: not-a-virus:AdWare.Win32.Agent.acn skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP607\A0049836.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP608\A0049886.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.imh skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP608\A0050836.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP608\A0050853.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP608\A0050855.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP608\A0050857.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP608\A0050860.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP608\A0050863.exe Infected: Trojan-Downloader.Win32.VB.cgu skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP608\A0050865.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP612\A0051063.dll Infected: not-a-virus:AdWare.Win32.TTC.d skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP612\A0051064.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP612\A0051065.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP612\A0051066.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP612\A0051067.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP612\A0051068.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP612\A0051069.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP614\A0051212.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.d skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP614\A0051212.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP614\A0051213.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP616\change.log Object is locked skipped

C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{E6F9DF31-7524-4DF7-BD82-D25AED7FB87D}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_150.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

:):):)

UNINSTALL LIST

Ad-Aware 2007

Adobe Flash Player ActiveX

Adobe Flash Player Plugin

Adobe Reader 8.1.2

ALPS Touch Pad Driver

AOLIcon

avast! Antivirus

BAPRINT

Broadcom Management Programs 2

Canon MP Drivers 6.0

Canon MP Navigator 1.0

Canon ScanGear Starter

Canon Utilities Easy-PhotoPrint

Citi Virtual Account Numbers

Conexant D110 MDC V.9x Modem

CP210x USB to UART Bridge Controller

Dell Driver Reset Tool

Dell Support Center

DellSupport

Digital Content Portal

DVD Decrypter (Remove Only)

DVD Shrink 3.2

Easy-WebPrint

eMule

HijackThis 2.0.2

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows XP (KB888795)

Hotfix for Windows XP (KB891593)

Hotfix for Windows XP (KB895961)

Hotfix for Windows XP (KB899337)

Hotfix for Windows XP (KB899510)

Hotfix for Windows XP (KB902841)

Intel® Graphics Media Accelerator Driver for Mobile

Intel® PROSet/Wireless Software

Internal Network Card Power Management

Internet Explorer Default Page

iPod for Windows 2006-01-10

iPod Updater 2004-11-15

iTunes

Java 2 Runtime Environment, SE v1.4.2_03

Kaspersky Online Scanner

Keyspan USB Serial Adapter

Learn2 Player (Uninstall Only)

LiveWireUpdater

Macromedia Flash Player

Malwarebytes' Anti-Malware

mCore

mDrWiFi

mHlpDell

Microsoft .NET Framework 1.0 Hotfix (KB887998)

Microsoft .NET Framework 1.0 Hotfix (KB930494)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 1

Microsoft Office PowerPoint Viewer 2003

mIWA

mIWCA

MixMeister BPM Analyzer 1.0

mLogView

mMHouse

Modem Helper

Mozilla Firefox (2.0.0.12)

mPfMgr

mPfWiz

mProSafe

mSSO

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

mToolkit

mWlsSafe

mXML

mZConfig

Nero 6 Ultra Edition

OmniPage SE 2.0

OpenOffice.org 2.0

Palm

Panda ActiveScan

PdaNet 4.11 for Treo 700p/755p/Centro

Picasa 2

PowerDVD

Presto! PageManager 6.03

QuickTime

RealPlayer Basic

Retrospect 6.5

SBC Self Support Tool

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893066)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928090)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB929969)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931768)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933566)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB937143)

Security Update for Windows XP (KB937894)

Security Update for Windows XP (KB938127)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB939653)

Security Update for Windows XP (KB941202)

Security Update for Windows XP (KB941568)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB941644)

Security Update for Windows XP (KB942615)

Security Update for Windows XP (KB943055)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB943485)

Security Update for Windows XP (KB944533)

Security Update for Windows XP (KB944653)

Security Update for Windows XP (KB946026)

Serato Scratch LIVE by Rane

Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP

Sonic Encoders

Spybot - Search & Destroy

Update for Windows Media Player 10 (KB910393)

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB929338)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB933360)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Update for Windows XP (KB942763)

Update for Windows XP (KB942840)

Update for Windows XP (KB946627)

Update Rollup 2 for Windows XP Media Center Edition 2005

Viewpoint Media Player

WD Diagnostics

WD Media Center Driver

Windows Installer 3.1 (KB893803)

Windows Media Format Runtime

Windows Media Player 10

Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890927

Windows XP Media Center Edition 2005 KB908246

Windows XP Media Center Edition 2005 KB908250

WingMan Software

WinRAR archiver

Yahoo! Install Manager

Yahoo! Messenger

Link to post
Share on other sites
jpshortstuff

jpshortstuff

Posted
Posted

Hi

Please do this:

  • Copy the contents of the Code Box below to Notepad.
  • Name the file as fix.reg
  • Change the Save as Type to All Files
  • and Save it on the desktop
REGEDIT4
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

Make sure there are NO blank lines before REGEDIT4

Then double-click on the fix.reg file, and when it prompts to merge say yes.

Viewpoint Media Player is often installed without the users permission. If you didn't install it, or if you did but you no longer use it, I recommend you get rid of it.

Please click Start >> Control Panel >> Add or Remove Programs.

Find the item below on the list and click Remove.

Viewpoint Media Player

Let me know how it goes.

You don't appear to be running any third party Firewall software.

Install a firewall! Without a firewall you are very susceptible to being hacked, and people could gain access to your computer. If you don't have a firewall I strongly recommend you download ONE of the following:

1) Comodo

2) Agnitum

3) Sunbelt/Kerio

Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 6 Update 4.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 4, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop.
  • Close any programs you may have running - especially any web browsers.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u4-windowsi586.exe to install the newest version.

Please reboot your computer and post a fresh HijackThis log, and describe how your computer is running now.

Thanks.

Link to post
Share on other sites
bucky

bucky

Posted
  • Author
Posted

Hi again. I removed the Viewpoint software, no problems with the removal. I also installed Comodo firewall and everything seems good with that. I kind of installed JSE in a different order than you posted, installed the 6 update 4 before deleting the previous JSE. I suppose the JSE 6 update 4 will run on it's own, right? A new hijackthis log is below. Thanks.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:41:23 AM, on 2/27/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Dantz\Retrospect\retrorun.exe

C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\WINDOWS\system32\WDBtnMgr.exe

C:\Program Files\WDC\SetIcon.exe

C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

C:\Program Files\Comodo\Firewall\CPF.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\PdaNet 4.11\PdaNet.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\PdaNet 4.11\PdaNetUm.exe

C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://updates.installshield.com/GetUpdate...01FD9FB500FDEAC

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local

O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe

O4 - HKLM\..\Run: [setIcon] \Program Files\WDC\SetIcon.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet 4.11\PdaNet.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Handspring\Hotsync.exe

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Handspring\Hotsync.exe

O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe

O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: WLANKEEPER - Intel

Link to post
Share on other sites
jpshortstuff

jpshortstuff

Posted
Posted

Hi

As for your computer's slowness, there are a few programs that you have running upon startup, meaning longer times to load Windows and also some unnecessary programs slowing down your computer. We can stop this with HijackThis, so here are a list of lines in HijackThis that you can fix if you are happy to stop its corresponding program from running automatically (You can still start the program yourself when you need it). It is entirely up to you which (if any) of these items you 'fix'. I have tried to provide some information for you to decide which you want to disable.

OpwareSE2

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

WD Button Manager

O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe

Adobe Reader Speed Launcher

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

Citi Virtual Account Numbers

O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards

QuickTime

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

Picasa Media Detector

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

If want to stop any of these programs from running on startup, simple open HijackThis, place a checkmark next to the corresponding entry that I have listed, and then click "Fix Checked".

If you are still experiencing a slow computer, take at this article:

Help, My Computer is Slow!

By expert Miekemoes

Any other problems?

Link to post
Share on other sites
JeanInMontana

JeanInMontana

Posted
Posted

Since it has been 5 days with no reply to this topic I will close it to prevent others from posting into it. Many thanks to JPS, your help is greatly appreciated.

Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.