Jump to content

Recommended Posts

My son's and now my computer have both come down with the Antivirus 2009 virus.

Malwarebytes can detect problems and clean them and reports everything OK, but then just seconds later it will be right back. If I rescan right away, it will usually find only one or two issues (fovuwiyidu (Trojan.Agent) reappears everytime). But if I wait a while, then 10-30 issues will come up. At somepoint the popups for Antivirus 2009 will reappear and make me sad.

I have used SpyBots, Panda, Malwarebytes and others to similar results. They detect, they clean, but it reappears. So obviously I am not getting to the root of the problem.

If the Tea program is active, then a fovuwiyidu registry entry change will get requested over and over and over, about once every 2 seconds.

Here is the malwarebytes log file...followed by Panda...followed by HiJack this. It would be great if someone could help get to the bottom of this.

Malwarebytes' Anti-Malware 1.30

Database version: 1437

Windows 5.1.2600 Service Pack 3

11/30/2008 10:13:10 PM

mbam-log-2008-11-30 (22-13-10).txt

Scan type: Quick Scan

Objects scanned: 58721

Time elapsed: 6 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fovuwiyidu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

+++++++++++++++++++++++++++++++++++++++++++++Panda file+++++++++++++++++++++++++++++++++

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-11-30 23:02:31

PROTECTIONS: 1

MALWARE: 7

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Trend Micro PC-Cillin Internet Security 12 12.7 No Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes Yes C:\Documents and Settings\John\Cookies\john@atdmt[2].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes Yes C:\Documents and Settings\John\Cookies\john@mediaplex[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes Yes C:\Documents and Settings\John\Cookies\john@ad.yieldmanager[1].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes Yes C:\Documents and Settings\John\Cookies\john@apmebf[1].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes Yes C:\Documents and Settings\John\Cookies\john@statse.webtrendslive[1].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes Yes C:\Documents and Settings\John\Cookies\john@adrevolver[2].txt

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location *

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description *

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

++++++++++++++++++++HiJack file+++++++++++++++++++++++++++++++++++++++++++

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:06:29 PM, on 11/30/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Creative\Mixer\CTSVolFE.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Kodak\printer\center\KodakSvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe

C:\WINDOWS\system32\fxssvc.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Spybot - Search & Destroy\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2060909

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2060909

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll (file missing)

O2 - BHO: (no name) - {df3ef803-84a9-435c-9e21-501c83613314} - C:\WINDOWS\system32\lopuheso.dll (file missing)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [fovuwiyidu] Rundll32.exe "C:\WINDOWS\system32\majiriho.dll",s

O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe

O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\John\Application Data\Twain\Twain.exe

O4 - HKUS\S-1-5-19\..\Run: [fovuwiyidu] Rundll32.exe "C:\WINDOWS\system32\majiriho.dll",s (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [fovuwiyidu] Rundll32.exe "C:\WINDOWS\system32\majiriho.dll",s (User 'NETWORK SERVICE')

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1A0DC5DA-3FC4-417D-8499-15A3D467DB3D} (SKWRDlg Control) - http://www.elanguage.cn/episode02cut/SKWRDlg.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.5.cab

O16 - DPF: {7ED4CA4F-9FE2-4C6D-BA56-55247415C3BA} (TDocx Control) - http://www.elanguage.cn/episode02cut/tdocx.cab

O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_...loadControl.cab

O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\yefanopa.dll c:\windows\system32\zobumava.dll

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

O23 - Service: Zetera - Zetera Corporation - C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe

--

End of file - 15285 bytes

Link to post
Share on other sites

Hi, and Welcome to MalwareBytes :huh:

My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Thanks for taking a look.

I disabled Trend Micro antivirus successfully. I believe it re-activated itself after the ComboFix Reboot.

I downloaded and ran ATF Cleaner. Seemed successful.

I searched for old versions of ComboFix and didn't find any, so I downloaded to desktop and ran it. Also seemed successful (although I almost panicked near the end and killed it (but didn't) because it took a long time after reboot when the command window said it was making a log file and I thought it was hung. I guess it was doing more than just making a log, and it did complete sucessfully.)

Then I ran Hijack to get the scan logfile, then went to tools and got the uninstall list.

Below are 3 log files. ComboFix log, HiJack scan log, Hijack Uninstal List.

I await further instructions...

Thanks,

John

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

ComboFix 08-11-30.02 - John 2008-12-01 10:17:58.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1377 [GMT -5:00]

Running from: c:\documents and settings\John\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\John\Local Settings\Temporary Internet Files\bestwiner.stt

c:\documents and settings\John\Local Settings\Temporary Internet Files\fbk.sts

c:\windows\Downloaded Program Files\setup.inf

c:\windows\IE4 Error Log.txt

c:\windows\system32\yefanopa.dll

.

((((((((((((((((((((((((( Files Created from 2008-11-01 to 2008-12-01 )))))))))))))))))))))))))))))))

.

2008-11-30 13:56 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2008-11-30 13:55 . 2008-11-30 13:55 <DIR> d-------- c:\program files\Panda Security

2008-11-28 22:39 . 2008-11-28 22:43 2,973 --a------ c:\windows\system32\spupdsvc.inf

2008-11-28 22:26 . 2008-11-28 22:26 <DIR> d-------- c:\windows\system32\scripting

2008-11-28 22:26 . 2008-11-28 22:26 <DIR> d-------- c:\windows\system32\en

2008-11-28 22:26 . 2008-11-28 22:26 <DIR> d-------- c:\windows\system32\bits

2008-11-28 22:26 . 2008-11-28 22:26 <DIR> d-------- c:\windows\l2schemas

2008-11-28 22:22 . 2008-11-28 22:22 <DIR> d-------- c:\windows\ServicePackFiles

2008-11-27 19:46 . 2008-11-30 21:04 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-11-27 19:46 . 2008-11-27 19:46 <DIR> d-------- c:\documents and settings\John\Application Data\Malwarebytes

2008-11-27 19:46 . 2008-11-27 19:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-11-27 19:46 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-27 19:46 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-26 22:32 . 2008-12-01 10:02 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2008-11-26 22:32 . 2008-11-30 12:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-11-26 11:53 . 2008-11-26 22:37 <DIR> d-------- c:\documents and settings\John\Application Data\Twain

2008-11-25 00:17 . 2008-11-25 00:17 <DIR> d-------- c:\windows\system32\vba

2008-11-25 00:17 . 2008-11-27 22:58 <DIR> d-------- c:\windows\system32\PIX

2008-11-25 00:17 . 2008-11-25 00:17 <DIR> d-------- c:\windows\system32\mp2

2008-11-25 00:17 . 2008-11-26 09:15 <DIR> d-------- c:\windows\system32\IO2

2008-11-25 00:17 . 2008-11-25 00:17 <DIR> d-------- c:\windows\system32\FND

2008-11-25 00:17 . 2008-11-25 00:17 29,184 --a------ c:\windows\system32\MSINET.oca

2008-11-25 00:17 . 2008-11-25 00:17 2,407 --a------ c:\windows\system32\MSINET.DEP

2008-11-21 22:45 . 2008-11-21 22:45 410,976 --a------ c:\windows\system32\deploytk.dll

2008-11-21 20:28 . 2008-11-21 20:28 <DIR> d-------- c:\documents and settings\John\eclipse

2008-11-18 11:27 . 2008-11-18 11:27 <DIR> d-------- c:\program files\iPod

2008-11-18 11:27 . 2008-11-18 11:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-11-11 23:25 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-01 01:24 --------- d-----w c:\program files\CEIVA Sender

2008-11-30 03:15 --------- d-----w c:\program files\Common Files\AVSMedia

2008-11-30 01:36 --------- d--h--w c:\program files\InstallShield Installation Information

2008-11-30 01:27 --------- d-----w c:\program files\Java

2008-11-30 01:18 --------- d-----w c:\program files\Google

2008-11-30 01:16 --------- d-----w c:\program files\Audacity 1.3 Beta (Unicode)

2008-11-26 02:17 --------- d-----w c:\program files\Trend Micro

2008-11-25 05:11 --------- d-----w c:\program files\Dell

2008-11-25 05:08 --------- d-----w c:\documents and settings\All Users\Application Data\GTek

2008-11-22 04:20 --------- d-----w c:\program files\WildTangent

2008-11-22 04:14 --------- d-----w c:\program files\MUSICMATCH

2008-11-22 04:10 --------- d-----w c:\program files\emachineshop

2008-11-22 03:59 --------- d-----w c:\program files\canon

2008-11-22 03:56 --------- d-----w c:\documents and settings\John\Application Data\Canon

2008-11-18 16:27 --------- d-----w c:\program files\itunes

2008-11-18 16:24 --------- d-----w c:\program files\QuickTime

2008-11-18 16:24 --------- d-----w c:\program files\Common Files\Apple

2008-11-18 16:15 --------- d-----w c:\program files\Bonjour

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-19 20:56 --------- d-----w c:\program files\PerfectPoolandSpa.com!

2006-09-19 15:20 8 --sh--r c:\windows\system32\100D13E0A5.sys

2006-09-24 19:12 2,828 --sha-w c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-11 68856]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]

"Google Update"="c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-12 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]

"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]

"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]

"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-01-30 438272]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-05 185896]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-02-15 1052672]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-09-09 24576]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-11-30 282624]

Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= vdrcodec.dll

"VIDC.MJPG"= Pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=

"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=

"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=

"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\itunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-30 28544]

R0 ZetSFD;ZetSFD;c:\windows\system32\DRIVERS\ZetSFD.sys [2007-09-17 12032]

R2 KodakSvc;Kodak AiO Device Service;"c:\program files\Kodak\printer\center\KodakSvc.exe" [2008-02-28 18944]

R2 SFSZ;DataPlow SFS for Zetera Storage Devices;c:\windows\system32\drivers\sfsz.sys [2007-09-17 356224]

R2 WDBtnMgrSvc.exe;WD Drive Manager Service;"c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe" [2008-01-30 106496]

R2 Zetera;Zetera;c:\program files\NETGEAR\SC101 Manager Utility\ZeteraService.exe [2007-09-17 69632]

R3 ZetBus;Zetera Virtual Bus;c:\windows\system32\DRIVERS\ZetBus.sys [2007-09-17 14080]

S3 ZetMPD;ZetMPD;c:\windows\system32\DRIVERS\ZetMPD.sys [2007-09-17 4608]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

\Shell\AutoRun\command - E:\setup.exe

.

Contents of the 'Scheduled Tasks' folder

2008-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-01 c:\windows\Tasks\GoogleUpdateTaskUser.job

- c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-12 14:15]

2008-11-30 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job

- c:\program files\Kodak\Printer\Center\Kodak.Statistics.exe [2008-02-28 16:57]

.

- - - - ORPHANS REMOVED - - - -

BHO-{df3ef803-84a9-435c-9e21-501c83613314} - c:\windows\system32\lopuheso.dll

HKCU-Run-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

HKLM-Run-fovuwiyidu - c:\windows\system32\majiriho.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\SKWRDlg.lic - c:\windows\Downloaded Program Files\InitDat

c:\windows\Downloaded Program Files\SKWRDlg.ocx

O16 -: {1A0DC5DA-3FC4-417D-8499-15A3D467DB3D}

hxxp://www.elanguage.cn/episode02cut/SKWRDlg.cab

c:\windows\Downloaded Program Files\SKWRDlg.inf

c:\windows\Downloaded Program Files\CONFLICT.1\Manager.exe - c:\windows\Downloaded Program Files\CONFLICT.1\DownloadManagerV2.ocx

O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}

hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab

c:\windows\Downloaded Program Files\CONFLICT.1\DownloadManagerV2.inf

c:\windows\system32\msvcrt.dll - c:\windows\system32\mfc42.dll

c:\windows\Downloaded Program Files\TDocx.lic

c:\windows\Downloaded Program Files\HZRecog.dat

c:\windows\Downloaded Program Files\HZRecog.dll

c:\windows\Downloaded Program Files\tdocx.ocx

O16 -: {7ED4CA4F-9FE2-4C6D-BA56-55247415C3BA}

hxxp://www.elanguage.cn/episode02cut/tdocx.cab

c:\windows\Downloaded Program Files\tdocx.inf

c:\windows\Downloaded Program Files\CONFLICT.1\YYGInstantPlay.ocx - O16 -: {C49134CC-B5EF-458C-A442-E8DFE7B4645F}

hxxp://www.yoyogames.com/downloads/activex/YoYo.cab

c:\windows\Downloaded Program Files\CONFLICT.1\YYGInstantPlay.inf

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-01 10:20:38

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)

c:\windows\System32\BCMLogon.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\WLTRYSVC.EXE

c:\windows\system32\BCMWLTRY.EXE

c:\windows\system32\igfxsrvc.exe

c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

c:\program files\Dell\QuickSet\NicConfigSvc.exe

c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe

c:\windows\system32\fxssvc.exe

c:\windows\ehome\mcrdsvc.exe

c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

c:\windows\system32\dllhost.exe

c:\windows\ehome\ehmsas.exe

c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe

.

**************************************************************************

.

Completion time: 2008-12-01 10:32:49 - machine was rebooted

ComboFix-quarantined-files.txt 2008-12-01 15:32:45

Pre-Run: 5,361,147,904 bytes free

Post-Run: 5,398,441,984 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

257 --- E O F --- 2008-11-29 03:43:59

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:45:14 AM, on 12/1/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Creative\Mixer\CTSVolFE.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Kodak\printer\center\KodakSvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe

C:\WINDOWS\system32\fxssvc.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Spybot - Search & Destroy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2060909

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll (file missing)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1A0DC5DA-3FC4-417D-8499-15A3D467DB3D} (SKWRDlg Control) - http://www.elanguage.cn/episode02cut/SKWRDlg.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.5.cab

O16 - DPF: {7ED4CA4F-9FE2-4C6D-BA56-55247415C3BA} (TDocx Control) - http://www.elanguage.cn/episode02cut/tdocx.cab

O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_...loadControl.cab

O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

O23 - Service: Zetera - Zetera Corporation - C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe

--

End of file - 13873 bytes

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Uninstall List from HiJack

Ad-Aware SE Personal

Add or Remove Adobe Creative Suite 3 Design Premium

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe BridgeTalk Plugin CS3

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Creative Suite 3 Design Premium

Adobe Default Language CS3

Adobe Device Central CS3

Adobe Dreamweaver CS3

Adobe ExtendScript Toolkit 2

Adobe ExtendScript Toolkit 2

Adobe Extension Manager CS3

Adobe Flash CS3

Adobe Flash Player 10 ActiveX

Adobe Flash Player Plugin

Adobe Flash Video Encoder

Adobe Fonts All

Adobe Help Center 2.0

Adobe Help Viewer CS3

Adobe Illustrator CS3

Adobe InDesign CS3

Adobe InDesign CS3 Icon Handler

Adobe Linguistics CS3

Adobe MotionPicture Color Files

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Photoshop Elements 4.0

Adobe Premiere Pro CS3

Adobe Premiere Pro CS3

Adobe Premiere Pro CS3 Functional Content

Adobe Setup

Adobe Setup

Adobe Setup

Adobe Setup

Adobe Shockwave Player

Adobe SING CS3

Adobe Stock Photos CS3

Adobe SVG Viewer 3.0

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe Version Cue CS3 Server {ko_KR}

Adobe WAS CS3

Adobe WinSoft Linguistics Plugin

Adobe XMP DVA Panels CS3

Adobe XMP Panels CS3

AHV content for Acrobat and Flash

aiofw

aioocr

aioprnt

aioscnnr

AOLIcon

Apple Mobile Device Support

Apple Software Update

AVRStudio4

AZTEC

Banctec Service Agreement

BASIC Stamp Editor v2.3.3

BIAS SoundSoap PE 2.1

Bonjour

Broadcom Management Programs

CCScore

CEIVA Sender

center

Compatibility Pack for the 2007 Office system

Conexant HDA D110 MDC V.92 Modem

Dell CinePlayer

Dell Driver Reset Tool

Dell Support Center (Support Software)

Dell Wireless WLAN Card

DellSupport

Digital Content Portal

Digital Line Detect

Documentation & Support Launcher

ELIcon

ESSBrwr

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSSONIC

ESSTOOLS

essvatgt

Game Maker 7.0

Help_CTR

helptut

helpug

High Definition Audio Driver Package - KB835221

HijackThis 2.0.2

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows XP (KB952287)

Intel® Graphics Media Accelerator Driver

iTunes

kgcbaby

kgcbase

kgchday

kgchlwn

kgcinvt

kgckids

kgcmove

kgcvday

KODAK All-in-One Printer Software

ksdip

LiveUpdate 2.6 (Symantec Corporation)

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 1

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Outlook 2003 with Business Contact Manager Update

Microsoft Office Small Business Edition 2003

Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Mixer

MobileMe Control Panel

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

netbrdg

NETGEAR SC101 Storage Central Manager software

OfotoXMI

Otto

Panda ActiveScan 2.0

PDF Settings

PerfectPoolandSpa Software! 6.02

Phrogram

Pinnacle Instant DVD Recorder

Pololu USB-to-serial adapter driver (Driver Removal)

QuickSet

QuickTime

Radioshack USB-to-Serial Cable Driver Installer

RealPlayer

Roxio DLA

Roxio MyDVD LE

Roxio RecordNow Audio

Roxio RecordNow Copy

Roxio RecordNow Data

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

SFR

SHASTA

skin0001

SKINXSDK

Skype

Link to post
Share on other sites

Hi :huh:

Viewpoint Media Player is often installed without the users permission. If you didn't install it, or if you did but you no longer use it, I recommend you get rid of it.

Please click Start >> Control Panel >> Add or Remove Programs.

Find the item below on the list and click Remove.

Viewpoint Media Player

Let me know how it goes.

Did you have Norton/Symantec at one point on this machine? I can see some remnants, so if you wish to get rid of them you can do the following:

Norton Removal Tool

  • Download the Norton Removal Tool and save it to your Desktop.
  • Close and applications and browsers that you may have open.
  • Double-click the Norton Removal Tool on your Desktop.
  • Follow the on-screen instructions, and reboot if and when necessary.

We need to upload a file to Jotti

1. Click HERE to get to Jotti's site.

2. At the top of the Jotti window, use the Browse button to locate the following file on your system:

c:\windows\system32\MSINET.oca

3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.

4. Please provide me with the results of the analysis.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

[*]Please post this log in your next reply, along with a new HijackThis log.

Also, please give a detailed description of how your computer is running and behaving at the moment, listing any remaining problems.

Thanks.

Link to post
Share on other sites

I removed the viewport media player.

I ran the Norton removal tools. Then I remembered I have used ghost for some things, so sometime I may put that back.

I uploaded file to Jotti and Jotti reported "found nothing" for all of its various scanners.

I went to Kaspersky, where I was told I needed Java installed, so I installed the lastest version (6 update 10) from java.com.

Kaspersky found a bunch of viruses in old outlook express .dbx files. I have long ago switched over to yahoo email and just keep those dbx files as backups which haven't been accessed in a year. Also Kaspersky found a virus quarantine area, but nothing real as far as I can tell. (It did take almost 4 hours to get through.)

As far as success, I believe the ComboFix tool really took care of the underlying problem. Great! I haven't detected any trouble great or small since that completed. PC feels a little peppier browsing also, although that might be my imagination.

I feel this PC is back to its old happy self unless you have other suggestions or operations for me. I will follow the same steps on my son's PC (same dell model with same applications and same virus).

Kaspersky logfile is below.

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Monday, December 1, 2008

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Monday, December 01, 2008 17:20:15

Records in database: 1429671

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

Scan statistics:

Files scanned: 186561

Threat name: 39

Infected objects: 65

Suspicious objects: 8

Duration of the scan: 03:11:43

File name / Threat name / Threats count

C:\Outlook Express\1999.dbx Infected: Virus.MSWord.FootPrint.e 1

C:\Outlook Express\1999.dbx Infected: Virus.MSWord.Ethan 1

C:\Outlook Express\2001-Q2.dbx Infected: Email-Worm.Win32.Magistr.a 1

C:\Outlook Express\2001-Q3.dbx Infected: Email-Worm.Win32.Magistr.a 1

C:\Outlook Express\2002-Q3.dbx Suspicious: Exploit.HTML.Iframe.FileDownload 5

C:\Outlook Express\2002-Q3.dbx Infected: Email-Worm.Win32.Klez.h 5

C:\Outlook Express\2002-Q4.dbx Infected: Email-Worm.Win32.Tanatos.a 1

C:\Outlook Express\2003-Q2.dbx Suspicious: Exploit.HTML.Iframe.FileDownload 1

C:\Outlook Express\2003-Q2.dbx Infected: Email-Worm.Win32.Sobig.b 1

C:\Outlook Express\2003-Q2.dbx Infected: Email-Worm.Win32.Sobig.c 1

C:\Outlook Express\2003-Q2.dbx Infected: Email-Worm.Win32.Tanatos.b 2

C:\Outlook Express\2003-Q2.dbx Infected: Email-Worm.Win32.Sobig.e 2

C:\Outlook Express\2003-Q3.dbx Infected: Email-Worm.Win32.Sobig.e 2

C:\Outlook Express\2003-Q3.dbx Infected: Email-Worm.Win32.Swen 1

C:\Outlook Express\2003-Q4.dbx Infected: Email-Worm.Win32.Mimail.j 2

C:\Outlook Express\2003-Q4.dbx Infected: Email-Worm.Win32.Mimail.i 1

C:\Outlook Express\2004-Q1.dbx Infected: Email-Worm.Win32.Mydoom.a 1

C:\Outlook Express\2004-Q1.dbx Infected: Email-Worm.Win32.NetSky.d 1

C:\Outlook Express\2004-Q1.dbx Infected: Email-Worm.Win32.Bagle.o 1

C:\Outlook Express\2004-Q1.dbx Infected: Email-Worm.Win32.Bagle.p 3

C:\Outlook Express\2004-Q1.dbx Suspicious: Exploit.HTML.Iframe.FileDownload 1

C:\Outlook Express\2004-Q1.dbx Infected: Email-Worm.Win32.NetSky.q 1

C:\Outlook Express\2004-Q3.dbx Suspicious: Exploit.HTML.ObjData 1

C:\Outlook Express\2004-Q3.dbx Infected: Email-Worm.Win32.Bagle.g 1

C:\Outlook Express\2004-Q4.dbx Infected: Email-Worm.Win32.Bagle.at 1

C:\Outlook Express\Inbox.dbx Infected: Email-Worm.Win32.Mydoom.am 1

C:\Outlook Express\Mail\Deleted Items.mbx Infected: Email-Worm.Win32.ZippedFiles.a 3

C:\Outlook Express\Mail\Deleted Items.mbx Infected: Email-Worm.Win32.Happy 1

C:\Outlook Express\Mail\Inbox.mbx Infected: Virus.MSWord.Ethan 1

C:\Outlook Express\Mail\Inbox.mbx Infected: Virus.MSWord.FootPrint.e 1

C:\Outlook Express\Mail\Sent Items.mbx Infected: Virus.MSWord.Ethan 1

C:\Outlook Express\sent 1999.dbx Infected: Virus.MSWord.Ethan 1

C:\Outlook Express\spam.dbx Infected: Trojan-Spy.HTML.Bayfraud.hh 2

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\11.tmp Infected: Trojan-Downloader.Win32.Agent.aiyu 1

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\12.tmp Infected: Trojan-Downloader.Win32.Agent.aiyu 1

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\14.tmp Infected: Trojan-Downloader.JS.Psyme.jf 1

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\16.tmp Infected: Trojan-Downloader.Win32.Small.cpg 1

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1E2.tmp Infected: not-a-virus:AdWare.Win32.BHO.aqo 1

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1F.tmp Infected: Trojan-Downloader.Win32.Agent.aogd 1

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\20.tmp Infected: Trojan-Downloader.Win32.Agent.aogd 1

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\26.tmp Infected: Trojan-Downloader.Win32.Small.buy 1

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2CF.tmp Infected: Trojan-Downloader.JS.Agent.kd 1

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\735.tmp Infected: Trojan-Downloader.Java.OpenStream.ac 1

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\736.tmp Infected: Trojan-Downloader.Java.OpenStream.ac 1

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A31.tmp Infected: Trojan.Win32.Agent.anyk 1

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A37.tmp Infected: Trojan-Downloader.Win32.Small.buy 1

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A39.tmp Infected: Trojan-Downloader.Win32.Agent.afzg 1

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A58.tmp Infected: Trojan-Downloader.Win32.Agent.aoep 1

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A5D.tmp Infected: Trojan.Win32.Agent.anyk 1

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\F5.tmp Infected: Trojan-Downloader.Java.OpenConnection.ao 2

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\F5.tmp Infected: Trojan.Java.ClassLoader.au 1

C:\Program Files\Trend Micro\manual scan\system cleaner\System Cleaner\backup\2ce40a72-2368db40 Infected: Trojan-Downloader.Java.OpenConnection.ap 1

C:\Program Files\Trend Micro\manual scan\system cleaner\System Cleaner\backup\2ce40a72-7e5070e1 Infected: Trojan-Downloader.Java.OpenConnection.ap 1

C:\Program Files\Trend Micro\manual scan\system cleaner\System Cleaner\backup\5facab1f-4a484cda Infected: Trojan-Downloader.Java.OpenConnection.ap 1

C:\Program Files\Trend Micro\manual scan\system cleaner\System Cleaner\backup\5facab1f-7fb531a5 Infected: Trojan-Downloader.Java.OpenConnection.ap 1

The selected area was scanned.

Link to post
Share on other sites

Here is the HijackThis log file.

So far the computer is being well behaved. Thanks.

++++++++++++++++++++++++++++++++++++

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:13:42 AM, on 12/2/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Creative\Mixer\CTSVolFE.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Kodak\printer\center\KodakSvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Java\jre6\bin\java.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Spybot - Search & Destroy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2060909

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1A0DC5DA-3FC4-417D-8499-15A3D467DB3D} (SKWRDlg Control) - http://www.elanguage.cn/episode02cut/SKWRDlg.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.5.cab

O16 - DPF: {7ED4CA4F-9FE2-4C6D-BA56-55247415C3BA} (TDocx Control) - http://www.elanguage.cn/episode02cut/tdocx.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab

O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_...loadControl.cab

O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

O23 - Service: Zetera - Zetera Corporation - C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe

--

End of file - 14846 bytes

Link to post
Share on other sites

Hi SadDad

Log looks good :huh:

Click Start >> Run, and then type ComboFix /u and hit enter.

You can now delete any other tools I had you download and use, unless you wish to keep them.

Re-enable TeaTimer:

  • Open Spybot
  • Click on Tools in bottom left hand corner.
  • Click on Resident.
  • Check Resident "TeaTimer" box.
  • Click on Allow change ONLY to popup box with:
  • Entry: SpybotSD Teatimer
  • Click on Mode, select Default mode
  • Close Spybot

Now that your system appears to be clean, theres just a few steps I'd like you to take to prevent any future infections.

  • Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis.
  • Make sure you update your Anti-Virus software regularly, new viruses are being developed all the time.
  • Some more programs that it would be useful to have [OPTIONAL but RECOMMENDED]:
    SpywareBlaster is another real-time scanner that prevents most spyware from even being installed.
    Freely available: Download SpywareBlaster
    Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

Also, please read this great article by Tony Klein: So How Did I Get Infected In First Place

Glad we could be of assistance.

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

Stay Clean!

jpshortstuff

Link to post
Share on other sites

This issue appears resolved and the thread is closed to prevent others from posting here.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.