Deucehearts Posted December 2, 2007 Report Share Posted December 2, 2007 I have run adaware and spybot s&d numerous times cleaning everything they find. When cleaning in Spybot S&D I keep getting the blue screen of death. I am also unable to run most online scans. The laptop I am working with is running Windows XP media edition with all the updates. Any help would be great, thanks for your time in advance.Logfile of HijackThis v1.99.1Scan saved at 12:46:26 AM, on 12/2/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\savedump.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Trend Micro\Internet Security 12\pccguide.exeC:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeC:\WINDOWS\stsystra.exeC:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeC:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\eHome\ehmsas.exec:\program files\common files\installshield\updateservice\isuspm.exeC:\WINDOWS\system32\wuauclt.exeC:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\InstallShield\UpdateService\agent.exeC:\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.wisc.edu/portal/index.jspR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: (no name) - - (no file)O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [showLOMControl] O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exeO4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [czwqaqrA] C:\WINDOWS\czwqaqrA.exeO4 - HKLM\..\Run: [{70-0B-BD-D4-ZN}] C:\windows\system32\podsregn.exe SKY003O4 - HKLM\..\Run: [4ca70b7b] rundll32.exe "C:\WINDOWS\system32\pnneraju.dll",bO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cabO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ixanhtum.exe (file missing)O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeO23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeO23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeO23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeO23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe Link to post Share on other sites
sarahw Posted December 2, 2007 Report Share Posted December 2, 2007 Hi,Welcome to the siteI will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.I want you to show hidden files. There are instructions HERE to help you do this.You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time. Please dont use any of the tools without specific instructions. Some of them are dangerous (and could leave your computer in worse condition that it is when infected) if used incorrectly.These instuctions should be read first, then followed. If you do not understand something, don't be afraid to ask, or see if I'm on chat. Link to post Share on other sites
sarahw Posted December 2, 2007 Report Share Posted December 2, 2007 Hi,1.Please download VundoFix.exe to your desktopDouble-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.2.Please download Deckard's System Scanner (DSS) and save it to your Desktop.Close all other windows before proceeding. Double-click on dss.exe and follow the prompts.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Link to post Share on other sites
Deucehearts Posted December 2, 2007 Author Report Share Posted December 2, 2007 VundoFix V6.7.0Checking Java version...Java version is 1.4.2.3Old versions of java are exploitable and should be removed.Scan started at 1:52:46 AM 12/2/2007Listing files found while scanning....C:\windows\system32\fgjlm.bak1C:\WINDOWS\system32\fgjlm.bak2C:\WINDOWS\system32\fgjlm.iniC:\windows\system32\fiyngnrv.iniC:\WINDOWS\system32\lujktfbu.exeC:\WINDOWS\system32\mljgf.dllC:\WINDOWS\system32\rqrrspn.dllC:\windows\system32\vrngnyif.dllBeginning removal... Attempting to delete C:\windows\system32\fgjlm.bak1C:\windows\system32\fgjlm.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\fgjlm.bak2C:\WINDOWS\system32\fgjlm.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\fgjlm.iniC:\WINDOWS\system32\fgjlm.ini Has been deleted! Attempting to delete C:\windows\system32\fiyngnrv.iniC:\windows\system32\fiyngnrv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\lujktfbu.exeC:\WINDOWS\system32\lujktfbu.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\mljgf.dllC:\WINDOWS\system32\mljgf.dll Has been deleted! Attempting to delete C:\windows\system32\vrngnyif.dllC:\windows\system32\vrngnyif.dll Has been deleted!Performing Repairs to the registry.Done! Link to post Share on other sites
Deucehearts Posted December 2, 2007 Author Report Share Posted December 2, 2007 Deckard's System Scanner v20071014.68Run by Michelle on 2007-12-02 02:40:28Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --25: 2007-12-02 08:40:35 UTC - RP90 - Deckard's System Scanner Restore Point24: 2007-11-30 18:38:05 UTC - RP89 - System Checkpoint23: 2007-11-29 03:30:55 UTC - RP88 - System Checkpoint22: 2007-11-24 22:51:51 UTC - RP87 - System Checkpoint21: 2007-11-21 20:15:30 UTC - RP86 - System Checkpoint-- First Restore Point -- 1: 2007-10-11 12:58:56 UTC - RP66 - Software Distribution Service 3.0Backed up registry hives.Performed disk cleanup.-- HijackThis (run as Michelle.exe) --------------------------------------------Unable to find log (file not found); running clone.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2007-12-02 02:42:10Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKEEPER.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\explorer.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\iFrmewrk.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Real\RealPlayer\realplay.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Trend Micro\Internet Security 12\pccguide.exeC:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exeC:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeC:\WINDOWS\stsystra.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exeC:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Digital Line Detect\DLG.exeC:\WINDOWS\ehome\ehrecvr.exeC:\WINDOWS\ehome\ehSched.exeC:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exeC:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exeC:\Program Files\Trend Micro\Internet Security 12\tmproxy.exeC:\Program Files\Trend Micro\Internet Security 12\TmPfw.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\ehome\ehmsas.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Program Files\Common Files\InstallShield\UpdateService\agent.exeC:\Documents and Settings\Michelle\Desktop\dss.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=usR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ieR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.wisc.edu/portal/index.jspR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%sR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.com/ig/dell?hl=en&cl...&channel=usR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieR1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=usR3 - URLSearchHook: (no name) - - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {4991EFD5-91EC-450A-8E0C-F868007FDC9B} - C:\Program Files\Common Files\meqo43855.dll (file missing)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: (no name) - {69D1138B-EA15-4764-B837-511A31894C80} - C:\WINDOWS\system32\mljgf.dll (file missing)O2 - BHO: (no name) - {71DC6AF1-96F7-484C-867E-A10AD075D213} - \O2 - BHO: {e203e144-d106-21bb-9464-6665727865d9} - {9d568727-5666-4649-bb12-601d441e302e} - C:\WINDOWS\system32\otiyorse.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [showLOMControl] 1O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exeO4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [czwqaqrA] C:\WINDOWS\czwqaqrA.exeO4 - HKLM\..\Run: [{70-0B-BD-D4-ZN}] C:\windows\system32\podsregn.exe SKY003O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [4ca70b7b] rundll32.exe "C:\WINDOWS\system32\fwtaeyyn.dll",bO4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: https://online.musicmatch.com (HKLM)O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cabO18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLLO18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dllO20 - Winlogon Notify: rqrrspn - C:\WINDOWS\system32\rqrrspn.dll (file missing)O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ixanhtum.exe /serviceO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exeO23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exeO23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exeO23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exeO23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe--End of file - 10873 bytes-- File Associations -----------------------------------------------------------All associations okay.-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>R1 core - c:\windows\system32\drivers\core.sysR1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Component 1.0>R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>R2 tm_cfw (Common Firewall Driver) - c:\windows\system32\drivers\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>R2 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~1\pcctlcom.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>R2 Tmntsrv (Trend Micro Real-time Service) - c:\progra~1\trendm~1\intern~1\tmntsrv.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>R2 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~1\tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>R2 tmproxy (Trend Micro Proxy Service) - c:\progra~1\trendm~1\intern~1\tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 1.0>R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSO Service>S2 DomainService - c:\windows\system32\ixanhtum.exe /service (file missing)-- Device Manager: Disabled ----------------------------------------------------No disabled devices found.-- Files created between 2007-11-02 and 2007-12-02 -----------------------------2007-12-02 01:52:46 0 d-------- C:\VundoFix Backups2007-12-02 00:57:06 0 d-------- C:\WINDOWS\system32\ActiveScan2007-12-02 00:47:48 85056 --a------ C:\WINDOWS\system32\fwtaeyyn.dll2007-12-02 00:45:22 0 d-------- C:\hijackthis2007-12-02 00:44:45 76864 --a------ C:\WINDOWS\system32\otiyorse.dll2007-12-02 00:44:44 71232 --a------ C:\WINDOWS\system32\mluxowxl.exe <Not Verified; ; DDC>2007-12-01 12:21:46 78400 --a------ C:\WINDOWS\system32\fmduefeu.dll2007-12-01 11:23:24 71232 --a------ C:\WINDOWS\system32\dfcbrmxa.exe <Not Verified; ; DDC>2007-11-29 22:14:30 71232 --a------ C:\WINDOWS\system32\piqoibxy.exe <Not Verified; ; DDC>2007-11-28 22:14:37 71232 --a------ C:\WINDOWS\system32\rjesrnuv.exe <Not Verified; ; DDC>2007-11-27 22:13:18 71232 --a------ C:\WINDOWS\system32\lgohpndo.exe <Not Verified; ; DDC>2007-11-26 22:13:18 71232 --a------ C:\WINDOWS\system32\uemqyvhx.exe <Not Verified; ; DDC>2007-11-25 14:37:59 71232 --a------ C:\WINDOWS\system32\urxqhrpd.exe <Not Verified; ; DDC>2007-11-24 14:37:40 71232 --a------ C:\WINDOWS\system32\mdmksnng.exe <Not Verified; ; DDC>2007-11-20 18:53:39 71232 --a------ C:\WINDOWS\system32\ttxuyuxw.exe <Not Verified; ; DDC>2007-11-19 18:53:25 71232 --a------ C:\WINDOWS\system32\kdxorlik.exe <Not Verified; ; DDC>2007-11-18 18:53:45 71232 --a------ C:\WINDOWS\system32\kwgprmty.exe <Not Verified; ; DDC>2007-11-17 18:52:25 71232 --a------ C:\WINDOWS\system32\deurmhxu.exe <Not Verified; ; DDC>2007-11-16 13:21:06 1203 --a------ C:\WINDOWS\mozver.dat2007-11-16 13:12:20 71232 --a------ C:\WINDOWS\system32\xluriaha.exe <Not Verified; ; DDC>2007-11-15 12:48:03 71232 --a------ C:\WINDOWS\system32\hrjopuxj.exe <Not Verified; ; DDC>2007-11-14 12:49:43 71232 --a------ C:\WINDOWS\system32\bdlaaybt.exe <Not Verified; ; DDC>2007-11-13 11:18:50 71232 --a------ C:\WINDOWS\system32\gyxydcan.exe <Not Verified; ; DDC>2007-11-12 10:48:40 71232 --a------ C:\WINDOWS\system32\kmkpgjos.exe <Not Verified; ; DDC>2007-11-11 09:42:15 71232 --a------ C:\WINDOWS\system32\xrvctqbq.exe <Not Verified; ; DDC>2007-11-10 09:40:26 71232 --a------ C:\WINDOWS\system32\ujwnjgby.exe <Not Verified; ; DDC>2007-11-10 00:15:55 71232 --a------ C:\WINDOWS\system32\ywldlruo.exe <Not Verified; ; DDC>2007-11-08 22:21:00 86080 --a------ C:\WINDOWS\system32\kycmnkaj.dll2007-11-08 22:18:00 71232 --a------ C:\WINDOWS\system32\uiubbpim.exe <Not Verified; ; DDC>2007-11-08 22:16:11 71232 --a------ C:\WINDOWS\system32\xjlvqjxo.exe <Not Verified; ; DDC>2007-11-07 12:43:53 71232 --a------ C:\WINDOWS\system32\trfhhjxq.exe <Not Verified; ; DDC>2007-11-07 12:41:09 71232 --a------ C:\WINDOWS\system32\advbkprt.exe <Not Verified; ; DDC>2007-11-06 09:54:07 87104 --a------ C:\WINDOWS\system32\qghkhqdw.dll2007-11-06 09:53:02 71232 --a------ C:\WINDOWS\system32\bhvgoenh.exe <Not Verified; ; DDC>2007-11-05 10:41:57 0 d-------- C:\Documents and Settings\Michelle\Application Data\Template2007-11-04 19:45:43 75328 --a------ C:\WINDOWS\system32\pmihorwn.exe <Not Verified; ; DDC>2007-11-02 10:38:33 75328 --a------ C:\WINDOWS\system32\jwxsltfc.exe <Not Verified; ; DDC>-- Find3M Report ---------------------------------------------------------------2007-12-02 01:46:30 0 d-------- C:\Program Files\Bonjour2007-12-02 01:46:29 0 d-------- C:\Program Files\BAE2007-12-01 12:19:53 0 d-------- C:\Program Files\WinPop2007-12-01 12:19:53 0 d-------- C:\Program Files\Common Files2007-12-01 11:25:42 0 d-------- C:\Program Files\SpywareBlaster2007-11-30 11:55:29 18698 --a------ C:\Documents and Settings\Michelle\Application Data\wklnhst.dat2007-11-28 22:26:33 3766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys2007-11-28 22:26:28 56 -r-hs---- C:\WINDOWS\system32\A816F5A9F5.sys2007-11-27 12:18:07 0 d--h----- C:\Documents and Settings\Michelle\Application Data\Move Networks2007-10-31 21:49:54 75328 --a------ C:\WINDOWS\system32\iguxkhlm.exe <Not Verified; ; DDC>2007-10-30 21:48:48 75328 --a------ C:\WINDOWS\system32\eaqbkbgc.exe <Not Verified; ; DDC>2007-10-29 11:35:50 75328 --a------ C:\WINDOWS\system32\txgcxlmg.exe <Not Verified; ; DDC>2007-10-28 10:17:52 75328 --a------ C:\WINDOWS\system32\eotuexja.exe <Not Verified; ; DDC>2007-10-26 14:42:40 75328 --a------ C:\WINDOWS\system32\vjgauirb.exe <Not Verified; ; DDC>2007-10-25 12:34:14 75328 --a------ C:\WINDOWS\system32\amxdvmxh.exe <Not Verified; ; DDC>2007-10-25 12:31:42 75328 --a------ C:\WINDOWS\system32\xphkphnu.exe <Not Verified; ; DDC>2007-10-24 11:29:20 75328 --a------ C:\WINDOWS\system32\mcgocunv.exe <Not Verified; ; DDC>2007-10-22 07:51:28 75328 --a------ C:\WINDOWS\system32\jiysmrhd.exe <Not Verified; ; DDC>2007-10-20 18:55:36 0 d-------- C:\Program Files\Lavasoft2007-10-20 18:55:34 0 d-------- C:\Documents and Settings\Michelle\Application Data\Lavasoft2007-10-20 18:54:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard2007-10-20 18:36:07 75328 --a------ C:\WINDOWS\system32\qoehhmhm.exe <Not Verified; ; DDC>2007-10-20 18:32:29 0 d-------- C:\Program Files\Google2007-10-19 20:22:02 75328 --a------ C:\WINDOWS\system32\gsokujbd.exe <Not Verified; ; DDC>2007-10-18 08:26:37 77376 --a------ C:\WINDOWS\system32\xkbnyrot.dll2007-10-18 08:26:00 75328 --a------ C:\WINDOWS\system32\utyhvldo.exe <Not Verified; ; DDC>2007-10-11 07:56:54 75328 --a------ C:\WINDOWS\system32\bjabuaql.exe <Not Verified; ; DDC>2007-10-11 06:57:01 75328 --a------ C:\WINDOWS\system32\nsrnpnih.exe <Not Verified; ; DDC>2007-09-14 10:17:42 70208 --a------ C:\WINDOWS\system32\oxapsvmr.dll2007-09-14 10:08:41 75328 --a------ C:\WINDOWS\system32\kttapgov.exe <Not Verified; ; DDC>-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4991EFD5-91EC-450A-8E0C-F868007FDC9B}] C:\Program Files\Common Files\meqo43855.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69D1138B-EA15-4764-B837-511A31894C80}] C:\WINDOWS\system32\mljgf.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71DC6AF1-96F7-484C-867E-A10AD075D213}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9d568727-5666-4649-bb12-601d441e302e}]12/02/2007 12:44 AM 76864 --a------ C:\WINDOWS\system32\otiyorse.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 01:01 PM]"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 04:48 PM]"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [12/28/2005 10:55 AM]"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [12/28/2005 10:56 AM]"ShowLOMControl"="1 (0x1)" []"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 11:48 AM]"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 07:29 PM]"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [04/12/2006 04:27 PM]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/12/2006 04:28 PM]"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 12:05 AM]"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 09:44 AM]"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 09:44 AM]"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [09/08/2005 06:20 PM]"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [08/30/2005 03:30 PM]"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [11/16/2005 06:08 PM]"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 04:30 PM C:\WINDOWS\stsystra.exe]"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [03/23/2006 07:17 PM]"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [03/23/2006 07:13 PM]"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [03/23/2006 07:17 PM]"czwqaqrA"="C:\WINDOWS\czwqaqrA.exe" []"{70-0B-BD-D4-ZN}"="C:\windows\system32\podsregn.exe" []"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []"4ca70b7b"="C:\WINDOWS\system32\fwtaeyyn.dll" [12/02/2007 12:47 AM][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [04/11/2006 07:39 PM]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24 AM]"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]"WinPop"="C:\Program Files\WinPop\winpop.exe" []C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [4/12/2006 4:24:40 PM]Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 12:01:04 AM][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrrspn] rqrrspn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]@="Service"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]AutoRun\command- E:\setup.exe-- End of Deckard's System Scanner: finished at 2007-12-02 02:42:38 ------------ Link to post Share on other sites
Deucehearts Posted December 2, 2007 Author Report Share Posted December 2, 2007 Deckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post.---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft Windows XP Professional (build 2600) SP 2.0Architecture: X86; Language: EnglishCPU 0: Genuine Intel® CPU T2400 @ 1.83GHzCPU 1: Genuine Intel® CPU T2400 @ 1.83GHzPercentage of Memory in Use: 48%Physical Memory (total/avail): 1014.37 MiB / 526.38 MiBPagefile Memory (total/avail): 2441.45 MiB / 2051.66 MiBVirtual Memory (total/avail): 2047.88 MiB / 1926.43 MiBC: is Fixed (NTFS) - 49.7 GiB total, 38.15 GiB free. D: is CDROM (No Media)\\.\PHYSICALDRIVE0 - Hitachi HTS541060G9SA00 - 54.49 GiB - 3 partitions \PARTITION0 - Unknown - 39.19 MiB \PARTITION1 (bootable) - Installable File System - 49.7 GiB - C: \PARTITION2 - Unknown - 4.74 GiB-- Security Center -------------------------------------------------------------AUOptions is scheduled to auto-install.Windows Internal Firewall is enabled.FirstRunDisabled is set.FW: Trend Micro PC-cillin Internet Security (Firewall) v12 (Trend Micro, Inc.)AV: Trend Micro PC-cillin Internet Security v12.7.1019 (Trend Micro, Inc.) Outdated[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL""C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL""C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL""C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL""C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL""C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger""C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour""C:\\Program Files\\Ruckus Player\\Ruckus.exe"="C:\\Program Files\\Ruckus Player\\Ruckus.exe:*:Enabled:Ruckus Player""C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe:*:Enabled:QuickTime Player""C:\\WINDOWS\\system32\\ixanhtum.exe"="C:\\WINDOWS\\system32\\ixa"-- Environment Variables -------------------------------------------------------ALLUSERSPROFILE=C:\Documents and Settings\All UsersAPPDATA=C:\Documents and Settings\Michelle\Application DataCLIENTNAME=ConsoleCommonProgramFiles=C:\Program Files\Common FilesCOMPUTERNAME=MICKIComSpec=C:\WINDOWS\system32\cmd.exeFP_NO_HOST_CHECK=NOHOMEDRIVE=C:HOMEPATH=\Documents and Settings\MichelleLOGONSERVER=\\MICKINUMBER_OF_PROCESSORS=2OS=Windows_NTPath=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\WbemPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSHPROCESSOR_ARCHITECTURE=x86PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=0e08ProgramFiles=C:\Program FilesPROMPT=$P$GSESSIONNAME=ConsoleSonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\SystemDrive=C:SystemRoot=C:\WINDOWSTEMP=C:\DOCUME~1\Michelle\LOCALS~1\TempTMP=C:\DOCUME~1\Michelle\LOCALS~1\TempUSERDOMAIN=MICKIUSERNAME=MichelleUSERPROFILE=C:\Documents and Settings\Michellewindir=C:\WINDOWS-- User Profiles ---------------------------------------------------------------Michelle (admin)Administrator (admin)-- Add/Remove Programs --------------------------------------------------------- --> C:\PROGRA~1\RUCKUS~1\UNWISE.EXE /a C:\PROGRA~1\RUCKUS~1\INSTALL.LOG --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} --> MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6} --> MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.infAd-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -qAdobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exeAdobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}Banctec Service Agreement --> MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}Bejeweled 2 Deluxe --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\989E4C3B-B2C9-4486-9A09-D5A8F953837C\Uninstall.exe"Blasterball 2 --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D1A6F3FD-7B40-443F-8767-BADB25A0D222\Uninstall.exe"Bonjour Core for Windows --> MsiExec.exe /I{56DF5C9E-6392-46D3-B366-297B14E1DAAF}Broadcom Management Programs --> MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.infCorel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /sDell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelDivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGINEducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOGFATE --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C2D8F0E2-6978-4409-8351-BA8785DA11EE\Uninstall.exe"GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exeHijackThis 1.99.1 --> C:\hijackthis\HijackThis.exe /uninstallIntel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exeInternal Network Card Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exeMacromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.logmCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}Microsoft Digital Image Standard 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM VERSION=11Microsoft Encarta Encyclopedia Standard 2006 --> MsiExec.exe /I{06040048-3E21-46D6-9A91-D927BA08F41D}Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}Microsoft Streets & Trips 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}Microsoft Works Suite 2006 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP D:\Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelMove Networks Media Player for Internet Explorer --> C:\Documents and Settings\Michelle\Application Data\Move Networks\ie_bin\Uninst.exeMove Networks Player for Internet Explorer --> "C:\Documents and Settings\Michelle\Application Data\Move Networks\ie_bin\unins000.exe"Mozilla Firefox (2.0.0.10) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exemPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelOtto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScanPowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstallQuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.logRealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0Ruckus Player --> C:\PROGRA~1\RUCKUS~1\UNWISE.EXE C:\PROGRA~1\RUCKUS~1\INSTALL.LOGSCRABBLE --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA\Uninstall.exe"Search Assist --> MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonlySonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstallTrend Micro PC-cillin Internet Security 12 --> MsiExec.exe /X{7698EDA5-A90F-4205-99CB-8FF6F9048ED9}Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exeURL Assistant --> regsvr32 /u /s "c:\Program Files\BAE\BAE.dll"Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /uWebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"Windows XP Media Center Edition 2005 KB908250 --> WinPop --> C:\Program Files\WinPop\UnInstall.exe-- Application Event Log -------------------------------------------------------Event Record #/Type18436 / WarningEvent Submitted/Written: 12/02/2007 02:37:16 AMEvent ID/Source: 1001 / MsiInstallerEvent Description:Detection of product '{8A9B8148-DDD7-448F-BD6C-358386D32354}', feature 'PaintShopPhotoAlbum' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'Event Record #/Type18435 / WarningEvent Submitted/Written: 12/02/2007 02:37:16 AMEvent ID/Source: 1004 / MsiInstallerEvent Description:Detection of product '{8A9B8148-DDD7-448F-BD6C-358386D32354}', feature 'PaintShopPhotoAlbum', component '{25F669D8-9DC1-44D1-A06B-28E42E930387}' failed. The resource 'HKEY_CURRENT_USER\Software\Corel\Auto Update\{8A9B8148-DDD7-448F-BD6C-358386D32354}\Interval' does not exist.Event Record #/Type18434 / WarningEvent Submitted/Written: 12/02/2007 02:37:16 AMEvent ID/Source: 1001 / MsiInstallerEvent Description:Detection of product '{8A9B8148-DDD7-448F-BD6C-358386D32354}', feature 'PaintShopPhotoAlbum' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'Event Record #/Type18433 / WarningEvent Submitted/Written: 12/02/2007 02:37:16 AMEvent ID/Source: 1004 / MsiInstallerEvent Description:Detection of product '{8A9B8148-DDD7-448F-BD6C-358386D32354}', feature 'PaintShopPhotoAlbum', component '{25F669D8-9DC1-44D1-A06B-28E42E930387}' failed. The resource 'HKEY_CURRENT_USER\Software\Corel\Auto Update\{8A9B8148-DDD7-448F-BD6C-358386D32354}\Interval' does not exist.Event Record #/Type18432 / WarningEvent Submitted/Written: 12/02/2007 02:37:16 AMEvent ID/Source: 1001 / MsiInstallerEvent Description:Detection of product '{8A9B8148-DDD7-448F-BD6C-358386D32354}', feature 'PaintShopPhotoAlbum' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'-- Security Event Log ----------------------------------------------------------No Errors/Warnings found.-- System Event Log ------------------------------------------------------------Event Record #/Type26320 / ErrorEvent Submitted/Written: 12/02/2007 00:16:53 AMEvent ID/Source: 1003 / System ErrorEvent Description:Error code 100000ce, parameter1 aa11a74e, parameter2 00000008, parameter3 aa11a74e, parameter4 00000000.Event Record #/Type26293 / ErrorEvent Submitted/Written: 12/01/2007 11:54:19 PMEvent ID/Source: 1000 / DhcpEvent Description:Your computer has lost the lease to its IP address 204.15.111.227 on theNetwork Card with network address 001302198D7B.Event Record #/Type26292 / WarningEvent Submitted/Written: 12/01/2007 11:54:19 PMEvent ID/Source: 1003 / DhcpEvent Description:Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 001302198D7B. The followingerror occurred: %%121.Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server.Event Record #/Type26288 / ErrorEvent Submitted/Written: 12/01/2007 06:57:19 PMEvent ID/Source: 1000 / DhcpEvent Description:Your computer has lost the lease to its IP address 204.15.111.227 on theNetwork Card with network address 001302198D7B.Event Record #/Type26287 / WarningEvent Submitted/Written: 12/01/2007 06:57:19 PMEvent ID/Source: 1003 / DhcpEvent Description:Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 001302198D7B. The followingerror occurred: %%121.Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server.-- End of Deckard's System Scanner: finished at 2007-12-02 02:42:38 ------------ Link to post Share on other sites
Deucehearts Posted December 2, 2007 Author Report Share Posted December 2, 2007 Here is my new hijack log. Thanks once again.Logfile of HijackThis v1.99.1Scan saved at 2:46:04 AM, on 12/2/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Trend Micro\Internet Security 12\pccguide.exeC:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exeC:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeC:\WINDOWS\stsystra.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exeC:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Digital Line Detect\DLG.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeC:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\eHome\ehmsas.exeC:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exec:\program files\common files\installshield\updateservice\isuspm.exeC:\Program Files\Common Files\InstallShield\UpdateService\agent.exeC:\Program Files\Internet Explorer\iexplore.exeC:\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.wisc.edu/portal/index.jspR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: (no name) - - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {4991EFD5-91EC-450A-8E0C-F868007FDC9B} - C:\Program Files\Common Files\meqo43855.dll (file missing)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: (no name) - {69D1138B-EA15-4764-B837-511A31894C80} - C:\WINDOWS\system32\mljgf.dll (file missing)O2 - BHO: (no name) - {71DC6AF1-96F7-484C-867E-A10AD075D213} - \O2 - BHO: {e203e144-d106-21bb-9464-6665727865d9} - {9d568727-5666-4649-bb12-601d441e302e} - C:\WINDOWS\system32\otiyorse.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [showLOMControl] O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exeO4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [czwqaqrA] C:\WINDOWS\czwqaqrA.exeO4 - HKLM\..\Run: [{70-0B-BD-D4-ZN}] C:\windows\system32\podsregn.exe SKY003O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [4ca70b7b] rundll32.exe "C:\WINDOWS\system32\fwtaeyyn.dll",bO4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: rqrrspn - rqrrspn.dll (file missing)O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ixanhtum.exe (file missing)O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeO23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeO23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeO23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeO23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe Link to post Share on other sites
sarahw Posted December 2, 2007 Report Share Posted December 2, 2007 Hi,Did you install 'EmpirePokerMaster'. If not can you please uninstall it. If you can't uninstall it, let me know in your reply.1.Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.Save it to your desktop, make sure the file type is All Files and name it FixServices.bat@echo offsc stop DomainServicesc delete DomainServiceexitDouble click FixServices.bat. A window will open and close. This is normal.2.Download ComboFix from Here or Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall Link to post Share on other sites
Deucehearts Posted December 2, 2007 Author Report Share Posted December 2, 2007 I did not install Empire poker and am unable to find it on the computer to uninstall as well. Here are my new logs.ComboFix 07-12-02.5 - Michelle 2007-12-02 11:08:35.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.525 [GMT -6:00]Running from: C:\Documents and Settings\Michelle\Desktop\ComboFix.exe * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\All Users\Application Data.\salesmonitorC:\Documents and Settings\All Users\Application Data.\winantispyware 2007C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\AbbrC:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\ProductCodeC:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\AbbrC:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCodeC:\Documents and Settings\Michelle\err.logC:\Program Files\winpopC:\Program Files\winpop\UnInstall.exeC:\temp\0b9C:\temp\0b9\tmpTF.logC:\temp\ieeC:\temp\iee\tmpZTF.logC:\temp\tn3C:\WINDOWS\cookies.iniC:\WINDOWS\cs_cache.iniC:\WINDOWS\retadpu.exe.binC:\WINDOWS\system32\advbkprt.exeC:\WINDOWS\system32\amxdvmxh.exeC:\WINDOWS\system32\bdlaaybt.exeC:\WINDOWS\system32\bhvgoenh.exeC:\WINDOWS\system32\bjabuaql.exeC:\WINDOWS\system32\deurmhxu.exeC:\WINDOWS\system32\dfcbrmxa.exeC:\WINDOWS\system32\drivers\core.cache.dskC:\WINDOWS\system32\drivers\core.sysC:\WINDOWS\system32\eaqbkbgc.exeC:\WINDOWS\system32\eotuexja.exeC:\WINDOWS\system32\fmduefeu.dllC:\WINDOWS\system32\fwtaeyyn.dllC:\WINDOWS\system32\gsokujbd.exeC:\WINDOWS\system32\gyxydcan.exeC:\WINDOWS\system32\H1C:\WINDOWS\system32\H1\wbb22.exeC:\WINDOWS\system32\H2C:\WINDOWS\system32\H3C:\WINDOWS\system32\H4C:\WINDOWS\system32\H5C:\WINDOWS\system32\H5\bk53.exeC:\WINDOWS\system32\hrjopuxj.exeC:\WINDOWS\system32\iguxkhlm.exeC:\WINDOWS\system32\jaknmcyk.iniC:\WINDOWS\system32\jiysmrhd.exeC:\WINDOWS\system32\jwxsltfc.exeC:\WINDOWS\system32\kdxorlik.exeC:\WINDOWS\system32\kmkpgjos.exeC:\WINDOWS\system32\kttapgov.exeC:\WINDOWS\system32\kwgprmty.exeC:\WINDOWS\system32\kycmnkaj.dllC:\WINDOWS\system32\lgohpndo.exeC:\WINDOWS\system32\mcgocunv.exeC:\WINDOWS\system32\mdmksnng.exeC:\WINDOWS\system32\mluxowxl.exeC:\WINDOWS\system32\nsrnpnih.exeC:\WINDOWS\system32\nyyeatwf.iniC:\WINDOWS\system32\o02PrEzC:\WINDOWS\system32\o02PrEz\o02PrEz1065.exeC:\WINDOWS\system32\otiyorse.dllC:\WINDOWS\system32\oxapsvmr.dllC:\WINDOWS\system32\piqoibxy.exeC:\WINDOWS\system32\pmihorwn.exeC:\WINDOWS\system32\qghkhqdw.dllC:\WINDOWS\system32\qoehhmhm.exeC:\WINDOWS\system32\rjesrnuv.exeC:\WINDOWS\system32\trfhhjxq.exeC:\WINDOWS\system32\ttxuyuxw.exeC:\WINDOWS\system32\txgcxlmg.exeC:\WINDOWS\system32\uemqyvhx.exeC:\WINDOWS\system32\uiubbpim.exeC:\WINDOWS\system32\ujwnjgby.exeC:\WINDOWS\system32\urxqhrpd.exeC:\WINDOWS\system32\utyhvldo.exeC:\WINDOWS\system32\vjgauirb.exeC:\WINDOWS\system32\wdqhkhgq.iniC:\WINDOWS\system32\winC:\WINDOWS\system32\xjlvqjxo.exeC:\WINDOWS\system32\xkbnyrot.dllC:\WINDOWS\system32\xluriaha.exeC:\WINDOWS\system32\xphkphnu.exeC:\WINDOWS\system32\xrvctqbq.exeC:\WINDOWS\system32\ywldlruo.exe.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\LEGACY_CORE-------\LEGACY_NETWORK_MONITOR-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS-------\core((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))).2007-12-02 02:40 . 2007-12-02 02:40 <DIR> d-------- C:\Deckard2007-12-02 01:52 . 2007-12-02 02:37 <DIR> d-------- C:\VundoFix Backups2007-12-02 00:57 . 2007-12-02 01:19 <DIR> d-------- C:\WINDOWS\system32\ActiveScan2007-12-02 00:57 . 2007-12-02 00:57 30,590 --a------ C:\WINDOWS\system32\pavas.ico2007-12-02 00:57 . 2007-12-02 00:57 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico2007-12-02 00:57 . 2007-12-02 00:57 1,406 --a------ C:\WINDOWS\system32\Help.ico2007-12-02 00:45 . 2007-12-02 02:46 <DIR> d-------- C:\hijackthis2007-12-01 11:24 . 2007-12-02 00:41 687,777 ---hs---- C:\WINDOWS\system32\ujarennp.ini2007-11-29 22:20 . 2007-12-01 11:22 735,961 ---hs---- C:\WINDOWS\system32\mitckhrk.ini2007-11-28 22:20 . 2007-11-29 21:30 860,784 ---hs---- C:\WINDOWS\system32\vxpjocqr.ini2007-11-28 15:27 . 2007-11-28 15:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn2007-11-28 15:27 . 2007-11-28 15:27 1,409 --a------ C:\WINDOWS\QTFont.for2007-11-27 22:13 . 2007-11-28 22:13 989,051 ---hs---- C:\WINDOWS\system32\psxksrrc.ini2007-11-26 22:17 . 2007-11-27 22:06 991,583 ---hs---- C:\WINDOWS\system32\qfywnhfo.ini2007-11-25 14:44 . 2007-11-26 22:12 1,013,146 ---hs---- C:\WINDOWS\system32\fbaejpvh.ini2007-11-20 18:56 . 2007-11-25 14:37 1,010,942 ---hs---- C:\WINDOWS\system32\iyhemfdy.ini2007-11-19 18:59 . 2007-11-20 16:57 686,628 ---hs---- C:\WINDOWS\system32\onxvlymy.ini2007-11-18 18:59 . 2007-11-19 16:02 622,988 ---hs---- C:\WINDOWS\system32\qpyqxpxu.ini2007-11-17 18:56 . 2007-11-18 18:56 622,808 ---hs---- C:\WINDOWS\system32\cguwwpay.ini2007-11-16 13:21 . 2007-11-16 13:21 1,203 --a------ C:\WINDOWS\mozver.dat2007-11-16 13:16 . 2007-11-17 18:51 622,628 ---hs---- C:\WINDOWS\system32\hfdpccyq.ini2007-11-15 12:54 . 2007-11-16 13:11 734,232 ---hs---- C:\WINDOWS\system32\ldlilitm.ini2007-11-14 12:52 . 2007-11-15 12:53 655,446 ---hs---- C:\WINDOWS\system32\yvedjivk.ini2007-11-13 11:22 . 2007-11-14 12:23 655,942 ---hs---- C:\WINDOWS\system32\chvokniv.ini2007-11-12 10:52 . 2007-11-13 11:18 669,654 ---hs---- C:\WINDOWS\system32\kuksxxcb.ini2007-11-11 09:48 . 2007-11-12 10:47 590,836 ---hs---- C:\WINDOWS\system32\cplnhcva.ini2007-11-10 00:21 . 2007-11-11 09:33 584,656 ---hs---- C:\WINDOWS\system32\tshasmqt.ini2007-11-07 12:50 . 2007-11-08 22:16 583,060 ---hs---- C:\WINDOWS\system32\btrbhmjv.ini2007-11-05 10:41 . 2007-11-05 10:41 <DIR> d-------- C:\Documents and Settings\Michelle\Application Data\Template2007-11-04 19:48 . 2007-11-06 09:52 1,124,394 ---hs---- C:\WINDOWS\system32\ciyhycsy.ini2007-11-02 10:38 . 2007-11-04 19:43 1,148,154 ---hs---- C:\WINDOWS\system32\iipifjeg.ini.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2007-12-02 07:46 --------- d-----w C:\Program Files\Bonjour2007-12-02 07:46 --------- d-----w C:\Program Files\BAE2007-12-01 17:25 --------- d-----w C:\Program Files\SpywareBlaster2007-11-30 17:55 18,698 ----a-w C:\Documents and Settings\Michelle\Application Data\wklnhst.dat2007-11-27 18:18 --------- d--h--w C:\Documents and Settings\Michelle\Application Data\Move Networks2007-10-21 00:55 --------- d-----w C:\Program Files\Lavasoft2007-10-21 00:55 --------- d-----w C:\Documents and Settings\Michelle\Application Data\Lavasoft2007-10-21 00:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard2007-10-21 00:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft2007-10-21 00:32 --------- d-----w C:\Program Files\Google2007-01-29 02:03 58,600 ----a-w C:\Documents and Settings\Michelle\Application Data\GDIPFONTCACHEV1.DAT2005-07-29 21:24 472 --sha-r C:\WINDOWS\TWljaGVsbGU\nq53u3pPv3o.vbs.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4991EFD5-91EC-450A-8E0C-F868007FDC9B}] C:\Program Files\Common Files\meqo43855.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69D1138B-EA15-4764-B837-511A31894C80}] C:\WINDOWS\system32\mljgf.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71DC6AF1-96F7-484C-867E-A10AD075D213}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 19:39]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01]"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 16:48]"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 10:55]"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 10:56]"ShowLOMControl"="1 (0x1)" []"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48]"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 19:29]"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-04-12 16:27]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-12 16:28]"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 00:05]"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44]"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44]"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 18:20]"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 15:30]"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-16 18:08]"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 C:\WINDOWS\stsystra.exe]"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 19:17]"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 19:13]"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 19:17]"czwqaqrA"="C:\WINDOWS\czwqaqrA.exe" []"{70-0B-BD-D4-ZN}"="C:\windows\system32\podsregn.exe" []C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-12 16:24:40]Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrrspn]rqrrspn.dll[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]\Shell\AutoRun\command - E:\setup.exe.**************************************************************************catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2007-12-02 11:12:50Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfully hidden files: 0 **************************************************************************.Completion time: 2007-12-02 11:14:11 - machine was rebooted. --- E O F --- Link to post Share on other sites
Deucehearts Posted December 2, 2007 Author Report Share Posted December 2, 2007 Logfile of HijackThis v1.99.1Scan saved at 11:17:12 AM, on 12/2/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeC:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\wscntfy.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\stsystra.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\Digital Line Detect\DLG.exeC:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.wisc.edu/portal/index.jspR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: (no name) - - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {4991EFD5-91EC-450A-8E0C-F868007FDC9B} - C:\Program Files\Common Files\meqo43855.dll (file missing)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: (no name) - {69D1138B-EA15-4764-B837-511A31894C80} - C:\WINDOWS\system32\mljgf.dll (file missing)O2 - BHO: (no name) - {71DC6AF1-96F7-484C-867E-A10AD075D213} - \O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [showLOMControl] O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exeO4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [czwqaqrA] C:\WINDOWS\czwqaqrA.exeO4 - HKLM\..\Run: [{70-0B-BD-D4-ZN}] C:\windows\system32\podsregn.exe SKY003O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: rqrrspn - rqrrspn.dll (file missing)O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeO23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeO23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeO23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeO23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe Link to post Share on other sites
sarahw Posted December 3, 2007 Report Share Posted December 3, 2007 1. Please open Notepad Click Start , then RunType notepad .exe in the Run Box.2. Now copy/paste the entire content of the codebox below into the Notepad window:File::C:\WINDOWS\system32\ixanhtum.exe C:\WINDOWS\system32\ujarennp.iniC:\WINDOWS\system32\mitckhrk.iniC:\WINDOWS\system32\vxpjocqr.iniC:\WINDOWS\QTFont.qfnC:\WINDOWS\QTFont.forC:\WINDOWS\system32\psxksrrc.iniC:\WINDOWS\system32\qfywnhfo.iniC:\WINDOWS\system32\fbaejpvh.iniC:\WINDOWS\system32\iyhemfdy.iniC:\WINDOWS\system32\onxvlymy.iniC:\WINDOWS\system32\qpyqxpxu.iniC:\WINDOWS\system32\cguwwpay.iniC:\WINDOWS\system32\hfdpccyq.ini C:\WINDOWS\system32\ldlilitm.iniC:\WINDOWS\system32\yvedjivk.iniC:\WINDOWS\system32\chvokniv.iniC:\WINDOWS\system32\kuksxxcb.iniC:\WINDOWS\system32\cplnhcva.iniC:\WINDOWS\system32\tshasmqt.iniC:\WINDOWS\system32\btrbhmjv.iniC:\WINDOWS\system32\ciyhycsy.iniC:\WINDOWS\system32\iipifjeg.iniC:\Program Files\Common Files\meqo43855.dllC:\WINDOWS\system32\mljgf.dllC:\WINDOWS\czwqaqrA.exeC:\windows\system32\podsregn.exeC:\windows\system32\rqrrspn.dllFolder::C:\WINDOWS\TWljaGVsbGURegistry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4991EFD5-91EC-450A-8E0C-F868007FDC9B}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69D1138B-EA15-4764-B837-511A31894C80}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71DC6AF1-96F7-484C-867E-A10AD075D213}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"czwqaqrA"=-"{70-0B-BD-D4-ZN}"=-[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrrspn]3. Save the above as CFScript.txt4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:Combofix.txt A new HijackThis log.Tell me how the computer is running. Link to post Share on other sites
Recommended Posts