TheTerrorist_75 Posted March 27, 2008 Report Share Posted March 27, 2008 I have a badly infected PC. Kids do not listen.It has taken me a couple of hours just to get into Windows. The infections removed admin privileges and disabled all of the Services. When I finally got into Windows an outdated version of McAfee kept popping up a warning about protector.exe and other bad files. The protector.exe warning about needing access wouldn't go away until I located the file and moved it to another folder.McAfee also warned about ntsystem.exe, spoolc.exe and exploeee.exe. McAfee could not remove or quarentine any of these. I ran Kaspersky online scan and included the log below. I aslo ran AdAware 2008 and Eset online scanner.I have uninstalled most of McAfee and outdated versions of Adobe Reader, Java and etc. I need to research some of the other programs in Add/Remove.Here are the initial HJT & Kaspersky logs. I will post the newest HJT log afterward.__________________________________________________________________________Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:40:26 PM, on 3/26/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Java\jre1.5.0_08\bin\jusched.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\Program Files\Dell Photo AIO Printer 942\memcard.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeC:\Program Files\McAfee.com\VSO\oasclnt.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exeC:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exeC:\Program Files\Common Files\AOL\1128385185\ee\AOLServiceHost.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Java\jre1.5.0_08\bin\jucheck.exeC:\WINDOWS\system32\msiexec.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Die MoFo\Die MoFo.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywayR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywayR3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllR3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dllR3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLLO2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLLO2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dllO2 - BHO: (no name) - {DABCE839-3831-3818-AF3A-3837BCD324D2} - C:\WINDOWS\system32\mspoolg.dllO3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exeO4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktaskO4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exeO4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embeddingO4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exeO4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startupO4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeO4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exeO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,SO4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exeO4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\ntsystem.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"O4 - HKLM\..\Run: [frun] C:\WINDOWS\derc32xz.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imAppO4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exeO4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\2.bin\m3IMPipe.exe"O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exeO4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeO4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exeO7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.htmlO8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm492YYUSO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dllO9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllO9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cabO20 - AppInit_DLLs: C:\WINDOWS\system32\hrum135.txtO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exeO23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exeO23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exeO23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exeO23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exeO23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeO23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing)O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe--End of file - 10895 bytesStartupList report, 3/26/2008, 7:41:55 PMStartupList version: 1.52.2Started from : C:\Die MoFo\Die MoFo.EXEDetected: Windows XP SP2 (WinNT 5.01.2600)Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)* Using default options==================================================Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Java\jre1.5.0_08\bin\jusched.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\Program Files\Dell Photo AIO Printer 942\memcard.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeC:\Program Files\McAfee.com\VSO\oasclnt.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exeC:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exeC:\Program Files\Common Files\AOL\1128385185\ee\AOLServiceHost.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Java\jre1.5.0_08\bin\jucheck.exeC:\WINDOWS\system32\msiexec.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Die MoFo\Die MoFo.exe--------------------------------------------------Listing of startup folders:Shell folders Common Startup:[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exeDigital Line Detect.lnk = ?Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeKODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exeQuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe--------------------------------------------------Checking Windows NT UserInit:[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]UserInit = C:\WINDOWS\system32\userinit.exe,--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RunSoundMAXPnP = C:\Program Files\Analog Devices\Core\smax4pnp.exeSunJavaUpdateSched = "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"UpdateManager = "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rmmtask = C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exeVSOCheckTask = "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktaskMCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exeMCUpdateExe = C:\PROGRA~1\mcafee.com\agent\McUpdate.exeRealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERQuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottimedla = C:\WINDOWS\system32\dla\tfswctrl.exeVirusScan Online = "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"Dell Photo AIO Printer 942 = "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"DellMCM = "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"MPSExe = C:\Program Files\McAfee.com\MPS\mscifapp.exe /embeddingMSKAGENTEXE = C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exeMSKDetectorExe = C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startupMPFExe = C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeOASClnt = C:\Program Files\McAfee.com\VSO\oasclnt.exeHostManager = C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exeigfxtray = C:\WINDOWS\system32\igfxtray.exeigfxhkcmd = C:\WINDOWS\system32\hkcmd.exeigfxpers = C:\WINDOWS\system32\igfxpers.exeMy Web Search Bar = rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,SMyWebSearch Email Plugin = C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exeQOELOADER = "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"gwiz = C:\WINDOWS\system32\ntsystem.exeiTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"eTrustPPAP = "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"frun = C:\WINDOWS\derc32xz.exe--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx(Default) = --------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\RunDellSupport = "C:\Program Files\DellSupport\DSAgnt.exe" /startupMSKAGENTEXE = C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exeMSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /backgroundAim6 = "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imAppMyWebSearch Email Plugin = C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exeMy Web Search Community Tools = "C:\Program Files\MyWebSearch\bar\2.bin\m3IMPipe.exe"Yahoo! Pager = "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet--------------------------------------------------Load/Run keys from C:\WINDOWS\WIN.INI:load=*INI section not found*run=*INI section not found*Load/Run keys from Registry:HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*HKCU\..\Windows NT\CurrentVersion\Windows: load=HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\WINDOWS\system32\hrum135.txt--------------------------------------------------Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:Shell=*INI section not found*SCRNSAVE.EXE=*INI section not found*drivers=*INI section not found*Shell & screensaver key from Registry:Shell=Explorer.exeSCRNSAVE.EXE=C:\WINDOWS\System32\logon.scrdrivers=*Registry value not found*Policies Shell key:HKCU\..\Policies: Shell=*Registry value not found*HKLM\..\Policies: Shell=*Registry value not found*--------------------------------------------------Enumerating Browser Helper Objects:(no name) - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL - {00A6FAF1-072E-44cf-8957-5838F569A31D}(no name) - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll - {4D25F921-B9FE-4682-BF72-8AB8210D6D75}(no name) - C:\WINDOWS\system32\mspoolg.dll - {DABCE839-3831-3818-AF3A-3837BCD324D2}--------------------------------------------------Enumerating Task Scheduler jobs:AppleSoftwareUpdate.job--------------------------------------------------Enumerating Download Program Files:[shockwave ActiveX Control]InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dllCODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab[{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]CODEBASE = http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab--------------------------------------------------Enumerating Windows NT logon/logoff scripts:*No scripts set to run*Windows NT checkdisk command:BootExecute = autocheck autochk *Windows NT 'Wininit.ini':PendingFileRenameOperations: C:\Documents and Settings\Lindy Calkins\Application Data\xvvid.nsf--------------------------------------------------Enumerating ShellServiceObjectDelayLoad items:PostBootReminder: C:\WINDOWS\system32\SHELL32.dllCDBurn: C:\WINDOWS\system32\SHELL32.dllWebCheck: C:\WINDOWS\system32\webcheck.dllSysTray: C:\WINDOWS\system32\stobject.dll--------------------------------------------------End of report, 10,034 bytesReport generated in 0.078 secondsCommand line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, March 26, 2008 11:17:08 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 27/03/2008 Kaspersky Anti-Virus database records: 665645-------------------------------------------------------------------------------Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: trueScan Target - My Computer: C:\ D:\ E:\Scan Statistics: Total number of scanned objects: 53508 Number of viruses found: 28 Number of infected objects: 61 Number of suspicious objects: 0 Duration of the scan process: 00:43:16Infected Object Name / Virus Name / Last ActionC:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skippedC:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd000.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skippedC:\Documents and Settings\Kenny Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfge.class-65499117-4bbb0955.class Infected: Trojan-Downloader.Java.OpenStream.y skippedC:\Documents and Settings\Kenny Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfgn.class-2a829977-40ec9a63.class Infected: Trojan-Downloader.Java.OpenStream.y skippedC:\Documents and Settings\Kenny Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-2a5c927e-55f6ecf9.zip/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skippedC:\Documents and Settings\Kenny Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-2a5c927e-55f6ecf9.zip/OwnClassLoader.class Infected: Trojan.Java.ClassLoader.au skippedC:\Documents and Settings\Kenny Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-2a5c927e-55f6ecf9.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skippedC:\Documents and Settings\Kenny Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-2a5c927e-55f6ecf9.zip ZIP: infected - 3 skippedC:\Documents and Settings\Kenny Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-50d4f5ca-1df3dbe9.zip/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skippedC:\Documents and Settings\Kenny Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-50d4f5ca-1df3dbe9.zip/OwnClassLoader.class Infected: Trojan.Java.ClassLoader.au skippedC:\Documents and Settings\Kenny Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-50d4f5ca-1df3dbe9.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skippedC:\Documents and Settings\Kenny Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-50d4f5ca-1df3dbe9.zip ZIP: infected - 3 skippedC:\Documents and Settings\Kenny Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-5e7eb989-21c99fb0.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skippedC:\Documents and Settings\Kenny Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-5e7eb989-21c99fb0.zip ZIP: infected - 1 skippedC:\Documents and Settings\Kenny Calkins\My Documents\New Folder\ntsystem.exe Infected: Trojan-Clicker.Win32.Agent.hg skippedC:\Documents and Settings\Lindy Calkins\Application Data\antivirus.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skippedC:\Documents and Settings\Lindy Calkins\Application Data\drvcleaner.exe Infected: not-a-virus:Downloader.Win32.WinFixer.m skippedC:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-637f0c3-5a5b704e.zip/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skippedC:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-637f0c3-5a5b704e.zip/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skippedC:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-637f0c3-5a5b704e.zip/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skippedC:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-637f0c3-5a5b704e.zip ZIP: infected - 3 skippedC:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-6dc09976-3f6a5a1b.zip/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skippedC:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-6dc09976-3f6a5a1b.zip/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skippedC:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-6dc09976-3f6a5a1b.zip/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skippedC:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-6dc09976-3f6a5a1b.zip ZIP: infected - 3 skippedC:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-50d4f5ca-596899d9.zip/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skippedC:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-50d4f5ca-596899d9.zip/OwnClassLoader.class Infected: Trojan.Java.ClassLoader.au skippedC:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-50d4f5ca-596899d9.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skippedC:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-50d4f5ca-596899d9.zip ZIP: infected - 3 skippedC:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-54fff5de-27d0f4d4.zip/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skippedC:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-54fff5de-27d0f4d4.zip/OwnClassLoader.class Infected: Trojan.Java.ClassLoader.au skippedC:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-54fff5de-27d0f4d4.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skippedC:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-54fff5de-27d0f4d4.zip ZIP: infected - 3 skippedC:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-14e46f0-4f430c3f.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skippedC:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-14e46f0-4f430c3f.zip ZIP: infected - 1 skippedC:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-4e3272d0-6ad4ef61.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skippedC:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-4e3272d0-6ad4ef61.zip ZIP: infected - 1 skippedC:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-5e7eb989-41a2f364.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skippedC:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-5e7eb989-41a2f364.zip ZIP: infected - 1 skippedC:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-4b9c0e39-799cc406.zip/OP.class Infected: Trojan-Downloader.Java.OpenStream.ab skippedC:\Documents and Settings\Lindy Calkins\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-4b9c0e39-799cc406.zip ZIP: infected - 1 skippedC:\Documents and Settings\Lindy Calkins\Cookies\INDEX.DAT Object is locked skippedC:\Documents and Settings\Lindy Calkins\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\Lindy Calkins\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\Lindy Calkins\Local Settings\History\History.IE5\INDEX.DAT Object is locked skippedC:\Documents and Settings\Lindy Calkins\Local Settings\History\History.IE5\MSHist012008032620080327\index.dat Object is locked skippedC:\Documents and Settings\Lindy Calkins\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skippedC:\Documents and Settings\Lindy Calkins\ntuser.dat Object is locked skippedC:\Documents and Settings\Lindy Calkins\ntuser.dat.LOG Object is locked skippedC:\Documents and Settings\Lindy Calkins\Shared\Eighties classic (comendy).wma Infected: Trojan-Downloader.WMA.Wimad.k skippedC:\Documents and Settings\Lindy Calkins\Shared\Eighties classic.wma Infected: Trojan-Downloader.WMA.Wimad.l skippedC:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\LocalService\ntuser.dat Object is locked skippedC:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skippedC:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skippedC:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skippedC:\Program Files\Uninstall Fun Web Products.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skippedC:\RECYCLER\S-1-5-21-2964191742-1540247971-618130885-500\Dc2.old Infected: Trojan.Win32.Qhost.my skippedC:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skippedC:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\change.log Object is locked skippedC:\WINDOWS\bagvdg.exe Infected: Trojan-Spy.Win32.BZub.bvu skippedC:\WINDOWS\ddexxz.exe Infected: Trojan-Downloader.Win32.Wixud.j skippedC:\WINDOWS\Debug\PASSWD.LOG Object is locked skippedC:\WINDOWS\devadwp.exe Infected: Trojan-Downloader.Win32.Wixud.j skippedC:\WINDOWS\dracee.exe Infected: Trojan-Spy.Win32.BZub.bun skippedC:\WINDOWS\exploeee.exe Object is locked skippedC:\WINDOWS\ksacre.exe Infected: Trojan-Proxy.Win32.Wopla.ao skippedC:\WINDOWS\mirar_distro_876260.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bj skippedC:\WINDOWS\svhjdsah.exe Infected: Trojan.Win32.Small.rt skippedC:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skippedC:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skippedC:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skippedC:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skippedC:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skippedC:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skippedC:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skippedC:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skippedC:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skippedC:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skippedC:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skippedC:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skippedC:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skippedC:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skippedC:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skippedC:\WINDOWS\SYSTEM32\hanonvt.ini Infected: Trojan-Downloader.Win32.Agent.bxx skippedC:\WINDOWS\SYSTEM32\hrum135.txt Infected: Trojan.Win32.Agent.ali skippedC:\WINDOWS\SYSTEM32\mskvtns.dll Infected: Trojan-Spy.Win32.BZub.bum skippedC:\WINDOWS\SYSTEM32\mspoolg.dll Infected: Trojan-Spy.Win32.BZub.bvq skippedC:\WINDOWS\SYSTEM32\ntio256.sys Infected: Rootkit.Win32.Agent.cf skippedC:\WINDOWS\SYSTEM32\ntoskrnl.dll Infected: Trojan.Win32.Agent.rx skippedC:\WINDOWS\SYSTEM32\ntsystem.exe Object is locked skippedC:\WINDOWS\SYSTEM32\spoolc.exe Object is locked skippedC:\WINDOWS\SYSTEM32\vtr135.dll Infected: Trojan-Downloader.Win32.Agent.bxx skippedC:\WINDOWS\SYSTEM32\vtr221.dll Infected: Trojan-Downloader.Win32.Agent.bxx skippedC:\WINDOWS\SYSTEM32\xlibgfl254.dll Infected: Trojan-Downloader.Win32.Agent.bfj skippedC:\WINDOWS\xlavra3.exe Infected: Trojan-Downloader.Win32.Wixud.b skippedC:\WINDOWS\xnnnav.exe Infected: SpamTool.Win32.Agent.du skippedScan process completed.------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, March 26, 2008 10:33:19 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 27/03/2008 Kaspersky Anti-Virus database records: 665645-------------------------------------------------------------------------------Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: trueScan Target - Memory:Scan Statistics: Total number of scanned objects: 1419 Number of viruses found: 2 Number of infected objects: 3 Number of suspicious objects: 0 Duration of the scan process: 00:00:26Infected Object Name / Virus Name / Last Action[0] [system Process] => C:\WINDOWS\system32\mspoolg.dll Infected: Trojan-Spy.Win32.BZub.bvq skipped[708] LSASS.EXE => C:\WINDOWS\system32\xlibgfl254.dll Infected: Trojan-Downloader.Win32.Agent.bfj skipped[1284] IEXPLORE.EXE => C:\WINDOWS\system32\mspoolg.dll Infected: Trojan-Spy.Win32.BZub.bvq skippedScan process completed. Link to post Share on other sites
TheTerrorist_75 Posted March 27, 2008 Author Report Share Posted March 27, 2008 Newest HJT log._________________________________________________________________Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:06:51 AM, on 3/27/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exeC:\Program Files\Common Files\AOL\1128385185\ee\AOLServiceHost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeC:\DOCUME~1\LINDYC~1\LOCALS~1\Temp\uninst.002C:\Die MoFo\Die MoFo.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywayR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywayR3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllR3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)O2 - BHO: (no name) - {DABCE839-3831-3818-AF3A-3837BCD324D2} - C:\WINDOWS\system32\mspoolg.dll (file missing)O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exeO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exeO7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.htmlO8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm492YYUSO9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cabO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cabO16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cabO20 - AppInit_DLLs: C:\WINDOWS\system32\hrum135.txtO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe--End of file - 3952 bytes Link to post Share on other sites
jwbirdsong Posted March 27, 2008 Report Share Posted March 27, 2008 TheTerrorist_75 Welcome to BestTechie. Sorry you had to visit under these circumstances. ROFLMAO.... Just couldn't resist that.Let's see if we can get you cleaned up the rest of the way.Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Close any open browsers.If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.Open the OTScanit folder and double-click on OTScanit.exe to start the program.Leave all the setting to the default except as noted belowCheck the box for Scan all user accountsUnder Additional Scans sections, check the followingReg - BotCheckReg - Disable MS Config items[*]Now click the Run Scan button on the toolbar.[*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.[*]When the scan is complete Notepad will open with the report file loaded in it.[*]Save that notepad fileIf the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here. Link to post Share on other sites
TheTerrorist_75 Posted March 28, 2008 Author Report Share Posted March 28, 2008 When trying to run OTScanIt I get the following errors. I'll disable AVG AV, AVY Anti-Rootkit and AVG Anti-Spyware and try again.Error loading process libraries & Invalid class stringI have been fighting this system most of yesterday morning and evening. I have finally gotten the Services to stay enabled.The main problem seems to be hrum135.txt which AVG indentifies as Trojan Horse General6.AIT Link to post Share on other sites
jwbirdsong Posted March 28, 2008 Report Share Posted March 28, 2008 Would you upload a copy of C:\WINDOWS\system32\hrum135.txt for me to HERE please.Most times when a txt file is found as infected it's just cuz of a string in the file. In you case not so sure. IF it really is a text file.Talking to OT about your error, he says he's seen that before when missing one of the crypo dll OR in your case I have finally gotten the Services to stay enabled. is Crypo svc running??If we can't get a log there let's try another routePlease visit the webpage HERE for instructions for downloading and running ComboFix.Post the log from ComboFix when you've accomplished that.If, for some reason you are unable to get the CF log do the following please.Deckard's System ScannerDownload Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.Double-click on dss.exe to run it, and follow the prompts.When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimizedCopy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.Please attach extra.txt to your post.To attach a file to a new post, simplyGo to the Atachments section on the post composition page.(just below the text entry window), andcopy and paste the following into the "Select a file" box: C:\Deckard\System Scanner\extra.txt Click Upload. What DSS will do: create a new System Restore point in Windows XP and Vista. clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives. check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed. Link to post Share on other sites
TheTerrorist_75 Posted March 28, 2008 Author Report Share Posted March 28, 2008 All necessary Services were started and I still got the errors with OTScanIt.AVG had removed hrum135.txtThe main Administrator account (Kenny) is still disabled so I had to use the other User account. Both accounts have some issues with permissions, but that is something that will need to be looked at after this POS is clean.I was able to install the Recovery Console through the I386 folder. It's a Dell PC.Here's the ComboFix log.ComboFix 08-03-27.1 - Lindy Calkins 2008-03-28 19:35:18.1 - NTFSx86Running from: C:\Documents and Settings\Lindy Calkins\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\inf\ultra.infC:\WINDOWS\system32\bszip.dllC:\WINDOWS\system32\drivers\Oknx64.sysC:\WINDOWS\system32\drivers\symavc32.sysC:\WINDOWS\system32\mgtcxedzc.dllC:\WINDOWS\system32\msdtexch.dll.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_NTIO256-------\Legacy_OKNX64((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 ))))))))))))))))))))))))))))))).2008-03-28 18:22 . 2008-03-28 18:22 <DIR> d-------- C:\Program Files\Dell Support Center2008-03-28 18:22 . 2008-03-28 18:22 <DIR> d-------- C:\Program Files\Common Files\supportsoft2008-03-28 18:22 . 2008-03-28 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft2008-03-28 17:55 . 2008-03-28 17:55 <DIR> d-------- C:\Documents and Settings\Kenny Calkins\Application Data\Grisoft2008-03-28 17:55 . 2008-03-28 18:17 <DIR> d-------- C:\Documents and Settings\Kenny Calkins\Application Data\AVG72008-03-28 15:32 . 2008-03-28 15:32 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG72008-03-27 17:56 . 2008-03-28 08:49 <DIR> d-------- C:\Documents and Settings\Lindy Calkins\Application Data\AVG72008-03-27 17:55 . 2008-03-27 17:55 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG72008-03-27 17:55 . 2008-03-28 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg72008-03-27 12:35 . 2008-03-27 12:35 <DIR> d-------- C:\Documents and Settings\Lindy Calkins\Application Data\Grisoft2008-03-27 12:35 . 2008-03-27 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft2008-03-27 12:35 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys2008-03-27 12:25 . 2007-01-18 08:00 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgArCln.sys2008-03-27 10:55 . 2008-03-27 10:56 <DIR> d-------- C:\Program Files\SpywareBlaster2008-03-27 10:55 . 2008-03-27 10:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP2008-03-27 10:55 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\SYSTEM32\MSSTDFMT.DLL2008-03-27 10:55 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\SYSTEM32\MSINET.OCX2008-03-27 10:35 . 2008-03-27 10:35 <DIR> d-------- C:\Program Files\CCleaner2008-03-26 21:27 . 2008-03-26 21:27 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab2008-03-26 21:27 . 2008-03-26 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab2008-03-26 21:21 . 2008-03-27 11:31 <DIR> d-------- C:\Program Files\EsetOnlineScanner2008-03-26 21:20 . 2008-03-27 11:30 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files2008-03-26 19:39 . 2008-03-28 09:18 <DIR> d-------- C:\Die MoFo2008-03-26 19:32 . 2008-03-26 19:32 <DIR> d-------- C:\Program Files\Lavasoft2008-03-26 19:32 . 2008-03-27 07:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft2008-03-26 19:31 . 2008-03-26 19:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard2008-03-26 19:18 . 2008-03-26 19:18 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles2008-03-26 19:06 . 2008-03-26 19:06 2,855 --a------ C:\WINDOWS\SYSTEM32\ntsystem.PIF2008-03-26 19:05 . 2008-03-26 19:05 <DIR> d--h----- C:\WINDOWS\PIF2008-03-26 18:58 . 2008-03-28 18:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell2008-03-26 18:52 . 2008-03-26 18:52 4,128 --a------ C:\INFCACHE.12008-03-26 18:51 . 2008-03-28 19:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn2008-03-26 18:51 . 2008-03-26 18:51 1,409 --a------ C:\WINDOWS\QTFont.for.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-03-27 11:49 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys2008-03-27 11:49 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys2008-03-27 11:49 12,632 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe2008-02-11 13:39 253,952 ----a-w C:\WINDOWS\SYSTEM32\OnlineScannerDLLA.dll2008-02-11 13:39 237,568 ----a-w C:\WINDOWS\SYSTEM32\OnlineScannerDLLW.dll2008-02-08 17:53 110,592 ----a-w C:\WINDOWS\SYSTEM32\OnlineScannerLang.dll2008-02-05 12:48 77,824 ----a-w C:\WINDOWS\SYSTEM32\OnlineScannerUninstaller.exe2007-07-16 15:42 374 ----a-w C:\Documents and Settings\Lindy Calkins\Application Data\internaldb6334.dat2007-06-24 20:02 2 ----a-w C:\Documents and Settings\Lindy Calkins\Application Data\xxx.exe2007-05-16 20:14 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Aim6"="" [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"HostManager"="C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exe" [2005-08-02 15:33 159832]"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-27 17:55 579072]"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 09:50 53248]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14 270648]"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]"DellMCM"="C:\Program Files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 10:08 262144]"Dell Photo AIO Printer 942"="C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2004-08-31 10:18 294912]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-04-13 02:45 26112]"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 16:42 1404928]"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-27 17:55 219136][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oknx64.sys]@=""[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"MskService"=2 (0x2)"MpfService"=2 (0x2)"mcupdmgr.exe"=3 (0x3)"McTskshd.exe"=2 (0x2)"McShield"=2 (0x2)"McDetect.exe"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\Common Files\\AOL\\1128385185\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe"=.Contents of the 'Scheduled Tasks' folder"2008-03-28 21:39:34 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"- C:\Program Files\Apple Software Update\SoftwareUpdate.exe.**************************************************************************catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-03-28 19:39:58Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfully hidden files: 0 **************************************************************************.------------------------ Other Running Processes ------------------------.C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeC:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exeC:\Program Files\Common Files\AOL\1128385185\ee\AOLServiceHost.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\wscntfy.exe.**************************************************************************.Completion time: 2008-03-28 19:42:48 - machine was rebooted [Lindy Calkins]ComboFix-quarantined-files.txt 2008-03-28 23:42:44Pre-Run: 147,428,499,456 bytes freePost-Run: 147,367,624,704 bytes free.2008-03-28 00:45:07 --- E O F --- Link to post Share on other sites
TheTerrorist_75 Posted March 29, 2008 Author Report Share Posted March 29, 2008 So far further scans haven't turned up any malware except for QooBox which is part of ComboFix. I have gained administrative control after running sfc /scannow and using Kelly's Korner. I am still going to wait to confirm this PC is absolutely clean before the kids get it back. I found a folder for Limewire hidden amongst their little brother's private folders. Link to post Share on other sites
jwbirdsong Posted March 29, 2008 Report Share Posted March 29, 2008 I have gained administrative control after running sfc /scannow and using Kelly's Korner.What a great site, huh. and sfc was comming up on my list of to do'sI'm gonna assume you've trashed the Limewire folder. Doesn't look like Limewire is current/active at least.Do you know what is in C:\Die MoFo folder? Just name is a little quirky... Could be from Trojan OR from you to KILL said Trojans. Only thing I see off hand is C:\Documents and Settings\Lindy Calkins\Application Data\xxx.exe.If unknown to you perhaps check it at VirusTotal and remove if infected.I'm also not certian on this Safeboot key [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oknx64.sys]@=""I'll look into it.I'd also like one other/last Online opinion when you have time.Please run the F-Secure Online ScannerNote: This Scanner is for Internet Explorer Only!Click on the Start Scanning button at bottom of page.Accept the License Agreement and the ActiveX install.Once the ActiveX installs,Click Full System ScanOnce the download completes,the scan will begin automatically.The scan will take some time to finish,so please be patient.When the scan completes, click the Automatic cleaning (recommended) button.Click the Show Report button and Copy&Paste the entire report to your Desktop for later posting.Post Fsecure resultsFresh Dss log (main.txt only) in your next reply.PS Also You've kept/got McAfee disabled instead of uninstalled. By choice? Still valid perhaps and just as a backup?? No harm just curious. Link to post Share on other sites
TheTerrorist_75 Posted March 29, 2008 Author Report Share Posted March 29, 2008 Die MoFo is HJT renamed. Just in case one of the infections tried to block it from running. I discovered the Host file was loaded with all of the anti-malware sites. Limewire was deleted along with all of it's sub folders and files. Oknx64.sys was QooBox. AVG removed it this morning when I started the PC.I will check that xxx.exe file and run F-Secure when I hook that PC back up. I am down to one monitor so I have to switch between mine and theirs.I have been trying to completely remove McAfee. I still have to search the registry for it's entries. I ran their removal program besides Add/Remove Programs and searched manually, but it is still intertwined throughout the Dell. As far as I am concerned McAfee is just as bad as an infection. Link to post Share on other sites
TheTerrorist_75 Posted March 30, 2008 Author Report Share Posted March 30, 2008 xxx.exeMD5: 81051bcc2cf1bedf378224b0a93e2877 Date: 03.30.2008 00:46:33 (CET) [<1D] Results: 0/32 Permalink: analisis/87dba1062f01d9ae77f474c569dad2d8 http://www.virustotal.com/analisis/87dba10...7f474c569dad2d8Jotti finds nothing wrong with the file.http://www.liutilities.com/products/wintas...esslibrary/xxx/xxx.exe - xxx - Process InformationProcess Name: Downloader.W32.Delfxxx.exe is registered as a downloader. This process usually comes bundled with a virus or spyware and its main role is to do nothing other than download other viruses/spyware to your computer. I have manually deleted it.Preparing to run other scans. Link to post Share on other sites
TheTerrorist_75 Posted March 30, 2008 Author Report Share Posted March 30, 2008 Here are the F-Secure & DSS scan logs.Scanning ReportSunday, March 30, 2008 09:13:48 - 10:13:51Computer name: KENNY Scanning type: Scan system for malware, rootkits Target: C:\ --------------------------------------------------------------------------------Result: 0 malware found--------------------------------------------------------------------------------StatisticsScanned:Files: 37401 System: 3810 Not scanned: 7 Actions:Disinfected: 0 Renamed: 0 Deleted: 0 None: 0 Submitted: 0 Files not scanned:C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{7F515B08-B1E0-43C1-AFF1-640121EF52BC}.BIN Deckard's System Scanner v20071014.68Run by Lindy Calkins on 2008-03-30 10:23:08Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 3 Restore Point(s) --3: 2008-03-30 14:23:19 UTC - RP3 - Deckard's System Scanner Restore Point2: 2008-03-29 01:42:40 UTC - RP2 - Removed My Way Search Assistant1: 2008-03-28 23:40:38 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 510 MiB (512 MiB recommended).-- HijackThis (run as Lindy Calkins.exe) ---------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:24:47 AM, on 3/30/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Dell Photo AIO Printer 942\memcard.exeC:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exeC:\Program Files\Common Files\AOL\1128385185\ee\AOLServiceHost.exeC:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exeC:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Documents and Settings\Lindy Calkins\Desktop\dss.exeC:\DIEMOF~1\Lindy Calkins.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - Global Startup: AutorunsDisabledO8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.htmlO8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm492YYUSO9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cabO16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cabO16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cabO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeO24 - Desktop Component 0: (no name) - (no file)--End of file - 6924 bytes-- HijackThis Fixed Entries (C:\DIEMOF~1\backups\) -----------------------------backup-20080327-120810-322 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cabbackup-20080327-120811-192 O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum135.txt-- File Associations -----------------------------------------------------------All associations okay.-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>S3 catchme - c:\docume~1\lindyc~1\locals~1\temp\catchme.sys (file missing)S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenterS3 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>-- Device Manager: Disabled ----------------------------------------------------No disabled devices found.-- Scheduled Tasks -------------------------------------------------------------2008-03-28 17:39:34 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job-- Files created between 2008-02-29 and 2008-03-30 -----------------------------2008-03-30 09:11:17 0 d-------- C:\fsaua.data2008-03-30 08:57:53 0 dr-h----- C:\Documents and Settings\Kenny Calkins\Recent2008-03-29 10:07:03 0 dr-h----- C:\Documents and Settings\Lindy Calkins\Recent2008-03-28 19:34:48 68096 --a------ C:\WINDOWS\system32\zip.exe2008-03-28 19:34:48 98816 --a------ C:\WINDOWS\system32\sed.exe2008-03-28 19:34:48 80412 --a------ C:\WINDOWS\system32\grep.exe2008-03-28 19:34:48 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >2008-03-28 19:25:49 0 dr-hs---- C:\cmdcons2008-03-28 19:25:48 0 d-------- C:\WINDOWS\setup.pss2008-03-28 19:25:36 0 d-------- C:\WINDOWS\setupupd2008-03-28 18:22:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft2008-03-28 18:22:26 0 d-------- C:\Program Files\Dell Support Center2008-03-28 18:22:25 0 d-------- C:\Program Files\Common Files\supportsoft2008-03-28 17:55:47 0 d-------- C:\Documents and Settings\Kenny Calkins\Application Data\Grisoft2008-03-28 17:55:46 0 d-------- C:\Documents and Settings\Kenny Calkins\Application Data\AVG72008-03-28 15:32:17 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG72008-03-27 18:17:52 0 dr-h----- C:\$VAULT$.AVG2008-03-27 17:56:03 0 d-------- C:\Documents and Settings\Lindy Calkins\Application Data\AVG72008-03-27 17:55:22 0 d-------- C:\Documents and Settings\NetworkService\Application Data\AVG72008-03-27 17:55:09 0 d-------- C:\Documents and Settings\All Users\Application Data\avg72008-03-27 12:35:18 0 d-------- C:\Documents and Settings\Lindy Calkins\Application Data\Grisoft2008-03-27 12:35:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft2008-03-27 10:55:44 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP2008-03-27 10:55:39 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>2008-03-27 10:55:38 0 d-------- C:\Program Files\SpywareBlaster2008-03-27 10:35:12 0 d-------- C:\Program Files\CCleaner2008-03-27 07:34:06 0 dr------- C:\Documents and Settings\NetworkService\Favorites2008-03-26 21:27:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab2008-03-26 21:27:53 0 d-------- C:\WINDOWS\system32\Kaspersky Lab2008-03-26 21:21:09 0 d-------- C:\Program Files\EsetOnlineScanner2008-03-26 21:20:19 0 d---s---- C:\WINDOWS\Downloaded Program Files2008-03-26 19:39:08 0 d-------- C:\Die MoFo2008-03-26 19:36:52 0 d-------- C:\WINDOWS\pss2008-03-26 19:32:42 0 d-------- C:\Program Files\Lavasoft2008-03-26 19:32:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft2008-03-26 19:31:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard2008-03-26 19:18:47 0 d-------- C:\WINDOWS\system32\LogFiles2008-03-26 19:06:27 2855 --a------ C:\WINDOWS\system32\ntsystem.PIF2008-03-26 19:05:30 0 d--h----- C:\WINDOWS\PIF2008-03-26 18:58:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Dell-- Find3M Report ---------------------------------------------------------------2008-03-28 18:22:25 0 d-------- C:\Program Files\Common Files2008-03-27 17:51:07 0 d-------- C:\Documents and Settings\Lindy Calkins\Application Data\Adobe2008-02-11 09:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>2008-02-11 09:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>2008-02-08 13:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>2008-02-05 08:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"HostManager"="C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exe" [08/02/2005 03:33 PM]"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03/27/2008 05:55 PM]"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 09:50 AM]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/28/2007 09:14 AM]"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 10:35 AM]"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 10:36 AM]"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 10:32 AM]"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05 AM]"DellMCM"="C:\Program Files\Dell Photo AIO Printer 942\memcard.exe" [07/27/2004 10:08 AM]"Dell Photo AIO Printer 942"="C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe" [08/31/2004 10:18 AM]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [04/13/2005 02:45 AM]"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 04:42 PM]"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 02:01 AM]"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Aim6"="" [][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"DisableRegistryTools"=0 (0x0)"HideLegacyLogonScripts"=0 (0x0)"HideLogoffScripts"=0 (0x0)"RunLogonScriptSync"=1 (0x1)"RunStartupScriptSync"=1 (0x1)"HideStartupScripts"=0 (0x0)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"HideLegacyLogonScripts"=0 (0x0)"HideLogoffScripts"=0 (0x0)"RunLogonScriptSync"=1 (0x1)"RunStartupScriptSync"=1 (0x1)"HideStartupScripts"=0 (0x0)"DisableRegistryTools"=0 (0x0)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oknx64.sys"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"MskService"=2 (0x2)"MpfService"=2 (0x2)"mcupdmgr.exe"=3 (0x3)"McTskshd.exe"=2 (0x2)"McShield"=2 (0x2)"McDetect.exe"=2 (0x2)*Newly Created Service* - F-SECURE_STANDALONE_MINIFILTER-- End of Deckard's System Scanner: finished at 2008-03-30 10:25:29 ------------ Link to post Share on other sites
TheTerrorist_75 Posted March 31, 2008 Author Report Share Posted March 31, 2008 All anti-virus online and installed come up clean. Here are the latest DSS scans from both admin accounts. Nothing bad stands out to me. Is it time to return this darn Dell and yell at the kids to stop downloading crap?Deckard's System Scanner v20071014.68Run by Kenny Calkins on 2008-03-31 18:22:09Computer is in Normal Mode.--------------------------------------------------------------------------------Total Physical Memory: 510 MiB (512 MiB recommended).-- HijackThis (run as Kenny Calkins.exe) ---------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:22:24 PM, on 3/31/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Dell Photo AIO Printer 942\memcard.exeC:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Common Files\Sonic\Update Manager\sgtray.exeC:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exeC:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exeC:\Program Files\Common Files\AOL\1128385185\ee\AOLServiceHost.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\Kenny Calkins\Desktop\dss.exeC:\HIJACK~1\KENNYC~1.EXER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywayR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - Global Startup: AutorunsDisabledO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.htmlO8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm492YYUSO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cabO16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cabO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cabO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe--End of file - 8033 bytes-- Files created between 2008-02-29 and 2008-03-31 -----------------------------2008-03-31 18:21:03 0 dr-h----- C:\Documents and Settings\Kenny Calkins\Recent2008-03-31 17:57:48 0 dr-h----- C:\Documents and Settings\Lindy Calkins\Recent2008-03-31 11:07:11 0 d-------- C:\Program Files\Java2008-03-31 11:06:34 0 d-------- C:\Program Files\Common Files\Java2008-03-31 11:00:09 0 d-------- C:\Program Files\jv16 PowerTools2008-03-31 10:36:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe2008-03-30 09:11:17 0 d-------- C:\fsaua.data2008-03-28 19:34:48 68096 --a------ C:\WINDOWS\system32\zip.exe2008-03-28 19:34:48 98816 --a------ C:\WINDOWS\system32\sed.exe2008-03-28 19:34:48 80412 --a------ C:\WINDOWS\system32\grep.exe2008-03-28 19:34:48 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >2008-03-28 19:25:49 0 dr-hs---- C:\cmdcons2008-03-28 19:25:48 0 d-------- C:\WINDOWS\setup.pss2008-03-28 19:25:36 0 d-------- C:\WINDOWS\setupupd2008-03-28 18:22:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft2008-03-28 18:22:26 0 d-------- C:\Program Files\Dell Support Center2008-03-28 18:22:25 0 d-------- C:\Program Files\Common Files\supportsoft2008-03-28 17:55:47 0 d-------- C:\Documents and Settings\Kenny Calkins\Application Data\Grisoft2008-03-28 17:55:46 0 d-------- C:\Documents and Settings\Kenny Calkins\Application Data\AVG72008-03-28 15:32:17 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG72008-03-27 18:17:52 0 dr-h----- C:\$VAULT$.AVG2008-03-27 17:56:03 0 d-------- C:\Documents and Settings\Lindy Calkins\Application Data\AVG72008-03-27 17:55:22 0 d-------- C:\Documents and Settings\NetworkService\Application Data\AVG72008-03-27 17:55:09 0 d-------- C:\Documents and Settings\All Users\Application Data\avg72008-03-27 12:35:18 0 d-------- C:\Documents and Settings\Lindy Calkins\Application Data\Grisoft2008-03-27 12:35:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft2008-03-27 10:55:44 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP2008-03-27 10:55:39 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>2008-03-27 10:55:38 0 d-------- C:\Program Files\SpywareBlaster2008-03-27 10:35:12 0 d-------- C:\Program Files\CCleaner2008-03-27 07:34:06 0 dr------- C:\Documents and Settings\NetworkService\Favorites2008-03-26 21:27:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab2008-03-26 21:27:53 0 d-------- C:\WINDOWS\system32\Kaspersky Lab2008-03-26 21:21:09 0 d-------- C:\Program Files\EsetOnlineScanner2008-03-26 21:20:19 0 d---s---- C:\WINDOWS\Downloaded Program Files2008-03-26 19:39:08 0 d-------- C:\HijackThis2008-03-26 19:36:52 0 d-------- C:\WINDOWS\pss2008-03-26 19:32:42 0 d-------- C:\Program Files\Lavasoft2008-03-26 19:32:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft2008-03-26 19:31:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard2008-03-26 19:18:47 0 d-------- C:\WINDOWS\system32\LogFiles2008-03-26 19:06:27 2855 --a------ C:\WINDOWS\system32\ntsystem.PIF2008-03-26 19:05:30 0 d--h----- C:\WINDOWS\PIF2008-03-26 18:58:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Dell-- Find3M Report ---------------------------------------------------------------2008-03-31 11:06:34 0 d-------- C:\Program Files\Common Files2008-03-31 10:48:07 0 d-------- C:\Program Files\Common Files\Adobe2008-03-27 11:20:03 0 d-------- C:\Documents and Settings\Kenny Calkins\Application Data\Adobe2008-02-11 09:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>2008-02-11 09:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>2008-02-08 13:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>2008-02-05 08:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"HostManager"="C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exe" [08/02/2005 03:33 PM]"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03/27/2008 05:55 PM]"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 09:50 AM]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/28/2007 09:14 AM]"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 10:35 AM]"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 10:36 AM]"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 10:32 AM]"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05 AM]"DellMCM"="C:\Program Files\Dell Photo AIO Printer 942\memcard.exe" [07/27/2004 10:08 AM]"Dell Photo AIO Printer 942"="C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe" [08/31/2004 10:18 AM]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [04/13/2005 02:45 AM]"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 04:42 PM]"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 02:01 AM]"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"DisableRegistryTools"=0 (0x0)"HideLegacyLogonScripts"=0 (0x0)"HideLogoffScripts"=0 (0x0)"RunLogonScriptSync"=1 (0x1)"RunStartupScriptSync"=1 (0x1)"HideStartupScripts"=0 (0x0)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"DisableRegistryTools"=0 (0x0)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoWindowsUpdate"=1 (0x1)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]@="Service"-- End of Deckard's System Scanner: finished at 2008-03-31 18:22:50 ------------Deckard's System Scanner v20071014.68Run by Lindy Calkins on 2008-03-31 18:27:44Computer is in Normal Mode.--------------------------------------------------------------------------------Total Physical Memory: 510 MiB (512 MiB recommended).-- HijackThis (run as Lindy Calkins.exe) ---------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:27:51 PM, on 3/31/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exeC:\Program Files\Common Files\AOL\1128385185\ee\AOLServiceHost.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Dell Photo AIO Printer 942\memcard.exeC:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exeC:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Common Files\Sonic\Update Manager\sgtray.exeC:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Documents and Settings\Lindy Calkins\Desktop\dss.exeC:\HIJACK~1\LINDYC~1.EXER1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - Global Startup: AutorunsDisabledO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.htmlO8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm492YYUSO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cabO16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cabO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cabO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe--End of file - 7873 bytes-- Files created between 2008-02-29 and 2008-03-31 -----------------------------2008-03-31 18:21:03 0 dr-h----- C:\Documents and Settings\Kenny Calkins\Recent2008-03-31 17:57:48 0 dr-h----- C:\Documents and Settings\Lindy Calkins\Recent2008-03-31 11:07:11 0 d-------- C:\Program Files\Java2008-03-31 11:06:34 0 d-------- C:\Program Files\Common Files\Java2008-03-31 11:00:09 0 d-------- C:\Program Files\jv16 PowerTools2008-03-31 10:36:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe2008-03-30 09:11:17 0 d-------- C:\fsaua.data2008-03-28 19:34:48 68096 --a------ C:\WINDOWS\system32\zip.exe2008-03-28 19:34:48 98816 --a------ C:\WINDOWS\system32\sed.exe2008-03-28 19:34:48 80412 --a------ C:\WINDOWS\system32\grep.exe2008-03-28 19:34:48 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >2008-03-28 19:25:49 0 dr-hs---- C:\cmdcons2008-03-28 19:25:48 0 d-------- C:\WINDOWS\setup.pss2008-03-28 19:25:36 0 d-------- C:\WINDOWS\setupupd2008-03-28 18:22:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft2008-03-28 18:22:26 0 d-------- C:\Program Files\Dell Support Center2008-03-28 18:22:25 0 d-------- C:\Program Files\Common Files\supportsoft2008-03-28 17:55:47 0 d-------- C:\Documents and Settings\Kenny Calkins\Application Data\Grisoft2008-03-28 17:55:46 0 d-------- C:\Documents and Settings\Kenny Calkins\Application Data\AVG72008-03-28 15:32:17 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG72008-03-27 18:17:52 0 dr-h----- C:\$VAULT$.AVG2008-03-27 17:56:03 0 d-------- C:\Documents and Settings\Lindy Calkins\Application Data\AVG72008-03-27 17:55:22 0 d-------- C:\Documents and Settings\NetworkService\Application Data\AVG72008-03-27 17:55:09 0 d-------- C:\Documents and Settings\All Users\Application Data\avg72008-03-27 12:35:18 0 d-------- C:\Documents and Settings\Lindy Calkins\Application Data\Grisoft2008-03-27 12:35:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft2008-03-27 10:55:44 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP2008-03-27 10:55:39 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>2008-03-27 10:55:38 0 d-------- C:\Program Files\SpywareBlaster2008-03-27 10:35:12 0 d-------- C:\Program Files\CCleaner2008-03-27 07:34:06 0 dr------- C:\Documents and Settings\NetworkService\Favorites2008-03-26 21:27:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab2008-03-26 21:27:53 0 d-------- C:\WINDOWS\system32\Kaspersky Lab2008-03-26 21:21:09 0 d-------- C:\Program Files\EsetOnlineScanner2008-03-26 21:20:19 0 d---s---- C:\WINDOWS\Downloaded Program Files2008-03-26 19:39:08 0 d-------- C:\HijackThis2008-03-26 19:36:52 0 d-------- C:\WINDOWS\pss2008-03-26 19:32:42 0 d-------- C:\Program Files\Lavasoft2008-03-26 19:32:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft2008-03-26 19:31:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard2008-03-26 19:18:47 0 d-------- C:\WINDOWS\system32\LogFiles2008-03-26 19:06:27 2855 --a------ C:\WINDOWS\system32\ntsystem.PIF2008-03-26 19:05:30 0 d--h----- C:\WINDOWS\PIF2008-03-26 18:58:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Dell-- Find3M Report ---------------------------------------------------------------2008-03-31 11:06:34 0 d-------- C:\Program Files\Common Files2008-03-31 10:48:07 0 d-------- C:\Program Files\Common Files\Adobe2008-03-31 10:42:54 0 d-------- C:\Documents and Settings\Lindy Calkins\Application Data\Adobe2008-02-11 09:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>2008-02-11 09:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>2008-02-08 13:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>2008-02-05 08:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"HostManager"="C:\Program Files\Common Files\AOL\1128385185\ee\AOLHostManager.exe" [08/02/2005 03:33 PM]"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03/27/2008 05:55 PM]"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 09:50 AM]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/28/2007 09:14 AM]"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 10:35 AM]"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 10:36 AM]"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 10:32 AM]"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05 AM]"DellMCM"="C:\Program Files\Dell Photo AIO Printer 942\memcard.exe" [07/27/2004 10:08 AM]"Dell Photo AIO Printer 942"="C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe" [08/31/2004 10:18 AM]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [04/13/2005 02:45 AM]"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 04:42 PM]"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 02:01 AM]"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Aim6"="" [][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"DisableRegistryTools"=0 (0x0)"HideLegacyLogonScripts"=0 (0x0)"HideLogoffScripts"=0 (0x0)"RunLogonScriptSync"=1 (0x1)"RunStartupScriptSync"=1 (0x1)"HideStartupScripts"=0 (0x0)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"HideLegacyLogonScripts"=0 (0x0)"HideLogoffScripts"=0 (0x0)"RunLogonScriptSync"=1 (0x1)"RunStartupScriptSync"=1 (0x1)"HideStartupScripts"=0 (0x0)"DisableRegistryTools"=0 (0x0)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]@="Service"-- End of Deckard's System Scanner: finished at 2008-03-31 18:28:16 ------------ Link to post Share on other sites
jwbirdsong Posted April 1, 2008 Report Share Posted April 1, 2008 (edited) s it time to return this darn Dell and yell at the kids to stop downloading crap?Yes it is....to both.I tried to post yesterday and had some major issues, sorry for the delay.Time for some housekeeping Click START then RUN Now type Combofix /u in the runbox and click OKThe above procedure will: Delete the following: ComboFix and its associated files and folders. VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present[*] Reset the clock settings.[*] Hide file extensions, if required.[*] Hide System/Hidden files, if required.[*] Reset System Restore.I'm going to forgot the USUAL closing speech for you for couple of reasons. You've got most tools already. You've read enough of then here over last few year you know as well I do.You also know you own mind and know what your system (read kid) needs on it.One thing I did say in the post that never made it on yesterday is the following.Result: 0 malware foundIn the many months I've been using this scanner this is a 1st for me.LOTS of times I'll get a result of 1 found (cookies) but never a zero...even on my own boxes.Good jobGlad I was able to help you a bit..if you need any other help/question let me know. Edited April 1, 2008 by jwbirdsong Link to post Share on other sites
TheTerrorist_75 Posted April 1, 2008 Author Report Share Posted April 1, 2008 Thanks jw. Between your help and what I remember from the tests at GeekU I'd say this PC got a thorough cleaning and is locked down. Thanks again.This can be locked. Link to post Share on other sites
jwbirdsong Posted April 1, 2008 Report Share Posted April 1, 2008 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts